Legal & policies

Privacy Policy

How YIELD3 INSIGHT LIMITED collects, uses, shares, protects, and retains personal information for EventFlow Data and yield3.

EventFlow Data is an analytics platform only. It does not place, route, or execute orders, hold customer assets, or provide investment, legal, tax, or financial advice.

This Privacy Policy explains how YIELD3 INSIGHT LIMITED ("Company", "we", "us", or "our") collects, uses, discloses, and protects personal information in connection with EventFlow Data, yield3, https://www.yield3.app, our read-only web workbench, REST API, WebSocket feeds, documentation, demo requests, support, and related services (together, the "Service").

EventFlow Data is a research analytics and data-delivery platform for publicly observable prediction-market data. The Service provides analytics only. It does not place, route, or execute orders; does not provide trading, market-making, automation, broker, exchange, wallet, custody, payment, or account-operation functionality; does not hold funds, private keys, seed phrases, exchange credentials, or asset credentials; and does not provide investment, legal, tax, or financial advice.

1. Who We Are

Controller: YIELD3 INSIGHT LIMITED

Registered details: company number 15272863, Unit 1e, Bromsgrove House, 88 Bromsgrove Street, Birmingham, England, B5 6AJ

Privacy contact: contact@yield3.app

Support contact: contact@yield3.app

EU representative, if required: Not appointed at publication; we will update this Policy if one is required.

UK representative, if required: Not separately appointed at publication.

If we appoint a Data Protection Officer or another formal privacy representative, we will publish their contact details here.

2. Information We Collect

We collect only the information needed to operate, secure, improve, and provide the Service.

2.1 Information You Provide

Demo and contact information: work email address, company or team name, data interests, planned integration channel, notes, and similar information you submit through a demo, contact, or support form.

Account and access information: if you access an authenticated workbench, API, or documentation portal, we may process your name, verified email address, organization, role, allowlist status, login timestamps, session status, and identity-provider identifiers. Current access is designed around Google OAuth and an email allowlist.

Support and business communications: messages, attachments, meeting notes, commercial preferences, and other information you provide when you communicate with us.

Service configuration: watchlists, saved views, table or display preferences, API keys or access tokens issued by us, and similar settings, if enabled for your account.

2.2 Information Collected Automatically

Website and device information: IP address, user agent, browser type, device type, operating system, approximate region, referrer, page URL, pages viewed, button clicks, timestamps, and similar technical metadata.

Security and operational logs: request logs, API and WebSocket connection metadata, authentication events, CSRF/session events, rate-limit events, error logs, audit trails, and abuse-prevention records.

Cookies and local storage: cookie-consent choices, session and CSRF cookies for authenticated areas, and preference records such as theme or display choices. See the Cookie Policy below.

Analytics information: if analytics are enabled after consent or where otherwise permitted by applicable law with a simple opt-out, we may collect aggregated usage information such as page visits, referral source, device type, and interaction events. On the current landing page, analytics loading is gated by consent and no analytics script loads before consent.

2.3 Public Data We Process

The Service processes public or publicly accessible data, including:

  • Prediction-market metadata, events, markets, token identifiers, prices, order-book data, trade tape data, public wallet activity, public wallet positions, market holder distributions, transaction hashes, and settlement-related information.
  • Public blockchain records, including Polygon transaction logs, token transfers, split, merge, redemption, and settlement events.
  • Public or authorized news and social data, including RSS/Atom feed items, public Telegram channel posts available to an authorized bot, and public X posts retrieved through the X API.
  • Public crypto-reference data, including Deribit public market-data endpoints for crypto-linked reference markets.

Wallet addresses, transaction hashes, public social identifiers, and other pseudonymous or public identifiers may still be personal information if they can reasonably be linked to a living person. We process them as described in this Privacy Policy.

2.4 Information We Do Not Intentionally Collect

The landing page and public Service surfaces are not designed to collect:

  • Private keys, seed phrases, wallet credentials, exchange credentials, account passwords for third-party venues, or API secrets for third-party venues.
  • Bank card numbers, bank-account credentials, payment passwords, or other financial-account access credentials.
  • Government identity documents, biometric identifiers, health information, precise geolocation, or other sensitive identity materials.
  • Non-public exchange account data, except where a customer separately provides information for support or enterprise access administration.

Do not submit this information to us. If you do, we may delete it or restrict it.

