LaserSell

Privacy Policy

Last updated: March 31, 2026

Version: 2026-03-31

This Privacy Policy describes how XEN LLC d/b/a LaserSell (“Company,” “we,” “us”) collects, uses, and shares information when you use our websites and LaserSell services (collectively, the “Services”). By using the Services, you agree to the practices described in this Privacy Policy.

1. Who We Are

Company: XEN LLC (d/b/a LaserSell)

Address: 5005 W Laurel Suite 100 #1282, Tampa, FL 33607, USA

Support Contact: support@lasersell.io

Security Contact: security@lasersell.io

2. Scope

This Privacy Policy applies to our websites (including www.lasersell.io and our dashboard at app.lasersell.io), our documentation site (docs.lasersell.io), our API and streaming services (api.lasersell.io and stream.lasersell.io), our desktop application, our web trading application, as well as our community and support channels (such as Discord and Telegram).

3. Information We Collect

3.1 Account and Authentication Information

  • Account Credentials. When you register on app.lasersell.io, we collect your email address and securely manage your authentication via our infrastructure provider (Supabase).
  • OAuth Data. If you choose to authenticate using a third-party provider (GitHub, X/Twitter, or Google), we receive strictly limited default profile information (such as your email address, name, and profile picture) required to establish your session.
  • Profile Pictures. If you upload a profile picture, the image is stored in Supabase Storage and a public URL is associated with your account. You may remove or replace your profile picture at any time from the dashboard settings.
  • Multi-Factor Authentication (MFA). We support App-Based Time-Based One-Time Passwords (TOTP) for MFA. We do not collect or store phone numbers for SMS verification.

3.2 Purchase and Billing Information

  • Whop Checkout Data. We use Whop to process payments for our tiered subscription plans. We receive payment confirmation, subscription status, and billing details required to grant API access and manage your tier. We do not process or store your raw credit card numbers on our servers.

3.3 API, Stream, and Trading Activity Data

  • API Routing and Telemetry. Our transaction building API (api.lasersell.io) securely logs relevant diagnostic identifiers (such as your Solana wallet public key) to assist with debugging, customer support, and infrastructure monitoring.
  • WebSocket Stream Activity. Our execution intelligence stream (stream.lasersell.io) processes live market data. We log trading activity tied to your account, including Profit and Loss (PnL), exit strategy configuration, market identifiers, trade duration, trade frequency, and associated wallet addresses, to provide historical analytics, enforce tier limits, and prevent abuse.
  • Swap Activity. When you use the token swap service, we log swap request details including input and output token identifiers, requested amounts, slippage parameters, and your wallet public key. Swap transactions are routed through third-party decentralized exchange aggregators, which may independently collect transaction data in accordance with their own privacy practices.
  • API Keys. We generate and store encrypted API keys within your account to authenticate your requests to our endpoints.

3.4 Web Trading and Privy Wallet Data

  • Privy Wallet Information. When you use the web trading feature, a wallet is created and managed by Privy, Inc. on your behalf. We store your Privy wallet identifier and public key in our database to associate your wallet with your account. Your private key is stored exclusively in Privy's Trusted Execution Environment (TEE) and is never transmitted to or stored on LaserSell servers.
  • Web Trading Sessions. We store your trading session configuration (exit strategy settings, monitored wallets, copy trading settings) to maintain your trading session across browser sessions and server restarts.
  • Position and Notification Data. We store real-time position data (token holdings, profit/loss, trade history) and notification logs (trade executions, errors) associated with your web trading sessions.
  • Push Notification Subscriptions. If you enable browser push notifications, we store your Web Push subscription endpoint and encryption keys to deliver trade alerts when your browser is closed.

3.5 Referral Program Data

  • Referral Profile. If you join the referral program, we store your chosen username, referral relationships, and payout wallet address.
  • Earnings Data. We track trading fee earnings, subscription commission earnings, and payout history associated with your referral account.
  • Attribution Cookies. When a user visits a referral link (e.g., lasersell.io/@username), we set a cookie on the .lasersell.io domain to attribute their account creation to the referrer. This cookie expires after 30 days.
  • Whop Affiliates. If you participate in the affiliate program for subscription commission payouts, Whop collects and manages your payout information directly. We receive only your Whop affiliate account ID and onboarding status.

3.6 Support, Security, and Enterprise Intake

  • Enterprise Onboarding. If you apply for an Enterprise plan via Typeform, we collect business information including your name, email, phone number, company name, website, business category, estimated volume, active user counts, and business objectives.
  • Support Communications. If you contact us via email, Discord, or Telegram, we collect the contents of your messages and any identifiers associated with your platform account.
  • Security Reports. Information submitted to our security team, including encrypted payloads sent using our public PGP key.

