METENGINE
Privacy Policy of MetEngine Extension
Effective Date: February 20, 2026
Last Updated: February 20, 2026
Version: 1.0
1. Introduction
MetEngine and its affiliates (together, “MetEngine”, “we”, “us” or “our”) respect your privacy and are committed to protecting your personal data. This Privacy Policy explains how we collect, store, process, and transmit information when you use the MetEngine browser extension (the “Extension”).
This Privacy Policy is incorporated by reference into our Terms of Use. By installing or using the Extension, you agree to the terms of this Privacy Policy. If you do not agree, please do not install or use the Extension.
Table of Contents
- 1. Introduction
- 2. Important Information and Who We Are
- 3. Summary of Data Collection
- 4. What We Collect
- 5. What We Do NOT Collect
- 6. How We Use Your Data
- 7. Data Transmission
- 8. Data Storage and Security
- 9. Permission Usage
- 10. Data Sharing
- 11. Your Rights
- 12. Children's Privacy
- 13. International Transfers
- 14. Changes to This Policy
- 15. Cookies and Similar Technologies
- 16. Third-Party Links
- 17. Additional Info for U.S. Residents
- 18. Additional Info for EU/UK Residents
- 19. Purposes and Legal Bases for Processing
- 19. Your Legal Rights
- 20. Glossary
- 21. Contact
- 22. Changelog
2. Important Information and Who We Are
Purpose. This policy explains how MetEngine collects and processes your data through your use of the MetEngine browser extension.
Controller. MetEngine Labs is the controller responsible for your personal data.
Contact Details:
- Email: hello@metengine.xyz
- Website: https://metengine.xyz
Changes to this policy. We may modify this policy at any time. Material changes will be communicated via the Extension side panel. The “Last Updated” date at the top of this page reflects the date of the most recent revision. Continued use of the Extension after changes are posted constitutes acceptance of the revised policy.
3. Summary of Data Collection
The table below provides a concise overview of what data the Extension collects, for what purpose, and whether it is transmitted to external servers.
| Data Type | Collected | Purpose | Transmitted Externally |
|---|---|---|---|
| Solana wallet address (your own) | Yes — upon sign-in | Authentication and session binding | Yes — to MetEngine servers |
| JWT access token | Yes — issued after sign-in | Authenticate all API requests | Yes — as a Bearer header with each request |
| Subscription tier | Yes — stored locally | Determine which features are accessible | No — received from server, stored locally |
| Pool addresses on Meteora | Yes | Fetch LP positions and analytics for that pool | Yes — to MetEngine servers and Meteora's public API |
| Market condition IDs on Polymarket | Yes | Fetch smart money flow data for that market | Yes — to MetEngine servers |
| Wallet addresses displayed on Polymarket profiles | Yes, when profile features are active | Fetch position data for the profile you are viewing | Yes — to Polymarket's public data API only |
| User-saved watch wallet addresses | Yes, only if Watch feature is used | Receive real-time trade notifications for those wallets | Yes — to MetEngine servers |
| Asset symbols on Hyperliquid | Yes, only for perps subscription tier | Receive trading pressure and position data for that asset | Yes — to MetEngine servers |
| Private keys or seed phrases | No | — | — |
| Browsing history | No | — | — |
| Personal identification | No | — | — |
4. What We Collect
4.1 Authentication Data
The Extension authenticates users via a wallet-based sign-in flow. No invite codes, passwords, or device fingerprints are collected or used.
| Data | What It Is | Why We Collect It |
|---|---|---|
| Solana Wallet Address | Your public wallet address (e.g., HN7cABqLq46Es1jh92dQQisAq662SmxELLLsHHe4YWrH) | Identify your account and retrieve your subscription status |
| JWT Access Token | A time-limited cryptographic token issued after wallet sign-in | Authenticate all subsequent API requests to MetEngine servers without re-signing |
| Subscription Tier | A string indicating your plan (e.g., free, perps, market_making, prediction_market, all) | Control which analytics features are rendered in the Extension |
| Referral Code | Optional referral identifier, if applicable | Track referral attribution at account creation |
Sign-in flow:
Authentication is completed on app.metengine.xyz in a new browser tab. The Extension opens this page, where your Solana wallet signs a message to prove ownership. The resulting JWT is returned to the Extension and stored locally. The Extension does not receive your private key at any point. The raw wallet signature is processed server-side and is not stored by the Extension.
