What we collect, why, and what we don't.

Last updated: May 2026

TL;DR. We store your email address, your tier, and basic billing identifiers — that's it. We don't sell your data, we don't track you across the web, and the desktop software runs entirely on your machine with no telemetry.

1. What we collect

Data	Why	Where
Email address	Account identity, sign-in, receipts, security notices	Cloudflare KV
Google account ID (if you sign in with Google)	To match your account back to the same email next time	Cloudflare KV
Discord user ID + roles (if you link Discord)	To sync your subscription tier to your Discord role	Cloudflare KV
Subscription tier, billing identifier from Square	To know what you've paid for and renew/cancel correctly	Cloudflare KV + Square
Session cookies (HTTP-only, Secure, SameSite=Lax)	To keep you signed in for 30 days	Your browser

2. What we do not collect

We do not store your wallet keys, seed phrase, or any private key material. The desktop software keeps these on your machine.
We do not store your trade history. The bot writes JSONL logs to your local disk only.
We do not store your credit card or banking information. Payment data is handled directly by Square; we never see it.
We do not use third-party analytics, tracking pixels, ad networks, or "fingerprinting" libraries.
We do not sell your data to anyone, ever.

3. Third parties we share data with

The only third parties we share data with are the ones strictly required to run the service:

Cloudflare — hosts mimic.bet, stores your account record in KV. Cloudflare Privacy
Square — handles all payment processing. We send Square your email so they can attach the customer record to receipts. Square Privacy
Resend — sends transactional email (sign-in links, receipts). We send Resend your email + the email body. Resend Privacy
Google — only if you choose to "Continue with Google". Google authenticates you and tells us your email + Google ID. Google Privacy
Discord — only if you choose to link Discord (post-purchase). Discord tells us your Discord ID + roles in our server. Discord Privacy

4. Cookies

We use exactly one cookie: mimic_session. It is HTTP-only, Secure, SameSite=Lax, and lasts 30 days. It holds a signed JWT that proves you're logged in. We do not use cookies for advertising, analytics, or tracking. If you sign out, the cookie is cleared.

5. The desktop software

MIMIC desktop runs on your computer. It contacts mimic.bet only to (a) check your account tier when you sign in and periodically (~every 5 minutes) refresh it, and (b) report anonymous version info. It does not send your trades, wallet balance, or any other data off your machine.

6. Your rights

You can:

See your data — your account record is visible at mimic.bet/account when logged in.
Delete your data — email support@mimic.bet with the subject "Delete my account" from the email address on the account. We will delete your record from our systems within 30 days.
Export your data — same email address, subject "Export my data". We'll send you the JSON record we hold within 30 days.
Object — you can ask us to stop processing your data; if there's no legal/contractual reason to continue, we will.

If you are in the EU or UK, you have additional rights under GDPR. If you are a California resident, you have rights under CCPA. Same email address gets you the same answer regardless of jurisdiction — we treat everyone identically.

7. Data retention

We keep your account record for as long as you have an active account, plus up to 3 years after the last activity, for compliance (tax records, fraud investigation). Payment records held by Square follow their own retention policy, typically 7 years for tax compliance in the US.

8. Children

MIMIC is not directed at anyone under 18. We do not knowingly collect data from children. If you believe a child has provided us data, contact support@mimic.bet and we will delete it.

9. Security

We store account data in Cloudflare KV (encrypted at rest). Sessions are JWT-signed with HS256 using a secret held only in Cloudflare. We do not store passwords. If a security incident affects you, we will notify you by email within 72 hours of discovery.

10. Changes

If we materially change this policy we will email registered users and post the new version here with the updated date.

11. Contact

Privacy questions: support@mimic.bet

← back to mimic.bet