Legal
Privacy Policy
This policy explains what data FlipTrainer collects through its Chrome Extension, how it is stored, and how it is used. We are committed to protecting your privacy and handling your data transparently.
📅 Last updated: June 21, 20261. Overview
FlipTrainer ("we", "our", "the Service") is a Solana memcoin trading simulator delivered as a Chrome Extension. The extension connects to FlipTrainer's backend services to simulate trades, track portfolio performance, and optionally subscribe to premium features.
By installing and using the extension you agree to this Privacy Policy. If you do not agree, please uninstall the extension and contact us to request deletion of any data already collected.
2. Extension Permissions
FlipTrainer is a Chrome Extension (Manifest V3). The sections below list every browser permission and every external host the extension is allowed to access, and explains exactly why each one is needed.
Permissions
For each permission the extension requests, here is why it is needed, how the related data is stored, and how you can remove it.
identity
- Why: lets you sign in with your Google account, so you never create or remember a separate FlipTrainer password. Used only to identify you, never for mailing lists, advertising, or spam.
- How it's stored: On our server we keep only your username, email, and Google account ID. On your device we keep a short-lived JWT access token (re-issued roughly every 15 minutes) and a refresh token, both in chrome.storage.local.
- How to remove it: Sign out to clear the tokens from your device, revoke FlipTrainer's access in your Google Account settings, or delete your account to erase the stored identity (see Your Rights).
storage
- Why: keeps the data the app needs to work (your session and other user data) on your own device, so you stay signed in between visits.
- How it's stored: in chrome.storage.local, an area isolated to the extension and unreadable by websites. It holds your JWT tokens, your encrypted wallet key (never leaves the device), and the push-notification endpoint. For a full breakdown of what is stored and where, see Data we collect.
-
How to remove it: signing out
clears the session items; removing the extension
wipes FlipTrainer's entire
chrome.storage.local, including the encrypted wallet key — export the key first if you want to keep the wallet.
sidePanel
- Why: the side panel is the app's main workspace, where you trade, track your portfolio, and use every FlipTrainer feature.
- How it's stored: nothing — it is only a UI surface and holds no data.
- How to remove it: closes with the panel; fully gone when you remove the extension.
notifications
- Why: shows browser push notifications for subscription lifecycle events, sniper alerts, and funds credited to your balance.
-
How it's stored: a
browser-generated push endpoint (contains no
personal data) kept in
chrome.storage.localand on our server so we can deliver the notifications. - How to remove it: removing the extension clears the stored push endpoint and stops the notifications.
Hosts
| Host | Purpose |
|---|---|
flip-trainer.com |
FlipTrainer's own backend — authentication, the trading simulation, subscription payments, and the real-time event stream. |
www.googleapis.com |
Google OAuth and profile endpoints, used only at sign-in to verify your identity and read your name, email, and avatar. |
axiom.trade,
gmgn.ai,
trade.padre.gg
|
Third-party trading terminals that the extension opens as links from your alerts (one terminal is active at a time). We do not send your personal data to these sites. |
3. Data We Collect
The extension collects only the data necessary to provide and improve the Service. The table below lists every category of data, where it is held, and why.
| Data | Storage | Purpose |
|---|---|---|
| Google account name & email | local server | Account creation and profile display. Collected once during Google OAuth sign-in. |
| Google profile picture URL | local server | Displayed in the extension UI as the user avatar. |
| JWT access & refresh tokens | local |
Session authentication. Stored in
chrome.storage.local; never
written to disk outside the browser
profile.
|
| Solana wallet address (public key) | local server | Identifies the user's wallet for balance checks, subscription payments, and blockchain interactions. |
| Encrypted wallet private key | local encrypted | The private key is encrypted with AES-256-GCM using a key derived via HKDF-SHA256 from a server-side HMAC pepper, and stored only on your device. Neither the plaintext key nor the ciphertext is ever transmitted to or stored on our servers — this is a fully self-custodial wallet. Recovery on a new device is possible only by importing a key you exported yourself. |
| SOL wallet balance | local | Displayed in the wallet UI. Fetched directly from the Solana RPC; not stored server-side. |
| Simulated trading activity | server | Open/closed positions and P&L history. Required to provide the core trading simulation feature. |
| Sniper wallet watch-list | server | Solana addresses the user chooses to monitor for on-chain activity. Stored only if the user explicitly configures them. |
| Web Push subscription endpoint | local server | Enables browser push notifications for subscription lifecycle events (renewal, expiry) and sniper alerts. The endpoint is browser-generated and contains no personally identifiable information. |
| Subscription & tip payment records | server | When you buy a subscription or send a tip, we record the on-chain transaction signature, the sender wallet address, the SOL amount, a SOL/USD price snapshot, the payment status, and the timestamp. This is kept only to verify your on-chain payment and to prevent double-charging (each purchase is idempotent). We never initiate or sign these payments — you sign and send them yourself. |
We do not collect: browsing history, content of web pages you visit, keystrokes, mouse movements, geolocation, or any data unrelated to the trading simulator.
