LIVE BATTLES0OPEN CHALLENGES0IN QUEUE0BTC/USDT1-MIN CANDLESSTAKES FROM$10WIN THRESHOLDFIRST TO 3 / 6PAYOUT95% TO WINNERMATCH TIME~2-5 MINMODEQUICK · RANKED
Home/Legal/Privacy Policy

Privacy Policy

How ORACLX collects, uses, shares, and protects your personal information. Designed to give you a clear, complete picture of what happens to data we touch — and what you can do about it.

Effective May 5, 2026
Plain-English summaryWe collect the minimum information needed to run a peer-to-peer prediction battle service: your wallet address, the email tied to your wallet provider, your username and avatar, your battle picks and outcomes, and operational metadata. We never sell your information. We share it only with infrastructure providers we need to run the service and only as required by law. You can request a copy of the data tied to your account, or its deletion (subject to retention duties), at any time.

1. Introduction & Scope

This Privacy Policy explains how ORACLX ("we","us", or "our") collects, uses, discloses, and safeguards information in connection with: (i) the website at oraclx.net and any subdomain thereof; (ii) any associated mobile or web application; (iii) any underlying smart contract published by us; and (iv) any related communication, including support email (collectively, the "Service").

This Policy supplements, and is incorporated by reference into, our Terms of Service. Capitalized terms not defined here have the meanings given in the Terms of Service.

This Policy does not cover the practices of third parties that we do not own or control, including the wallet provider you authenticate with, the public blockchain networks on which our smart contracts operate, the reference exchanges from which we read price data, or any third-party site you reach via a link from the Service. Their privacy practices are governed by their own policies.

2. Who We Are

ORACLX is the entity responsible for processing the personal information described in this Policy in connection with your use of the Service. For inquiries about this Policy, your data, or the exercise of any right you have under applicable data-protection law, please reach out using the contact information in Section 20.

3. Information We Collect

We collect the following categories of information. We do not collect information from these categories that is not listed here, except where required for compliance with law or to investigate a specific abuse report.

3.1 Account & identity

  • Email address — the email you use to authenticate via our wallet provider (Magic Labs). The wallet provider verifies the email; we receive a confirmation that you authenticated and the email associated with the resulting wallet.
  • Wallet address — the public on-chain address controlled by your authenticated wallet.
  • Username — chosen by you. May be edited from your settings.
  • Avatar — uploaded by you, or a default selection.
  • Account preferences — UI choices such as display mode, audio mute state, etc.

3.2 Battle & gameplay data

  • Battle records — per-Battle: mode, opponent, stake amount, win threshold, candle results, your candle predictions, scores, winner, payout amount, ELO change.
  • Spectator betting — per side bet: Battle ID, Player you backed, bet amount, payout.
  • Lobby and matchmaking events — find-match queue entries, challenge codes you create or accept, follow / unfollow actions.
  • Realtime presence — whether your camera is on, whether you have an active spectator bet within the past 60 seconds, and what battle room you're connected to. This data is held in API process memory only and is never persisted.

3.3 Camera, microphone & chat

  • Live video and audio streams — when you opt into camera or microphone use during a Battle, your video and audio are captured by your device, transmitted via our real-time media provider (LiveKit), and displayed to other participants of that Battle. We do not record or persist these streams beyond the duration of the Battle.
  • Live chat messages — text you type in the Battle chat is transmitted to other participants. We do not retain a public archive of chat after a Battle ends.

3.4 Technical & usage data

  • Device and browser info — user-agent, language, screen size, time zone, approximate device class.
  • IP address — captured at request time for security, abuse-prevention, and geographic analytics.
  • Approximate geographic information — country, region, and city derived from your IP address by a third-party geolocation service (currently ip-api.com). Used in aggregate to understand where Users come from. We do not pinpoint precise location (e.g., GPS).
  • Logs & diagnostic data — request paths, response codes, error messages, latencies, timestamps. Used to operate and debug the Service.

3.5 Cookies & storage tokens

See Cookie Policy for the complete inventory. In summary, we set the following essential cookies on your browser:

  • humai_token — your authenticated session token (httpOnly, signed JWT).
  • oraclx_preview — access-gate cookie set after you enter the access PIN, where access controls are in effect.
  • oraclx_admin — administrative gate-bypass cookie set after a backoffice admin signs in.

