Privacy Policy
Effective date: May 5, 2026
1. Who We Are
Orakul.cc platform is a prediction market that enables users to trade contracts on real-world events.
Data contact: legal@orakul.cc
2. Data We Collect
2.1. Account Data
During registration we collect:
- Username
- Email address
- Password (stored encrypted - bcrypt)
- Display name (optional)
- Social media links (optional)
2.2. Financial Data
- USDT wallet addresses (for deposits and withdrawals)
- Transaction history (deposits, withdrawals, trades, payouts)
- Account balance
- Trading positions
2.3. Technical Data
- IP address
- Browser type and version
- Operating system
- Pages visited and actions on the Platform
- Date and time of visits
- Anonymous device fingerprint on order placement - a short SHA-256 hash of IP address and User-Agent (16 characters, non-reversible). Used solely for automated protection against collusion and self-trading between accounts on the same device/browser. The hash is stored on the order/position row and in the suspicious-pairs registry. See also Terms §6c.
- When you contact support (via the /contact form or email): topic, message content, sender email address, and IP address.
2.4. Two-Factor Authentication Data
- TOTP secret (when 2FA is enabled)
- Backup codes (stored encrypted)
- Telegram Chat ID (when Telegram bot is linked)
3. Purposes of Data Processing
- Service delivery: registration, authentication, trading, deposits, withdrawals.
- Security: fraud prevention, transaction verification, unauthorized access prevention.
- Analytics: analyzing Platform usage for improvement.
- Communications: notifications about trades, balance changes, Platform updates.
- Legal obligations: storing financial data as required by applicable law.
4. Cookies and Analytics
4.1. Cookies We Use
| Cookie | Purpose | Duration |
|---|---|---|
| session | User authentication | 72 hours |
| orakul_ref | Referral attribution (when you arrive via a ?ref=... link) | 30 days |
| orakul_tz | Stored timezone preference | 1 year |
| slip_ref | Referral attribution from trade-share links | 30 days |
| __cf_bm | Bot protection (set by Cloudflare) | 30 minutes |
In addition to cookies, we use your browser's localStorage to remember your cookie-consent choice (key orakul_cookie_consent). This data is stored locally in your browser and is not transmitted to our servers.
4.2. Yandex Metrica
We use Yandex Metrica for traffic analysis. Yandex Metrica may collect:
- Session and visit statistics
- Device and browser information
- IP address
- Pages viewed on the Platform
More info: Yandex Metrica Terms
4.3. Cloudflare
For DDoS protection and performance, we use Cloudflare. Cloudflare may process:
- IP addresses
- HTTP request headers
- Security cookies (e.g., __cf_bm)
More info: Cloudflare Privacy Policy
5. Third Parties
We share data with the following third parties solely to operate the Platform:
| Service | Data | Purpose |
|---|---|---|
| CryptAPI | Wallet addresses, transaction amounts | Processing crypto deposits |
| Yandex Metrica | Anonymized visit data | Web analytics |
| Cloudflare | IP addresses, request data | CDN and DDoS protection |
| Telegram Bot API | Telegram Chat ID | Bot notifications |
| PostHog (EU Cloud) | Pseudonymous events: internal identifier, event type, timestamp | Product analytics |
| Proton Mail | Recipient email address, subject, message body | System email delivery (password resets, notifications, broadcasts) |
| Browser push services (Apple, Google, Mozilla) | Browser push token, notification payload | Web push notifications (only if you granted permission in your browser) |
We do not sell your data to third parties.
6. Blockchain and Public Data
TRON (TRC-20) transactions are public and immutable. This means:
- Wallet addresses and transaction amounts are visible to all network participants.
- Removing a transaction from the blockchain is impossible.
- While a wallet address is pseudonymous, it may be linked to your identity.
7. Your Rights
You have the right to:
- Access: request information about what data we process about you.
- Rectification: request correction of inaccurate data.
- Deletion: request account deletion via the deletion request page in settings. Before deletion, you must withdraw all funds and close any open positions. Because financial records are subject to 5-year retention, deletion is performed via anonymization: personal data is erased while transaction rows are kept as anonymous records (see §8).
- Objection: object to processing of your data.
- Portability: request a copy of your data in machine-readable format.
To exercise your rights, contact us: legal@orakul.cc
We will respond within 30 days.
8. Data Retention
| Data Type | Retention Period |
|---|---|
| Account data | While account is active + 1 year after deletion |
| Financial records (transactions, deposits, withdrawals) | 5 years |
| Trade, order, and position logs | 5 years (trading-journal retention practice) |
| Dispute logs and administrative decisions | 5 years |
| Device fingerprint hash (on orders/positions) | 5 years (alongside the trade record) |
| Suspicious-pairs registry (flagged_pairs) | 5 years |
| Analytics data | 26 months (Yandex Metrica) |
| Server logs (page access) | 12 months |
| Session cookies | 72 hours |
The 5-year retention applies to trading activity data and related technical hashes, in line with exchange journal-keeping practice. After this period, data is anonymized or deleted.
9. Data Security
- All connections encrypted (HTTPS/TLS)
- Password hashing (bcrypt)
- Two-factor authentication (TOTP)
- DDoS protection (Cloudflare)
- CSRF, XSS, SQL injection protection
- Regular security audits
10. Children
The Platform is intended only for persons aged 18 and older. We do not knowingly collect data from minors. If we discover that data was provided by a minor, we will delete it.
11. Changes to This Policy
We may update this Policy. The current version is always available on this page. By continuing to use the Platform after changes, you accept the updated Policy.
12. Contact
Orakul.cc platform
Email: legal@orakul.cc