4. How Data Is Stored
On your device — sensitive items
(JWT tokens, the encrypted wallet key) are kept in
chrome.storage.local, which is isolated
to the extension and inaccessible to websites. Your
wallet key never leaves this device.
On our servers — data is stored in a PostgreSQL database hosted on a private server. Server-to-server communication is encrypted in transit (TLS). We store only your public wallet address and non-financial account data; the encrypted wallet key is never sent to or kept on our servers, so we cannot recover your private key under any circumstance.
5. How Data Is Used
- Authenticating your account and maintaining your session via JWT tokens.
- Displaying your profile (name, avatar) inside the extension.
- Managing your simulated SOL balance, open positions, and trade history.
- Processing subscription payments and tips — verifying the on-chain SOL transactions you sign and send from your wallet to our treasury address, and recording the payment signature, amount, and status so a purchase or tip is never charged twice. We never sign on your behalf; subscriptions are one-time purchases you initiate yourself, and tips are entirely optional.
- Monitoring Solana wallet addresses you explicitly add to your sniper watch-list and firing configured alerts.
- Sending push notifications for subscription lifecycle events and sniper alerts (only if you grant notification permission).
- Opening links to third-party trading terminals from your alerts, and opening the side panel. Your browsing history is never collected or stored.
We do not use your data for advertising, profiling, or any purpose unrelated to operating the Service.
6. Third Parties
| Party | Data shared | Purpose |
|---|---|---|
| Google (OAuth) | Google token (verified server-side) | Identity verification at sign-in. We receive your name, email, and profile picture URL from Google's API. |
| Web Push services (browser vendor) | Push endpoint (browser-generated) | Delivering browser push notifications. The push endpoint is provided by your browser vendor (Google for Chrome) and does not contain personal information. |
| Email delivery (SMTP — Google / Gmail) | Recipient email address + transactional message content | Sending transactional emails (subscription lifecycle events, tips) through Google's SMTP server. These emails are transactional only — we never use this channel for marketing. |
We do not share your name, email, or private key with any of the above parties. We do not use analytics SDKs, advertising networks, or data brokers.
7. Data Retention
We keep your data only for as long as it is needed to operate the Service, and we do not impose long financial-style retention periods — the Service is a trading simulator, not a custodian of real funds.
- Account & profile data (name, email, Google account ID, public wallet address) — kept while your account is active; erased when you request account deletion.
- Simulated trading data (open and closed positions, P&L history) — retained for the lifetime of your account.
- Subscription & payment ledger — retained while your account exists, to keep purchases idempotent and verifiable; removed on account deletion.
- Push endpoint & sniper watch-list — kept until you disable notifications / remove the watch entry, or delete your account.
- On-chain transactions — recorded immutably on the Solana blockchain; they are outside our control and cannot be erased by us.
- Server logs — operational and short-lived; they are not used to identify you for advertising and are not shared with any analytics or logging SaaS.
8. Your Rights
You have the right to:
- Access — request a copy of all personal data we hold about you.
- Correction — ask us to correct inaccurate data.
- Deletion — request deletion of your account and all associated data. Blockchain transactions (on-chain history) are immutable and cannot be erased by us.
- Portability — receive your trading history in a machine-readable format.
- Withdraw consent — uninstall the extension and contact us to stop all data processing.
To exercise any of these rights, contact us at the address in the Contact section. We will respond within 30 days.
9. Security
- All traffic between the extension and our servers is encrypted with TLS.
- Your Solana private key is encrypted on-device with AES-256-GCM and stored only in your browser. Neither the key nor its ciphertext is ever transmitted to or stored on our servers — we hold only your public address.
- The decryption key is derived from an HMAC secret that is server-side only and never stored in the database — and even that never touches your key, since decryption happens only on your device.
- JWT access tokens are short-lived; refresh tokens are single-use and rotated on every session refresh.
No system is perfectly secure. If you discover a security issue please report it responsibly to the contact address below.
10. Children's Privacy
FlipTrainer is not directed at anyone under the age of 18 (or the applicable age of majority in your jurisdiction). We do not knowingly collect personal data from children. If you believe a child has provided us personal data, please contact us at support@flip-trainer.com and we will delete it promptly.
11. Changes to This Policy
We may update this policy to reflect changes in the Service or applicable law. Material changes will be announced via an in-extension notification or email. The "Last updated" date at the top of this page always reflects the current revision. Continued use of the extension after a change constitutes acceptance of the new policy.
Contact Us
For privacy questions, data requests, or to report a
security issue, reach us at:
📧
support@flip-trainer.com
We aim to respond to all privacy-related inquiries
within 30 days.