No device fingerprinting:
The Extension does not collect, compute, or transmit any device fingerprint or hardware-derived identifier. Authentication is bound solely to your wallet address.
4.2 Platform Data (Functional Collection)
The Extension operates on three supported platforms. Data collected is strictly limited to the identifiers necessary to deliver analytics for the specific content you are actively viewing.
Meteora (meteora.ag) — Active
| Data | Example | Why Collected | Sent To |
|---|---|---|---|
| Pool address (from page URL) | 5yuefgb... | Fetch LP holder positions and active bin data for the pool you are viewing | api.metengine.xyz |
| Pool address | 5yuefgb... | Fetch public pool pair data (fee APR, price range) | dlmm-api.meteora.ag |
| DCA pressure data request | (no user data sent) | Display market-wide DCA pressure statistics | dca.metengine.xyz |
| Smart wallet pool request | (no user data sent) | Display pools where smart wallets are active | api.metengine.xyz |
The pool address is extracted directly from the page URL (e.g., /dlmm/[poolAddress]). No data from Meteora pages is collected beyond the pool address present in the URL. The dlmm-api.meteora.ag request is a call to Meteora's own publicly accessible API using no authentication.
Polymarket (polymarket.com) — Active
| Data | Example | Why Collected | Sent To |
|---|---|---|---|
| Market condition ID | 0x1234... | Fetch smart money and dumb money flow data for the market you are viewing | extension.metengine.xyz |
| Market slug | will-the-fed-cut-rates | Fetch precise market closing time data | gamma-api.polymarket.com |
| Token IDs for visible markets | [token_id_1, token_id_2] | Fetch live orderbook summaries for the Closing Soon display | clob.polymarket.com |
| Wallet address of a profile you view | 0xabcd... | Fetch that profile's open positions for the “Closing Soon” tab | data-api.polymarket.com |
Important clarifications:
- The Extension only reads identifiers from pages you actively navigate to. It does not monitor pages in the background or record your navigation history.
- Wallet addresses of Polymarket profiles are only transmitted when you navigate to that profile page and the relevant feature is active. The wallet address belongs to the profile you are viewing, not to you personally.
- All calls to Polymarket APIs (gamma-api.polymarket.com, clob.polymarket.com, data-api.polymarket.com) query publicly available data using the same mechanisms as Polymarket's own website.
Hyperliquid (hyperliquid.xyz) — Perps Subscription Tier
Access to Hyperliquid analytics is gated behind the perps subscription tier. The following applies only to users whose subscription includes perpetuals data.
| Data | Example | Why Collected | Sent To |
|---|---|---|---|
| Asset symbol (from the page you are viewing) | BTC, ETH | Fetch smart trader pressure and open-interest data for that asset | perpetuals.metengine.xyz (GraphQL) |
4.3 Watch Wallet Feature (Optional)
The Watch Wallet feature is entirely opt-in. Users who choose to use this feature may add cryptocurrency wallet addresses (belonging to other traders they wish to monitor) to a watchlist stored locally in the Extension. When wallets are added to the watchlist, the Extension:
- Transmits those wallet addresses to MetEngine servers (perpetuals.metengine.xyz for Hyperliquid-platform wallets; extension.metengine.xyz for Polymarket-platform wallets) so the server may subscribe to live trade feeds for those wallets.
- Maintains a persistent Server-Sent Events (SSE) connection to receive real-time trade event notifications for the watched wallets.
- Displays Chrome desktop notifications when a watched wallet executes a trade.
- Caches up to 200 received trade notifications locally in chrome.storage.local with a 24-hour time-to-live.
The wallet addresses you add to your watchlist are addresses of other traders that you have chosen to monitor. They are not your own wallet address. You are not required to use the Watch Wallet feature; disabling it transmits no addresses.
