← Back to Docs

Legal

Privacy Policy

This policy explains what data FlipTrainer collects through its Chrome Extension, how it is stored, and how it is used. We are committed to protecting your privacy and handling your data transparently.

📅 Last updated: June 21, 2026
🔎

1. Overview

FlipTrainer ("we", "our", "the Service") is a Solana memcoin trading simulator delivered as a Chrome Extension. The extension connects to FlipTrainer's backend services to simulate trades, track portfolio performance, and optionally subscribe to premium features.

By installing and using the extension you agree to this Privacy Policy. If you do not agree, please uninstall the extension and contact us to request deletion of any data already collected.

We do not sell your personal data to third parties. We do not use your data for advertising. Your wallet is fully self-custodial — its private key stays on your device and we never hold or custodize funds on your behalf.
🧩

2. Extension Permissions

FlipTrainer is a Chrome Extension (Manifest V3). The sections below list every browser permission and every external host the extension is allowed to access, and explains exactly why each one is needed.

Permissions

For each permission the extension requests, here is why it is needed, how the related data is stored, and how you can remove it.

identity

  • Why: lets you sign in with your Google account, so you never create or remember a separate FlipTrainer password. Used only to identify you, never for mailing lists, advertising, or spam.
  • How it's stored: On our server we keep only your username, email, and Google account ID. On your device we keep a short-lived JWT access token (re-issued roughly every 15 minutes) and a refresh token, both in chrome.storage.local.
  • How to remove it: Sign out to clear the tokens from your device, revoke FlipTrainer's access in your Google Account settings, or delete your account to erase the stored identity (see  Your Rights).

storage

  • Why: keeps the data the app needs to work (your session and other user data) on your own device, so you stay signed in between visits.
  • How it's stored: in chrome.storage.local, an area isolated to the extension and unreadable by websites. It holds your JWT tokens, your encrypted wallet key (never leaves the device), and the push-notification endpoint. For a full breakdown of what is stored and where, see Data we collect.
  • How to remove it: signing out clears the session items; removing the extension wipes FlipTrainer's entire chrome.storage.local, including the encrypted wallet key — export the key first if you want to keep the wallet.

sidePanel

  • Why: the side panel is the app's main workspace, where you trade, track your portfolio, and use every FlipTrainer feature.
  • How it's stored: nothing — it is only a UI surface and holds no data.
  • How to remove it: closes with the panel; fully gone when you remove the extension.

notifications

  • Why: shows browser push notifications for subscription lifecycle events, sniper alerts, and funds credited to your balance.
  • How it's stored: a browser-generated push endpoint (contains no personal data) kept in chrome.storage.local and on our server so we can deliver the notifications.
  • How to remove it: removing the extension clears the stored push endpoint and stops the notifications.

Hosts

Host Purpose
flip-trainer.com FlipTrainer's own backend — authentication, the trading simulation, subscription payments, and the real-time event stream.
www.googleapis.com Google OAuth and profile endpoints, used only at sign-in to verify your identity and read your name, email, and avatar.
axiom.trade, gmgn.ai, trade.padre.gg Third-party trading terminals that the extension opens as links from your alerts (one terminal is active at a time). We do not send your personal data to these sites.
📄

3. Data We Collect

The extension collects only the data necessary to provide and improve the Service. The table below lists every category of data, where it is held, and why.

Data Storage Purpose
Google account name & email local server Account creation and profile display. Collected once during Google OAuth sign-in.
Google profile picture URL local server Displayed in the extension UI as the user avatar.
JWT access & refresh tokens local Session authentication. Stored in chrome.storage.local; never written to disk outside the browser profile.
Solana wallet address (public key) local server Identifies the user's wallet for balance checks, subscription payments, and blockchain interactions.
Encrypted wallet private key local encrypted The private key is encrypted with AES-256-GCM using a key derived via HKDF-SHA256 from a server-side HMAC pepper, and stored only on your device. Neither the plaintext key nor the ciphertext is ever transmitted to or stored on our servers — this is a fully self-custodial wallet. Recovery on a new device is possible only by importing a key you exported yourself.
SOL wallet balance local Displayed in the wallet UI. Fetched directly from the Solana RPC; not stored server-side.
Simulated trading activity server Open/closed positions and P&L history. Required to provide the core trading simulation feature.
Sniper wallet watch-list server Solana addresses the user chooses to monitor for on-chain activity. Stored only if the user explicitly configures them.
Web Push subscription endpoint local server Enables browser push notifications for subscription lifecycle events (renewal, expiry) and sniper alerts. The endpoint is browser-generated and contains no personally identifiable information.
Subscription & tip payment records server When you buy a subscription or send a tip, we record the on-chain transaction signature, the sender wallet address, the SOL amount, a SOL/USD price snapshot, the payment status, and the timestamp. This is kept only to verify your on-chain payment and to prevent double-charging (each purchase is idempotent). We never initiate or sign these payments — you sign and send them yourself.

