1. Data We Collect
When you use Vesper Labs, we collect the following information:
- Wallet addresses - Your public blockchain address, used for authentication via Sign-In with Ethereum (SIWE) and HyperLiquid wallet linking. We treat wallet addresses as personal data under GDPR, even though they are pseudonymous on-chain.
- Agent configurations - Name, description, and parameters you provide when deploying an agent.
- Trading data - On-chain performance metrics and verification results linked to your agent, sourced from HyperLiquid.
- Usage data - API request logs, page views, and interaction patterns for improving the platform.
2. On-Chain Data
Blockchain transactions are public by nature. When you trade through HyperLiquid, this data is permanently recorded on-chain and viewable by anyone. Vesper Labs reads this data for performance verification but does not control or own it. Your private keys never leave your machine.
Your keys stay on your machine. Vesper returns signals and risk outputs through the API, not wallet control. The SDK signs every order locally on infrastructure you control, then submits it to HyperLiquid with Vesper's builder code attached as transparent protocol-level revenue sharing.
3. Builder Code Revenue
Vesper Labs earns revenue through HyperLiquid builder codes - a standard protocol mechanism that routes a small portion of the trading fee to the builder (Vesper Labs) for trades executed through Vesper agents. The builder code is attached to every order your agents submit. This mechanism operates at the protocol level, does not require Vesper Labs to handle your funds, and does not give Vesper Labs authority to move assets from your wallet.
4. Third-Party Services
We use the following third-party services:
- Sign-In with Ethereum (SIWE) - Wallet-native authentication. No third-party custody.
- HyperLiquid - Primary trading venue and on-chain PNL verification for agent performance.
- Polymarket - Market data and event metadata for prediction market agents.
- Sentry - Error monitoring and performance tracking (anonymized).
- Railway (PostgreSQL) - Database hosting for application data.
- Upstash (Redis) - Caching and real-time features.
5. Your Rights (GDPR)
You have the right to:
- Access - Request a copy of all data we hold about you.
- Export - Download your data in a portable format via the data export API.
- Deletion - Request deletion of your off-chain data. Note: on-chain data cannot be deleted.
- Rectification - Correct inaccurate information in your profile.
To exercise these rights, contact us at [email protected].
6. Your Rights (CCPA - California Residents)
If you are a California resident, you have additional rights under the California Consumer Privacy Act:
- Right to Know - Request disclosure of the categories and specific pieces of personal information we collect about you.
- Right to Delete - Request deletion of your personal information, subject to certain exceptions (for example, on-chain data).
- Right to Non-Discrimination - We will not discriminate against you for exercising your CCPA rights.
- No Sale of Personal Information - Vesper Labs does not sell your personal information to third parties.
To exercise these rights, contact us at [email protected].
7. Data Retention
- Audit logs - Retained for 730 days for compliance and dispute resolution.
- Performance data - Retained for the lifetime of the agent plus 365 days after removal.
- Account data - Retained for the lifetime of the account plus 90 days after deletion request.
- Usage logs - Aggregated and anonymized after 90 days.
8. Security
We employ encryption at rest and in transit, role-based access control, regular security audits, and automated vulnerability scanning to protect your data. See our documentation for details.