4.4 Local Storage
The Extension uses the Chrome Storage API (chrome.storage.local) to persist the following data on your device:
| Data | Retention | Purpose |
|---|---|---|
| JWT access token | Until expiration or sign-out | Authenticates API requests to MetEngine servers |
| Wallet address | Until sign-out or uninstall | Identifies your account locally |
| Subscription tier | Until sign-out or uninstall | Gates feature access without repeated server lookups |
| Feature settings | Until sign-out or uninstall | Stores your per-feature on/off preferences |
| Watch wallet list | Until manually removed or sign-out | Stores addresses you have chosen to monitor |
| Watch trade notifications | 24-hour TTL; up to 200 entries | Caches received trade alerts for display in the side panel |
The Extension also uses chrome.storage.session to store a temporary purchase session token (pendingPurchaseSession) while a subscription purchase is in progress. This data is ephemeral and is cleared when the browser session ends.
No data is written to chrome.storage.sync or any cloud-backed storage mechanism.
5. What We Do NOT Collect
We explicitly do not collect the following:
- Device fingerprints or hardware-derived identifiers of any kind
- Your private keys, seed phrases, or wallet signing requests (signing occurs externally on app.metengine.xyz)
- Passwords or credentials for any platform
- Browsing history outside the three supported platforms (Meteora, Polymarket, Hyperliquid)
- Keystrokes, mouse movements, scroll behaviour, or click patterns
- GPS or IP-based location data
- Personal identification information (name, email address, phone number)
- Financial data (bank accounts, credit cards, fiat balances)
- Communication content (emails, messages, chat logs)
- Data from websites other than meteora.ag, polymarket.com, and (for perps subscribers) hyperliquid.xyz
6. How We Use Your Data
| Purpose | Data Used | Legal Basis |
|---|---|---|
| Authenticate and authorise Extension access | Wallet address, JWT access token | Performance of contract |
| Deliver analytics on the page you are viewing | Pool address, market condition ID, asset symbol | Performance of contract |
| Deliver Watch Wallet trade notifications | User-selected watch wallet addresses, SSE stream data | Performance of contract |
| Refresh session tokens automatically | Stored JWT and wallet address | Performance of contract |
| Improve service performance | Aggregated, anonymised request logs | Legitimate interest |
We do NOT use your data for:
- Advertising or behavioural marketing
- Sale or transfer to third parties for commercial purposes
- Building individual user profiles for targeting
- Credit assessment, insurance, or lending decisions
- Any purpose unrelated to delivering the MetEngine analytics service
7. Data Transmission
7.1 MetEngine Servers
All data transmitted to MetEngine servers travels over encrypted HTTPS (TLS 1.3) or encrypted Server-Sent Events (HTTPS/SSE) connections.
| Endpoint | Data Transmitted | Purpose |
|---|---|---|
| app.metengine.xyz | Wallet sign-in flow (handled in a separate tab) | Authentication and subscription purchase |
| subscription.metengine.xyz | Purchase session token (for polling during active subscription flow) | Completing subscription purchase; retrieving JWT |
| extension.metengine.xyz | JWT (as Bearer token), market condition ID | Polymarket smart money analytics; Polymarket watchlist subscription |
| api.metengine.xyz | JWT (as Bearer token), pool address | Meteora DLMM positions; bin range analytics |
| dca.metengine.xyz | JWT (as Bearer token) | DCA market pressure data (no page-specific user data) |
| perpetuals.metengine.xyz | JWT (as Bearer token), asset symbol, watch wallet addresses | Hyperliquid analytics (GraphQL); Hyperliquid watchlist SSE stream |
7.2 Third-Party Platform APIs
The Extension communicates with the following third-party APIs to enrich displayed data. These are official, publicly accessible APIs operated by the respective platforms.
| Service | Data Transmitted | Purpose |
|---|---|---|
| gamma-api.polymarket.com | Market slug (from the URL of the page you visit) | Retrieve public market metadata and precise closing times |
| clob.polymarket.com | Token IDs of markets visible on the current page | Retrieve public order book summaries |
| data-api.polymarket.com | Wallet address of the Polymarket profile you are viewing | Retrieve publicly available position data for the Closing Soon feature |
| dlmm-api.meteora.ag | Pool address (from the URL of the page you visit) | Retrieve public pool pair data from Meteora's own API |
We transmit only the minimum data required. We have no control over, and accept no responsibility for, the privacy practices of these third-party platforms. We encourage you to review the respective privacy policies of Polymarket, Meteora, and any other platform you use.