3. Sources of Information

We collect information from:

  • You and your organization.
  • Your browser, device, and interaction with the Service.
  • Identity providers used for authentication, such as Google OAuth.
  • Public data sources and authorized APIs described in our Data Sources statement.
  • Service providers that help us host, secure, monitor, analyze, support, and communicate about the Service.

4. How We Use Information

We use information to:

  • Respond to demo, sales, support, and information requests.
  • Provide, authenticate, authorize, operate, and maintain the read-only workbench, API, WebSocket feeds, documentation, and related services.
  • Enforce email allowlists, session security, CSRF protection, rate limits, and other security controls.
  • Produce public-data analytics, including wallet intelligence, toxicity scores, skill scores, cash-flow PnL reconstruction, markout metrics, absorption candidates, market microstructure metrics, event-signal evaluation, freshness indicators, and quality flags.
  • Improve data capture, normalization, replay, quality monitoring, field definitions, documentation, and user experience.
  • Detect, prevent, investigate, and respond to security incidents, abuse, unauthorized access, fraud, and operational issues.
  • Maintain audit trails, comply with legal obligations, enforce our agreements, and protect legal rights.
  • Send service notices and respond to business communications.
  • Conduct consented or permitted analytics and preference management.

We do not use the Service to make decisions that produce legal or similarly significant effects about individual users. Wallet scores and market analytics are statistical descriptions of public activity and are not endorsements of, or recommendations to follow, any wallet, trader, market, or position.

Where UK GDPR, EU GDPR, or similar law applies, we rely on the following legal bases:

  • Contract or pre-contract steps: to provide requested demos, support, access, subscriptions, API services, documentation, and account administration.
  • Legitimate interests: to operate a B2B analytics service, secure the Service, prevent abuse, respond to business inquiries, maintain service logs, improve data quality, process publicly observable market and blockchain data for research analytics, and protect our rights and users.
  • Consent: for non-essential cookies or similar technologies where consent is required, optional marketing where required, and any processing for which we specifically request consent.
  • Legal obligation: to comply with applicable law, regulatory requests, accounting duties, tax duties, court orders, and lawful requests.

For public wallet, blockchain, news, and social data, our legitimate interest is to provide a read-only research analytics service over publicly observable data. We consider data minimization, pseudonymity, transparency, source limitations, opt-out or objection requests where applicable, and the risk that public identifiers may be linked to individuals.

6. Cookies, Local Storage, and Similar Technologies

We use cookies, local storage, and similar technologies for necessary site operation, authentication, security, consent management, preferences, and, where enabled, analytics. Non-essential analytics and marketing technologies are not loaded on the current landing page before a user's choice. See the Cookie Policy below for details.

7. How We Share Information

We may share information with:

  • Hosting, infrastructure, database, CDN, and storage providers, such as Vercel and our infrastructure providers.
  • Authentication providers, such as Google OAuth, when you use supported login methods.
  • Email, calendar, customer-relationship, and support providers used to respond to requests and manage business communications.
  • Analytics providers, if enabled, only where disclosed in this Policy or in-product.
  • Security, logging, monitoring, and error-detection providers, such as our security, logging, monitoring, and error-detection providers, where enabled.
  • Professional advisers, auditors, insurers, and legal counsel.
  • Authorities, courts, regulators, counterparties, or other parties where required by law or reasonably necessary to protect rights, security, and legal interests.
  • Successors or transaction counterparties in a merger, acquisition, financing, reorganization, asset sale, or similar transaction, subject to appropriate confidentiality and privacy protections.

We do not sell personal information. We do not share personal information for cross-context behavioral advertising. We do not disclose private keys, seed phrases, asset credentials, or third-party account credentials because the Service is not designed to collect them.

8. International Transfers

We may process and store information in countries other than your country of residence. Where UK, EEA, or Swiss transfer rules apply, we use appropriate safeguards, which may include adequacy decisions, the EU Standard Contractual Clauses, the UK International Data Transfer Addendum or Agreement, and contractual, technical, and organizational safeguards.

9. Retention

We keep personal information only for as long as reasonably necessary for the purposes described in this Privacy Policy, unless a longer period is required or permitted by law.