3.7 Usage Data, Logs, and Cookies

  • Essential Cookies and Local Storage. The app.lasersell.io dashboard strictly uses essential cookies and local storage necessary for session management, user authentication, and security.
  • Analytics. We use Google Analytics on our marketing site (www.lasersell.io) and our documentation site (docs.lasersell.io) to understand visitor traffic. We do not deploy Google Analytics on the authenticated application dashboard.
  • Server and Error Logs. Our servers log diagnostic data (such as IP addresses, user-agents, request timestamps, and error traces) to monitor platform health, enforce rate limiting, and prevent fraudulent activity.

4. How We Use Information

  • To authenticate your account, process tiered subscription payments, and manage your API keys.
  • To provide access to the transaction building API and WebSocket intelligence streams.
  • To execute trades on your behalf via the web trading feature using delegated signing through Privy's Trusted Execution Environment.
  • To operate the referral program, track referral relationships, calculate earnings, process SOL payouts, and facilitate Whop affiliate subscription commission transfers.
  • To deliver push notifications about trade executions, position updates, and account alerts when your browser is closed.
  • To evaluate Enterprise applications and provision custom infrastructure.
  • To provide technical support and respond to security vulnerability reports.
  • To monitor, maintain, debug, and secure the infrastructure against automated abuse.
  • To comply with legal obligations and enforce our Terms of Service.

5. How We Share Information

We may share information with the following categories of service providers to operate our business:

  • Payment Processing: Whop (to process checkout and manage recurring subscriptions).
  • Infrastructure and Authentication: Supabase (for database hosting, edge functions, and user authentication management) and Privy, Inc. (for wallet key management in Trusted Execution Environments for web trading).
  • Telemetry and Log Management: Better Stack (to aggregate and securely store server logs, monitor system health, and debug issues within the United States).
  • Intake and Communications: Typeform (for Enterprise lead intake) and our transactional email providers.
  • Community Platforms: Discord and Telegram (for community engagement and support).
  • Blockchain Infrastructure: RPC nodes and public Solana endpoints used to resolve on-chain data. When you submit transactions, public blockchain networks may expose wallet addresses and transaction hashes.
  • Decentralized Exchange Aggregators: When you use the swap service, your swap parameters (token identifiers, amounts, and wallet public key) are transmitted to third-party decentralized exchange aggregators to obtain quotes and construct swap transactions.
  • Legal and Safety: We may disclose information to comply with the law, protect users, prevent fraud, and defend our rights.

No Sale of Personal Data. We do not sell your personal information. Furthermore, we do not sell your API usage or trading data to data brokers, nor do we use this data for targeted advertising.

6. Data Retention

We retain your account and billing information for as long as your account is active or as needed to provide the Services, resolve disputes, and comply with legal obligations. Server logs, error traces, and telemetry are routinely cycled or anonymized in accordance with our operational security practices.

7. Your Choices and Rights

  • Account Management: You may update your authentication methods, manage your subscriptions, and regenerate your API keys directly from the app.lasersell.io dashboard.
  • Wallet Control: You may export your Privy wallet private key at any time through Privy's secure interface. You may remove imported wallets from the dashboard, which permanently deletes the key from Privy's TEE. For embedded wallet deletion, contact support.
  • Web Trading: You may start and stop web trading sessions at any time via the dashboard. Stopping a session immediately ceases all automated trade execution and position monitoring.
  • Referral Program: Participation in the referral program is voluntary. You may view your earnings and referral relationships in the dashboard. Referral usernames, once claimed, cannot be changed.
  • Push Notifications: You may revoke push notification permissions at any time through your browser settings. You may also remove your push subscription from the dashboard.
  • Access and Deletion: You may request access to, correction of, or deletion of your personal information by contacting support@lasersell.io.
  • Communications: We may send transactional notices regarding your subscription, trade executions, or security updates.

8. Security and Vulnerability Reporting

We implement robust administrative, technical, and organizational measures—including API key encryption and strict session management—to protect your data. However, no internet transmission is entirely secure.

If you are a security researcher and have found a vulnerability, please report it to security@lasersell.io. You can find our public PGP key for secure, encrypted communications at www.lasersell.io/lasersell-pgp-key.asc.

9. International Transfers

If you access our Services from outside the United States, your information may be transferred to, stored, and processed in the United States or other jurisdictions where our service providers operate, which may have different data protection laws than your home country.

10. Children’s Privacy

The Services are strictly intended for users 18 years of age and older. We do not knowingly collect personal information from children.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time as we release new features or change our business practices. We will notify you of any material changes by updating the “Last updated” date at the top of this policy or via an in-app notice.

12. Contact

If you have questions about this Privacy Policy, please contact us at support@lasersell.io.