We do not currently set advertising, marketing, or third-party analytics cookies. If we add any in the future, this Policy and the Cookie Policy will be updated and your consent will be solicited where required.

3.6 Communications you send us

  • Email correspondence with our support or legal teams.
  • Bug reports, abuse reports, or content you submit to us in any communication.

3.7 What we DO NOT collect

  • We do not collect government-issued identification (driver's license, passport, etc.) unless and until applicable law (such as KYC obligations under specific regulatory regimes) requires us to do so.
  • We do not collect bank-account information, credit-card numbers, or other traditional financial-account credentials. Stakes and payouts move on-chain via smart contracts.
  • We do not recall, log, or store your private keys, recovery phrases, or wallet credentials. Those are managed entirely by your wallet provider.
  • We do not collect biometric data (face geometry, voiceprints, etc.). Camera streams are transmitted live and not analyzed by us.

4. Sources of Information

We obtain the categories of information described above from:

  • You directly — when you sign up, enter information into the Service, send us a message, place a stake, etc.
  • Your wallet provider — the email address, authentication confirmation, and wallet address generated for you when you sign in via Magic Labs.
  • Your device and browser — request headers, IP address, screen and time-zone metadata.
  • Public blockchain networks — transaction confirmations, settlement events, and balance changes for the Smart Contracts our Service interacts with.
  • Geolocation provider — country/region/city information looked up from your IP address.
  • Real-time media provider — connection metadata for camera/microphone sessions.

5. How We Use Your Information

We use the information described above for the following purposes:

5.1 Operating the Service

  • Authenticate you and maintain your session.
  • Match you with opponents, run Battles, settle outcomes, and update your ELO.
  • Show your username, avatar, and ELO on leaderboards and Battle records.
  • Transmit your live audio/video to other Battle participants when you enable them.
  • Deliver chat messages.
  • Display realtime metrics and presence indicators within the Service.

5.2 Security, fraud, and abuse prevention

  • Detect and prevent multi-accounting, manipulation, money laundering, sanctions exposure, and other prohibited conduct.
  • Apply rate limits, anti-bot measures, and other technical defenses.
  • Investigate and respond to abuse reports.

5.3 Compliance and legal obligations

  • Comply with applicable laws, regulations, court orders, subpoenas, and lawful requests from authorities.
  • Respond to data-subject access, deletion, or correction requests.
  • Establish, exercise, or defend legal claims.

5.4 Service improvement & analytics

  • Understand product usage in aggregate (e.g., country-level distribution of visitors and sign-ups).
  • Diagnose errors and improve performance.
  • Research and develop new features.

5.5 Communications

  • Respond to inquiries you send to support or legal email addresses.
  • Send service-critical notices (downtime, security incident, change of terms).

6. Lawful Bases for Processing

To the extent applicable data-protection law in your jurisdiction requires us to identify a lawful basis for processing your personal information, we rely on one or more of the following bases:

  • Performance of a contract — processing necessary to provide the Service to you under our Terms of Service (e.g., running a Battle you have entered, settling its outcome, displaying your username on a leaderboard).
  • Legitimate interests — pursuing our legitimate business interests, including maintaining the security of the Service, preventing fraud and abuse, debugging, and improving the product, in each case balanced against your rights and interests.
  • Compliance with a legal obligation — processing required by law (for example, retaining transaction records, complying with a court order or governmental request).
  • Consent — for processing that we describe as optional, such as enabling your camera or microphone during a Battle, or (in the future) any non-essential cookie or analytics use, where we will obtain your consent before such processing begins.

You may withdraw consent at any time for processing based on consent. The withdrawal does not affect the lawfulness of processing carried out before withdrawal.

7. How We Share Your Information

We share information only as described below. We do not sell your personal information to third parties, and we do not share it for third-party advertising or marketing.

7.1 With other Users

Certain information is, by design, visible to other Users of the Service, including: your username, your avatar, your ELO and rank, your win/loss record, your historical Battles (opponents, mode, stakes, outcome), your live camera and microphone streams while you have them enabled in a Battle, and the chat messages you send. You should not submit information to the Service that you do not want other Users to see.

7.2 With service providers

We share information with third-party service providers that help us operate the Service. These providers are bound by contract to use the information only as instructed by us and only for the purposes for which it was disclosed. See Section 9 for the principal providers and the categories of information shared with each.