We do not collect: browsing history, content of web pages you visit, keystrokes, mouse movements, geolocation, or any data unrelated to the trading simulator.

🔒

4. How Data Is Stored

On your device — sensitive items (JWT tokens, the encrypted wallet key) are kept in chrome.storage.local, which is isolated to the extension and inaccessible to websites. Your wallet key never leaves this device.

On our servers — data is stored in a PostgreSQL database hosted on a private server. Server-to-server communication is encrypted in transit (TLS). We store only your public wallet address and non-financial account data; the encrypted wallet key is never sent to or kept on our servers, so we cannot recover your private key under any circumstance.

Export and safeguard your private key from the Wallet page — it is the only way to recover the wallet on another device. If you lose access to your device without an exported key, your wallet and its funds cannot be recovered by anyone, including us.

5. How Data Is Used

  • Authenticating your account and maintaining your session via JWT tokens.
  • Displaying your profile (name, avatar) inside the extension.
  • Managing your simulated SOL balance, open positions, and trade history.
  • Processing subscription payments and tips — verifying the on-chain SOL transactions you sign and send from your wallet to our treasury address, and recording the payment signature, amount, and status so a purchase or tip is never charged twice. We never sign on your behalf; subscriptions are one-time purchases you initiate yourself, and tips are entirely optional.
  • Monitoring Solana wallet addresses you explicitly add to your sniper watch-list and firing configured alerts.
  • Sending push notifications for subscription lifecycle events and sniper alerts (only if you grant notification permission).
  • Opening links to third-party trading terminals from your alerts, and opening the side panel. Your browsing history is never collected or stored.

We do not use your data for advertising, profiling, or any purpose unrelated to operating the Service.

👥

6. Third Parties

Party Data shared Purpose
Google (OAuth) Google token (verified server-side) Identity verification at sign-in. We receive your name, email, and profile picture URL from Google's API.
Web Push services (browser vendor) Push endpoint (browser-generated) Delivering browser push notifications. The push endpoint is provided by your browser vendor (Google for Chrome) and does not contain personal information.
Email delivery (SMTP — Google / Gmail) Recipient email address + transactional message content Sending transactional emails (subscription lifecycle events, tips) through Google's SMTP server. These emails are transactional only — we never use this channel for marketing.

We do not share your name, email, or private key with any of the above parties. We do not use analytics SDKs, advertising networks, or data brokers.

7. Data Retention

We keep your data only for as long as it is needed to operate the Service, and we do not impose long financial-style retention periods — the Service is a trading simulator, not a custodian of real funds.

  • Account & profile data (name, email, Google account ID, public wallet address) — kept while your account is active; erased when you request account deletion.
  • Simulated trading data (open and closed positions, P&L history) — retained for the lifetime of your account.
  • Subscription & payment ledger — retained while your account exists, to keep purchases idempotent and verifiable; removed on account deletion.
  • Push endpoint & sniper watch-list — kept until you disable notifications / remove the watch entry, or delete your account.
  • On-chain transactions — recorded immutably on the Solana blockchain; they are outside our control and cannot be erased by us.
  • Server logs — operational and short-lived; they are not used to identify you for advertising and are not shared with any analytics or logging SaaS.
🛠

8. Your Rights

You have the right to:

  • Access — request a copy of all personal data we hold about you.
  • Correction — ask us to correct inaccurate data.
  • Deletion — request deletion of your account and all associated data. Blockchain transactions (on-chain history) are immutable and cannot be erased by us.
  • Portability — receive your trading history in a machine-readable format.
  • Withdraw consent — uninstall the extension and contact us to stop all data processing.

To exercise any of these rights, contact us at the address in the Contact section. We will respond within 30 days.

🛡

9. Security

  • All traffic between the extension and our servers is encrypted with TLS.
  • Your Solana private key is encrypted on-device with AES-256-GCM and stored only in your browser. Neither the key nor its ciphertext is ever transmitted to or stored on our servers — we hold only your public address.
  • The decryption key is derived from an HMAC secret that is server-side only and never stored in the database — and even that never touches your key, since decryption happens only on your device.
  • JWT access tokens are short-lived; refresh tokens are single-use and rotated on every session refresh.

No system is perfectly secure. If you discover a security issue please report it responsibly to the contact address below.

👶

10. Children's Privacy

FlipTrainer is not directed at anyone under the age of 18 (or the applicable age of majority in your jurisdiction). We do not knowingly collect personal data from children. If you believe a child has provided us personal data, please contact us at support@flip-trainer.com and we will delete it promptly.

📝

11. Changes to This Policy

We may update this policy to reflect changes in the Service or applicable law. Material changes will be announced via an in-extension notification or email. The "Last updated" date at the top of this page always reflects the current revision. Continued use of the extension after a change constitutes acceptance of the new policy.


Contact Us

For privacy questions, data requests, or to report a security issue, reach us at:

📧 support@flip-trainer.com

We aim to respond to all privacy-related inquiries within 30 days.