7.3 What We Do NOT Transmit
- Your personal browsing activity outside supported platforms
- Private keys or signing requests of any kind
- Data to advertising networks, analytics companies, or data brokers
- Any data over unencrypted (HTTP) connections in production
- Device hardware identifiers or fingerprints
8. Data Storage and Security
8.1 Local Storage (Your Device)
| Data | Retention | Security |
|---|---|---|
| JWT access token and wallet address | Until sign-out or uninstall | Chrome Storage API (encrypted at rest by the browser) |
| Feature settings and watch wallet list | Until sign-out, manual removal, or uninstall | Chrome Storage API |
| Watch trade notification cache | 24-hour TTL; cleared on sign-out | Automatically purged upon expiry |
| Purchase session token | Browser session only | Chrome session storage; cleared when browser closes |
8.2 Server Storage (MetEngine Infrastructure)
| Data | Retention | Security |
|---|---|---|
| Wallet address (account identifier) | Duration of active subscription plus 90 days | Stored in encrypted database |
| API request logs | 30 days (rolling window) | Logs contain no personally identifiable information beyond wallet address |
8.3 Security Measures
- All transmissions use TLS 1.3 encryption (HTTPS and HTTPS/SSE)
- No device fingerprinting or hardware identifier collection
- No plain-text storage of sensitive data on MetEngine servers
- The Extension manifest declares only the minimum required permissions: storage, tabs, sidePanel, notifications, and scripting, plus explicit host permissions limited to supported platforms and MetEngine API domains
- Content Security Policy is enforced: script-src 'self'; object-src 'self'
- Message passing between background and content scripts enforces an explicit origin allowlist
- Regular internal security reviews are conducted
9. Permission Usage
The following Chrome permissions are declared in the Extension manifest. Each is used for the stated purpose only.
| Permission | Why It Is Required |
|---|---|
| storage | Persist JWT, wallet address, subscription tier, settings, watch wallet list, and notification cache in chrome.storage.local |
| tabs | Open app.metengine.xyz in a new tab to complete wallet-based sign-in and subscription purchase |
| sidePanel | Display the MetEngine analytics panel as a browser side panel (replaces popup model) |
| notifications | Send Chrome desktop notifications when a watched wallet executes a trade (Watch Wallet feature) |
| scripting | Inject price range values into Meteora's React UI for the Smart Fill feature (writes to React synthetic events; does not access any wallet or credential UI) |
10. Data Sharing
We Share Data With:
| Recipient | Data Shared | Purpose |
|---|---|---|
| MetEngine backend infrastructure | JWT access token, platform identifiers (pool address, market ID, asset symbol), watch wallet addresses | Authentication and analytics delivery |
| Polymarket public APIs | Market identifiers, wallet address of profile you view | Data enrichment for Closing Soon and smart money features |
| Meteora public API | Pool address of the pool page you are viewing | Retrieve public pair data from Meteora's own API |
We Do NOT Share Data With:
- Advertisers or marketing platforms
- Data brokers or data aggregators
- Analytics companies for commercial use
- Any third party for purposes unrelated to the MetEngine service
Legal Disclosure
We may disclose data if required by a valid court order, law enforcement request accompanied by proper legal process, or to protect our legal rights. Where legally permitted, we will notify you prior to any such disclosure.
11. Your Rights
11.1 Access Your Local Data
You may inspect all data stored locally by the Extension at any time:
- Open Chrome DevTools (F12)
- Navigate to Application → Storage → Extension Storage
- Select the MetEngine extension
11.2 Delete Your Data
Local data: Sign out from the Extension side panel, or uninstall the Extension. Signing out clears all stored tokens, the wallet address, settings, the watch wallet list, and the notification cache from chrome.storage.local.
Server data: Email hello@metengine.xyz with the subject line “Data Deletion Request” and include your wallet address. We will process your request within 30 days.
11.3 Opt Out
The Extension collects only the minimum data necessary for its core functionality. To cease all data collection, disable or uninstall the Extension.
12. Children's Privacy
The Extension is not intended for use by individuals under the age of 18. We do not knowingly collect personal data from minors. If you believe a minor has used the Extension, please contact us at hello@metengine.xyz.