7.3 With authorities and in legal proceedings

We may disclose information when we believe in good faith that disclosure is required by law, regulation, valid legal process, or governmental request, or where we believe disclosure is necessary to investigate, prevent, or take action against suspected illegal activities, fraud, threats to the security or integrity of the Service, or threats to the rights, property, or safety of any person.

7.4 In a corporate transaction

If we are involved in a merger, acquisition, financing, sale of all or a portion of our assets, bankruptcy, or other corporate transaction or reorganization, your information may be transferred to the new owner or successor entity. We will notify you (e.g., by banner notice or email) where required and will require the recipient to honor the protections of this Policy.

7.5 With your consent

We may share information with your consent or at your direction, for example if you ask us to forward a support request to a partner or authenticate you to a third-party application.

8. Information You Make Public

Some of the information you provide to the Service is, by design, public. This includes: your username, your avatar, your ELO and rank, your historical Battle records, the existence of any Battle you have played, the picks revealed at the end of each Battle, and any chat message you send during a Battle.

Once information is public, you should expect that other Users, search engines, archival services, and other third parties may copy, mirror, or republish it independently of us. We cannot ensure or guarantee deletion of public information from third parties.

9. Third-Party Service Providers

The principal third parties we share specific categories of information with are listed below. We may add or replace providers from time to time; updates will be reflected in this Policy.

Identity & wallet provisioning

  • Magic Labs — receives your email address to authenticate you and provisions a wallet for you. Magic's privacy policy applies to its handling of your email.

Account abstraction & gas paymaster

  • Pimlico (or equivalent) — receives metadata required to relay account-abstraction transactions and (if applicable) to sponsor or pay gas on your behalf in stablecoin.

Real-time audio/video infrastructure

  • LiveKit (self-hosted by ORACLX on dedicated infrastructure) — receives the live video and audio streams you transmit when you enable your camera or microphone, and routes them to the other participants of your Battle. Streams are not recorded.

NAT traversal

  • coturn (self-hosted by ORACLX) — relays media packets when peer-to-peer connectivity fails. Receives metadata required to relay traffic; does not store stream content.

Database & authentication

  • Supabase — hosts our PostgreSQL database (which contains your Account record, Battle records, etc.) and powers backoffice authentication. Subject to Supabase's privacy and security commitments.

Application hosting

  • Railway — runs the API server, web frontend, and backoffice. Receives request and log data necessary to operate the services.
  • DigitalOcean — hosts our LiveKit and coturn infrastructure.

Network & security

  • Cloudflare — provides DNS, DDoS protection, and TLS termination for our public hostnames. Receives request metadata (IP, headers, paths) for traffic protection.

Geolocation

  • ip-api.com — looks up country/region/city from your IP for aggregate analytics. Receives only your IP at request time.

Email delivery

  • A transactional email provider — receives the recipient address and message content for transactional emails (security notices, support replies). The current provider is identified in our published technical documentation and may change from time to time.

Public blockchain networks

  • Once a Stake or settlement is committed on-chain, the transaction is publicly visible on the underlying network. See Section 16 for what this means in practice.

10. International Data Transfers

Information processed in connection with the Service may be transferred to, processed in, and stored in jurisdictions other than the one in which you reside. These jurisdictions may have data-protection laws different from those of your jurisdiction. Where required by applicable law, we put in place appropriate safeguards (such as standard contractual clauses or equivalent measures) for international transfers and provide rights and remedies as required by law. By using the Service, you understand that your information may be processed and stored in such jurisdictions.

11. Data Retention

We retain personal information only for as long as is reasonably necessary to fulfill the purposes for which it was collected (including providing the Service to you, complying with our legal obligations, resolving disputes, and enforcing our agreements). Specific retention periods are determined based on the type of information, the context in which it was collected, and applicable legal requirements.

  • Account & identity data — retained for the life of your Account and for a period thereafter sufficient to comply with legal obligations and resolve disputes.
  • Battle records — retained indefinitely to maintain leaderboards, ELO history, and audit trails.
  • Chat messages — not persisted in long-term storage; available only while the Battle session is live.
  • Camera/audio streams — not recorded or stored.
  • Realtime presence — held in process memory only; lost on every API restart.
  • Logs & diagnostic data — typically retained for a period of days to months sufficient for security investigation and debugging, then rotated.
  • Visitor / geographic events — retained for a period sufficient for trend analysis (typically up to two years).
  • On-chain data — by the nature of public blockchains, on-chain transactions are retained permanently by the network and cannot be deleted by us.