Typical retention periods:

CategoryTypical retention
Demo/contact inquiriesUp to 24 months after last interaction, unless a customer relationship or legal need requires longer
Account and access recordsWhile the account is active, then up to 6 years for contractual, audit, security, and legal records where needed
Authentication/session logsUsually 90 to 180 days, unless required for security investigation or legal preservation
Security and error logsUsually 90 to 180 days, longer for incidents, fraud, abuse, litigation, or regulatory matters
Cookie-consent recordsUp to 12 months or until you update or withdraw the choice, unless law permits or requires a different period
Analytics dataUp to 26 months where used, preferably in aggregated or pseudonymized form
Support and business communicationsUp to 6 years after the matter or relationship ends, unless law requires longer
Public market, blockchain, and derived research dataRetained as long as useful for historical research, auditability, replay, quality monitoring, and data lineage, subject to lawful rights requests and technical feasibility

Public blockchain data may be immutable and outside our control. We may not be able to delete or alter records on a blockchain or from third-party public sources, but we can evaluate requests involving our own derived records, overlays, account data, and presentation layers.

10. Security

We use reasonable technical and organizational measures designed to protect information, including encrypted transport, access controls, authentication, email allowlisting, session and CSRF protections, rate limiting, audit logs, secret-handling practices, and least-privilege access. No system is perfectly secure, and we cannot guarantee absolute security.

11. Your Rights

Depending on where you live, you may have rights to:

  • Access personal information we hold about you.
  • Correct inaccurate personal information.
  • Delete personal information, subject to exceptions.
  • Restrict or object to processing.
  • Receive a portable copy of certain information.
  • Withdraw consent where processing is based on consent.
  • Object to direct marketing.
  • Lodge a complaint with a data-protection authority.

To exercise rights, contact contact@yield3.app. We may need to verify your identity and authority. We will respond within the time required by applicable law.

For UK data-protection complaints, we will acknowledge privacy complaints within 30 days and respond without undue delay, as required where applicable. You may also contact the UK Information Commissioner's Office. EEA residents may contact their local supervisory authority.

12. California and US State Privacy Notice

This section applies to residents of California and other US states with applicable consumer privacy laws, to the extent those laws apply to us.

In the last 12 months, we may have collected these categories of personal information:

CategoryExamplesSourcesPurposesDisclosed to
IdentifiersName, work email, organization, account identifier, IP address, cookie or local-storage identifierYou, browser/device, identity providerContact, access, security, support, analyticsService providers
Commercial or business informationDemo interest, subscription relationship, support historyYou, your organizationCustomer relationship, support, account administrationService providers, advisers
Internet or network activityPage visits, API logs, device data, referrer, timestampsBrowser/device, systemsSecurity, analytics, service operationService providers
Geolocation at coarse levelApproximate region inferred from IPBrowser/deviceSecurity, localization, analyticsService providers
Professional informationCompany/team name, role, business contact detailsYou, your organizationB2B communications and accessService providers
InferencesService-interest segments, usage preferences, account statusService usageProduct improvement and supportService providers
Public blockchain and market identifiersWallet addresses, transaction hashes, public activity, public posts or feed identifiersPublic and authorized sourcesData analytics and research outputsCustomers and users of the Service, as part of public-data analytics

We do not sell personal information and do not share personal information for cross-context behavioral advertising. We do not knowingly sell or share personal information of anyone under 16.

California residents may have the right to know, access, correct, delete, and receive information about categories of personal information collected, sources, purposes, and disclosures; the right to opt out of sale or sharing; the right to limit use of sensitive personal information where applicable; and the right not to be discriminated against for exercising privacy rights. We do not use sensitive personal information for purposes requiring a right to limit.

To exercise US privacy rights, contact contact@yield3.app. Authorized agents may submit requests if they provide proof of authority and we can verify the request as required by law.

13. Children

The Service is intended for business, professional, and research users. It is not directed to children, and we do not knowingly collect personal information from children under 13. Users must be at least 18 years old, or the age of majority in their jurisdiction, to use authenticated areas of the Service. If you believe a child has provided personal information to us, contact contact@yield3.app.

The Service may link to third-party websites, APIs, documentation, block explorers, exchanges, social platforms, messaging platforms, and public feeds. Their privacy practices are governed by their own policies. We are not responsible for third-party privacy practices, source availability, or source accuracy.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. The updated version will be posted with a new effective date. If we make material changes, we will provide additional notice where required by law.

16. Contact

Questions, requests, or complaints: contact@yield3.app

General support: contact@yield3.app

Postal address: Unit 1e, Bromsgrove House, 88 Bromsgrove Street, Birmingham, England, B5 6AJ