Last updated: April 28, 2026

Privacy policy

DarkOdds is a testnet-only hackathon submission running on Arbitrum Sepolia. This document describes what data the application collects and what it does not. Plain English only — no dark patterns, no adtech.

What we don't collect

We don't collect personal information. There is no account creation, no email capture, no analytics tracker, no cookies for advertising, no fingerprinting, no third-party pixels. We don't sell or share data with anyone because we don't have data to sell or share.

What is public on-chain by nature

Wallet addresses, market addresses, transaction hashes, oracle resolutions, and the published plaintext pool totals (after each 60-second batch) are public on Arbitrum Sepolia. This is the nature of public blockchains — anyone can read the chain. DarkOdds does not control or modify what is recorded on-chain.

What stays private

Your individual bet size, your encrypted cUSDC balance, and your settled payout amount remain encrypted on iExec Nox until you choose to disclose them via a selective-disclosure attestation. The privacy guarantee is enforced by an Intel TDX trusted execution environment combined with on-chain ACL — see the "How does the privacy actually work?" FAQ on the homepage for the technical detail.

Third-party services

We use Privy for wallet authentication. When you connect a wallet, your auth flow is handled by Privy under their privacy policy at privy.io/privacy. We use ChainGPT's API on the server side when you submit a market description on /create — your prompt is sent to ChainGPT for parameter extraction and is not retained by DarkOdds beyond the request lifecycle.

Server-side state

Our /api/admin/deploy-market route maintains an in-memory per-IP rate-limit counter (1 sponsored deploy per IP per 60 seconds). This counter is not persisted anywhere — it lives in process memory and is reset on every server restart. Our /api/attestation/generate route reads claim transaction receipts from Arbitrum Sepolia and signs an attestation server-side; the request body and response are not logged or stored.

Local storage

The app stores your theme preference (light/dark) in localStorage under the key darkodds-theme. The Nox SDK caches authorization material in localStorage for 1 hour to avoid re-prompting for signatures on every decrypt — this material is scoped to your wallet and the Nox protocol contract address. Nothing else is persisted client-side.

Children

DarkOdds is not directed at users under 18 and we make no effort to identify children. Don't use this if you're a child.

Changes

We may update this policy as the protocol evolves. The "Last updated" timestamp at the top will reflect any change. Substantive changes will be announced via the project README on GitHub.

Contact

DarkOdds is built by Tim (winsznx) for the iExec Vibe Coding Challenge × ChainGPT, DoraHacks. For anything privacy-related: open an issue at github.com/winsznx/darkodds/issues.