// Data handling

Privacy & data flow.

Nyx Fund handles sensitive material — encrypted exchange keys, wallet data, and portfolio positions. This page is a plain-English map of exactly what we collect, why, and every third party your data touches.

!

This is a product-accurate template, not legal advice. Before relying on it commercially, have it reviewed by counsel for your jurisdiction (GDPR / UK-GDPR / CCPA as applicable).

Last updated · 5 June 2026
01

Overview

Nyx Fund (“Nyx”, “we”) provides portfolio intelligence and LP reporting for crypto hedge funds. We collect only what we need to run that service for you, we encrypt the sensitive parts, and we never sell your data. This policy explains the specifics.

02

Data we collect

AccountName, email, and fund name — captured at sign-up via Supabase Auth.
Exchange API keysEncrypted at rest with AES-256-GCM before they ever hit our database. We ask only for read-only keys — no withdrawal or trading permission.
Wallet addressesPublic, read-only addresses you choose to connect. We read on-chain balances; we never request private keys or seed phrases.
Portfolio dataPositions, balances, and NAV history pulled from the accounts you connect, used to build your dashboard and reports.
Payment dataHandled by Stripe. We store a customer reference and subscription status only — card numbers never touch our servers.
TechnicalSession cookies for authentication, plus standard request logs (IP, user agent) retained briefly for security.
03

How we use it

We use your data strictly to operate the product you signed up for:

  • Aggregate positions across exchanges and wallets into a live dashboard.
  • Generate AI-written LP reports from your actual performance.
  • Evaluate risk thresholds and send you alert emails when they breach.
  • Answer questions about your own portfolio in the AI chat.

We do not use your portfolio data for advertising, and we do not sell it to anyone.

04

Where your data flows

Running Nyx means trusting a small set of specialist providers (“sub-processors”). Here is the live map — what each one receives, and why.

Source node
Your encrypted data
distributed to 8 sub-processors ↓
SupabaseInfrastructure
ReceivesAccount data, encrypted API keys, positions
PurposeDatabase, authentication & storage
VercelHosting
ReceivesHTTP requests, runtime logs
PurposeServes the application
StripePayments
ReceivesName, email, tokenised card
PurposeSubscription billing — we never see card numbers
ResendEmail
ReceivesEmail address, report content
PurposeTransactional email & LP report delivery
AlchemyOn-chain
ReceivesPublic wallet addresses
PurposeRead-only wallet balances & positions
OpenRouterAI gateway
ReceivesPortfolio context
PurposeRoutes prompts to language models
AnthropicAI model
ReceivesPortfolio context
PurposeGenerates LP reports & chat answers
ElevenLabsVoice
ReceivesChat response text
PurposeText-to-speech for voice mode
05

AI processing

To write reports and answer questions, we send relevant portfolio context to AI providers (OpenRouter, routing to Anthropic). This is the one place your figures leave our infrastructure for processing.

  • Only the context needed for the task is sent — never your API keys or credentials.
  • Inputs are processed through provider APIs, which under their terms are not used to train their models.
  • Voice mode additionally sends generated response text to ElevenLabs for speech.
06

Security & encryption

Exchange API secrets are encrypted with AES-256-GCM before storage, and are decryptable only with a server-side key that never reaches your browser. Every fund is isolated at the database layer with row-level security, and all traffic is encrypted in transit.

Your API key at rest
sk_live_a3f08b1c94e7d250
AES-256-GCM · decryptable only with the server key — never in your browser
07

Data retention

We keep your data for as long as your account is active. Close your account and we delete your portfolio data, connected accounts, and encrypted keys. Some records (e.g. billing) may be retained where law requires.

08

Your rights

You can, at any time:

  • Access and export the data we hold about you.
  • Correct inaccurate account details from settings.
  • Delete your account and associated data.
  • Disconnect any exchange or wallet, which removes its stored credentials.

To exercise any of these, email jack@nyxchain.org.

09

Cookies

We use first-party Supabase session cookies to keep you signed in. We do not run third-party advertising or cross-site tracking cookies.

10

Contact

Questions about this policy or your data? Reach the founders directly at jack@nyxchain.org, or open a channel from the contact page.