This Privacy Policy ("Policy") describes how the operators of the Sumo platform ("Sumo," "we," "us," or "our") collect, use, store, protect, and share information when you access or use the Sumo platform, including the web application at app.sumo.trade, documentation at docs.sumo.trade, the Sumo API, and any associated Telegram bot integrations (collectively, the "Platform").
By using the Platform, you acknowledge that you have read and understood this Policy. If you do not agree with our data practices, you must stop using the Platform.
| Data Type | When Collected | Purpose |
|---|---|---|
| Email address | Account registration | Authentication, password recovery, notifications |
| Password (hashed) | Account registration | Authentication |
| Organization name | Organization setup | Multi-tenant identification |
| Project configuration | Profile creation | Token pair, DEX, chain, and strategy settings |
| Telegram user ID | Telegram bot linking | Bot command authorization, notifications |
| Data Type | When Generated | Purpose |
|---|---|---|
| Wallet addresses | Wallet generation or import | On-chain operations, balance tracking |
| Encrypted seed phrases and private keys | Wallet generation or import | Transaction signing (encrypted at rest) |
| Trading strategy configurations | Strategy creation | Automated strategy execution |
| Order and trade records | Strategy execution | Performance analytics, audit trail |
| Transaction signatures | On-chain execution | Confirmation tracking, reporting |
| Cashout and treasury records | Treasury operations | Fund movement tracking, audit trail |
| Balance snapshots | Periodic polling | Dashboard display, analytics |
| Audit logs | All significant actions | Security monitoring, compliance |
| Data Type | Collection Method | Purpose |
|---|---|---|
| IP address | Server access logs | Rate limiting, abuse prevention |
| Browser type and version | HTTP headers | Compatibility, debugging |
| Device information | HTTP headers | Compatibility, debugging |
| Access timestamps | Server logs | Security monitoring |
| API request metadata | Server logs | Performance monitoring, debugging |
We do not use third-party advertising trackers or sell your data to advertisers.
Platform Operation — Authenticating your identity, executing trading strategies, signing blockchain transactions, processing cashouts, delivering Telegram notifications, and displaying wallet balances and analytics.
Security and Integrity — Detecting and preventing unauthorized access, fraud, and abuse. Enforcing rate limits. Maintaining audit logs. Monitoring for anomalous activity.
Platform Improvement — Diagnosing technical issues, monitoring system performance, and improving user experience based on aggregated, non-identifying usage patterns.
Communication — Sending transactional notifications, responding to support inquiries, and notifying you of material changes to our Terms or Privacy Policy.
We do not use your trading data, strategy configurations, or wallet information for any purpose other than operating the Platform on your behalf.
Your seed phrases and private keys are protected with envelope encryption:
Transaction signing is handled by a dedicated, isolated Rust-based signing service that operates as a separate process with restricted network access, decrypts keys only in memory for signing, and immediately discards plaintext key material.
Each organization's data is isolated at the database, API, encryption, and application layers. Cross-tenant access is structurally prevented.
Wallet addresses and transaction data are inherently public on blockchain networks. Sumo's privacy protections apply to off-chain data but cannot alter the public nature of on-chain data.
RPC providers, Jito block engines, and DEX protocols (Raydium, Jupiter, PumpFun, PumpSwap, Meteora, Uniswap, PancakeSwap, Aerodrome, and others) receive wallet addresses and transaction data necessary for executing trades.
Husher and SplitNOW receive source/destination wallet addresses and amounts when you use Privacy Cashout features. These providers operate their own privacy policies.
Telegram Bot API receives your Telegram user ID and message content for bot functionality. SMTP email providers receive your email address for account-related communications.
We do not share your personal information with any third party for marketing or advertising purposes. Information may be disclosed only when required by law, to prevent fraud, with your consent, or in connection with a business transfer.
| Data Category | Retention Period |
|---|---|
| Account information | Duration of account + 90 days |
| Encrypted wallet keys | Until wallet archived or account deleted |
| Trading data | Duration of account + 1 year |
| Audit logs | 2 years from creation |
| Server access logs | 90 days |
| Telegram session data | Until unlinked or account deleted |
Before deleting your account, you should export your seed phrases and withdraw all funds. Deleted keys cannot be recovered.
Depending on your jurisdiction, you may have the right to access, correct, delete, port, restrict, or object to processing of your personal data. To exercise these rights, contact us at privacy@sumo.trade. We will respond within 30 days.
Sumo uses minimal cookies strictly for Platform functionality: session tokens, theme preference, and sidebar state. We do not use third-party advertising cookies, cross-site tracking, fingerprinting, or social media tracking widgets.
Sumo does not sell, rent, lease, or trade your personal information to any third party for any purpose.
The Platform is not intended for use by anyone under the age of 18. We do not knowingly collect personal information from minors.
Your data may be transferred to and processed in jurisdictions other than your own. We implement appropriate safeguards including encryption and access controls to protect your data regardless of where it is processed.
In the event of a data breach, we will investigate promptly, notify affected users without undue delay, and report to relevant authorities where required by law.
Material changes will be communicated through the Platform or via email at least 14 days before they take effect. Your continued use after changes constitutes acceptance.
For privacy inquiries: privacy@sumo.trade
For general inquiries: legal@sumo.trade