13. International Transfers
Our servers may be located in jurisdictions outside your country of residence. By using the Extension, you consent to the transfer of your data to such jurisdictions, where applicable data protection laws may differ from those in your own country.
14. Changes to This Policy
We will:
- Update the “Last Updated” date at the top of this page
- Notify users of material changes via the Extension side panel
- Maintain a changelog in Section 22 of this document
Continued use of the Extension following the posting of changes constitutes acceptance of the revised policy.
16. Third-Party Links
The Extension may display links to third-party websites, including blockchain explorers and supported trading platforms. MetEngine is not responsible for the privacy practices of those third parties. We encourage you to review their respective privacy policies before interacting with any third-party service.
17. Additional Information for U.S. Residents
If you reside in California or another U.S. state with applicable privacy legislation, you may have additional rights. MetEngine does not “sell” or “share” personal information as those terms are defined under the California Consumer Privacy Act (CCPA) or similar state laws. MetEngine does not use personal information for “targeted advertising” as defined under applicable U.S. state privacy laws.
18. Additional Information for EU/UK Residents
If you reside in the European Union or the United Kingdom, you have additional rights under the General Data Protection Regulation (GDPR) or UK GDPR. The legal bases for our processing activities are set out in Section 6 of this Policy. You have the right to lodge a complaint with your local data protection supervisory authority.
19. Purposes and Legal Bases for Processing
| Purpose | Data Processed | Legal Basis |
|---|---|---|
| Provide analytics services | Pool addresses, market condition IDs, asset symbols | Performance of contract |
| Authenticate and authorise access | Wallet address, JWT access token | Performance of contract |
| Deliver Watch Wallet notifications | Watch wallet addresses, SSE trade event data | Performance of contract |
| Refresh session tokens | Stored JWT and wallet address | Performance of contract |
| Improve service performance | Aggregated request logs (no PII) | Legitimate interest |
| Respond to support requests | Email correspondence | Legitimate interest |
We will not use your data for purposes materially different from those listed above without providing advance notice and, where required, obtaining your consent.
19. Your Legal Rights
Under applicable data protection laws, you may have the right to:
| Right | Description |
|---|---|
| Access | Request a copy of the personal data we hold about you |
| Correction | Request correction of inaccurate or incomplete data |
| Erasure | Request deletion of your personal data |
| Objection | Object to processing based on our legitimate interests |
| Restriction | Request that we restrict processing of your data |
| Portability | Request transfer of your data in a machine-readable format |
| Withdraw consent | Withdraw any consent you have previously provided |
No fee required. You will not be charged a fee to exercise these rights. We reserve the right to charge a reasonable fee for requests that are manifestly unfounded or excessive.
Response time. We will respond to all legitimate requests within one month. Where requests are complex or numerous, we may extend this period by a further two months and will notify you accordingly.
20. Glossary
| Term | Definition |
|---|---|
| Personal data | Any information relating to an identified or identifiable natural person |
| Controller | The entity that determines the purposes and means of processing personal data |
| JWT (JSON Web Token) | A time-limited cryptographic token that authenticates Extension requests to MetEngine servers |
| SSE (Server-Sent Events) | A one-way server-push protocol over HTTPS used by the Watch Wallet feature to deliver real-time trade notifications |
| Legitimate interest | A processing purpose based on MetEngine's genuine business need, balanced against the rights and interests of the data subject |
| Watch Wallet | An opt-in feature allowing users to monitor other traders' wallet addresses for real-time trade activity |
21. Contact
For any questions, concerns, or requests relating to this Privacy Policy or our data practices:
- General inquiries: hello@metengine.xyz
- Support: https://discord.gg/metengine
- Website: https://metengine.xyz
22. Changelog
| Version | Date | Summary of Changes |
|---|---|---|
| 1.0 | Feb 20, 2026 | Initial release reflecting current feature set: wallet-based PKCE authentication (no device fingerprinting, no invite codes), Watch Wallet feature (SSE-based trade notifications), permissions (tabs, sidePanel, notifications, scripting), API endpoints (perpetuals.metengine.xyz, subscription.metengine.xyz, dlmm-api.meteora.ag), subscription tier model |
MetEngine
Transparent analytics for informed trading.