← Back to RiskState

Privacy Policy

Version 1.1 — Effective April 29, 2026

1. Introduction

Digital Venture Asset LLC ("Company," "we," "us," or "our") operates the RiskState API and the website at riskstate.ai. This Privacy Policy explains what information we collect, how we use it, and your rights regarding your data.

2. Information We Collect

2.1 Information You Provide

  • Waitlist registration: Email address and use case selection when you request API access
  • Account information: Email address associated with your API key
  • Support communications: Any information you provide when contacting us

2.2 Information Collected Through API Usage

  • API request metadata: Timestamp, requested asset (BTC/ETH), IP address, and request headers
  • Wallet addresses: If you provide a wallet address in API requests for DeFi position lookups. We use this solely to query on-chain data from public blockchain explorers. The full address is NOT retained — only a boolean indicator (has_wallet) in the audit log.
  • Audit decision records: Every authenticated /v1/risk-state call generates a record with the policy hash, scoring version, request shape (asset, market type, flags), response summary, and data-source provider tags. This record is the system of record for compliance and post-trade review. Full schema documented at /docs/audit.
  • Policy configuration profiles: If we attach a policy_config profile to your API key (institutional customers only), we store the configured fields you authorised (e.g. desk_id, max_gross, leverage_cap, blocked_protocols, notes). Schema at /docs/policy-config.
  • Usage patterns: Request frequency, error rates, and feature usage for service improvement

2.3 Information We Do NOT Collect

  • Private keys or seed phrases
  • Trading history or portfolio balances (beyond single-request DeFi lookups)
  • Personal identity documents or KYC information
  • Cookies for advertising or cross-site tracking

3. How We Use Your Information

  • To provide, maintain, and improve the Service
  • To issue and manage API keys
  • To communicate with you about service updates, security notices, or changes to these terms
  • To monitor for abuse, enforce rate limits, and ensure service integrity
  • To generate aggregate, anonymized usage statistics

We do not sell your personal information. We do not use your data for advertising. We do not share individual API request data with third parties.

4. Data Storage and Security

Waitlist submissions are stored via Netlify Forms on servers located in the United States. API keys are stored as opaque tokens with the first 16 characters used as a non-sensitive prefix for audit partitioning; the full token is only revealed once at issuance via Resend email and is not retrievable thereafter.

Audit decision records are retained for 365 days in the audit-decisions store, after which they are auto-deleted by a daily cleanup process. Operational request logs (errors, latency telemetry, console output) are retained for up to 30 days for incident-response purposes, then deleted. Cached API responses are evicted after 60 seconds.

We implement reasonable administrative, technical, and physical safeguards to protect your information. However, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security. Confirmed vulnerability reports may be sent to security@likido.xyz under the disclosure policy at /security.

5. Third-Party Services

The Service relies on third-party data providers to function. These providers receive API requests from our servers, not from your device. Third-party providers include:

  • Netlify: Hosting, serverless functions, form submissions, Blobs persistence (audit log + API key metadata)
  • Resend: Transactional email delivery for API key issuance and revocation notices. Receives only your email address and the message body.
  • Alchemy: Blockchain RPC calls for DeFi position data when a wallet address is included in a request.
  • Anthropic: AI analysis on the dashboard (receives anonymised market data only, never user account information).
  • Market data providers: CoinGecko, CoinGlass, Binance, OKX, Bybit, CryptoCompare, FRED, DefiLlama, Lido, Beaconcha.in, Yahoo Finance (receive only market data queries, no user data).

We do not send your email, name, or personal information to any data provider. Wallet addresses, when provided, are sent only to Alchemy for on-chain queries.

6. Data Retention

  • Waitlist emails: Retained until you request removal or the waitlist is closed.
  • API key metadata: Active until revoked by you or by us; revoked keys retained for 30 days then purged.
  • Audit decision records: 365 days, then auto-deleted by daily cleanup. Institutional pilots may opt into a long-term retention tier (up to 7 years with daily JSONL + SHA-256 manifest export) — see Hardening Modes.
  • Policy configuration profiles: Stored alongside the API key until cleared via the policy management endpoint.
  • Operational logs: 30 days.
  • Cached API responses: 60 seconds (TTL).

7. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access: Request a copy of the personal data we hold about you
  • Correction: Request correction of inaccurate data
  • Deletion: Request deletion of your personal data
  • Portability: Receive your data in a structured, machine-readable format
  • Objection: Object to processing of your data for specific purposes
  • Revocation: Request revocation of your API key at any time

To exercise any of these rights, contact us at hello@likido.xyz with the first 16 characters of your API key (the public prefix). We will confirm receipt within 5 business days and complete processing within 30 days.

8. International Users

The Service is operated from the United States. If you access the Service from the European Union, United Kingdom, or other jurisdictions with data protection laws, you acknowledge that your data will be transferred to and processed in the United States. We process data under the legal basis of legitimate interest (providing the Service you requested) and consent (waitlist registration).

9. Children

The Service is not directed to individuals under 18 years of age. We do not knowingly collect personal information from children.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated effective date. Material changes will be communicated via email to registered users.

11. Institutional customers

Hedge funds, prop desks, and treasury teams evaluating RiskState should read the Institutional Integration Guide for the full data classification, authentication model, audit trail schema, retention tiers (including the 7-year export option), incident response policy, and SIG Lite procurement mapping. The guide supersedes this Privacy Policy where the institutional pilot scope adds additional terms — those are negotiated under NDA per pilot.

12. Contact

For privacy-related questions or requests, contact us at: hello@likido.xyz

Digital Venture Asset LLC
Delaware, United States