12. Security

We implement reasonable administrative, technical, and physical safeguards designed to protect the information we process. These safeguards include but are not limited to: TLS encryption of data in transit, password hashing for any credentials we control, signed httpOnly cookies for session tokens, rate limiting and abuse-defense middleware, role-based access control for the backoffice, and regular security review of our application and infrastructure.

No method of transmission over the internet or method of electronic storage is one hundred percent secure. While we strive to protect your information using commercially reasonable means, we cannot guarantee absolute security, and any disclosure to us is at your own risk. In the event of a security incident affecting your personal information, we will notify you and applicable authorities to the extent required by applicable law.

13. Your Rights

Subject to applicable law and to limitations described below, you may have the following rights with respect to your personal information:

  • Access — request a copy of the personal information we hold about you.
  • Rectification — request that we correct or update inaccurate or incomplete information.
  • Erasure — request that we delete your personal information.
  • Restriction — request that we restrict the processing of your information in certain circumstances.
  • Portability — request a copy of your information in a structured, commonly used, machine-readable format and, where technically feasible, ask us to transmit it to another controller.
  • Objection — object to processing based on our legitimate interests.
  • Withdrawal of consent — withdraw consent for processing that is based on your consent.
  • Complaint — lodge a complaint with the data-protection authority in your jurisdiction.

To exercise any of these rights, contact us at privacy@oraclx.net. We may need to verify your identity before fulfilling a request, and we may decline a request that is unfounded, repetitive, or that would compromise the rights of others (e.g., requests that would require us to delete public Battle records and thereby alter another User's leaderboard or ELO).

Important — On-chain limitsFor on-chain data (transactions executed by Smart Contracts on a public blockchain), erasure is technically impossible: blockchains are append-only public ledgers. Where you exercise an erasure right, we will erase the off-chain personal information we control; we cannot alter or remove on-chain records.

14. Children

The Service is not intended for, and we do not knowingly collect personal information from, persons under the age of eighteen (18), or the age of legal majority in their jurisdiction, whichever is greater. If you become aware that a person under that age has provided personal information to the Service, please contact us using the information in Section 20 and we will take appropriate steps to delete the information and close the associated Account.

15. Cookies & Similar Technologies

We use cookies and similar technologies to authenticate you and to enforce platform access controls. The complete inventory, durations, purposes, and your control options are set out in our Cookie Policy. Where required, we will obtain your consent for any non-essential cookie before it is set on your browser.

16. On-Chain Data & Pseudonymity

Certain transactions in the Service — including funding a Battle, settling a Battle, and claiming a payout — are executed by Smart Contracts and recorded on a public blockchain. Once recorded, these transactions are:

  • Public — visible to anyone via a block explorer or any node operator;
  • Permanent — by design, public blockchains are append-only and do not support deletion;
  • Pseudonymous, not anonymous — the wallet address that signed a transaction is publicly visible, and over time may be linked to off-chain identifiers (such as an exchange account that funded the wallet) by sophisticated analysis.

We treat your wallet address as personal information. However, because we do not control the underlying blockchain and cannot delete information from it, the rights described in Section 13 apply only to the off-chain personal information we control.

17. Automated Decisions & Profiling

The Service applies automated technical measures to identify conduct reasonably likely to constitute fraud, manipulation, or other policy violations. Where such measures result in suspending or terminating an Account, we provide a means to contact our team to seek human review of the decision. We do not use your personal information to make automated decisions that produce legal or similarly significant effects without human involvement, except as described here.

18. Do-Not-Track Signals

Our Service does not currently respond to "Do Not Track" browser signals because there is no industry-wide consensus on how such signals should be interpreted. We do not track Users across third-party websites for advertising purposes, regardless of the presence or absence of any such signal.

19. Changes to This Policy

We may update this Policy from time to time. The current version, with its effective date, will always be posted at oraclx.net/legal/privacy. Material changes will be communicated by reasonable means (in-app notification, email, or banner) where commercially practicable. Your continued use of the Service following the effective date of any revision constitutes your acceptance of the revised Policy.

20. Contact

For privacy questions or to exercise any of your rights, contact us at:

ORACLX — Privacy Team
Email: privacy@oraclx.net
Legal: legal@oraclx.net

Questions? Reach our legal team at legal@oraclx.net
← Back to ORACLX