Skip to main content

1. Comprehensive Introduction and Scope

Welcome to Lemon Markets. This Privacy Policy (“Policy”) is a comprehensive governance document that details the exhaustive standards and protocols regarding the management, processing, and safeguarding of information in connection with your use of the Lemon Markets protocol, the primary interface (https://lemonmarkets.finance), and the broader ecosystem of associated services (collectively, the “Services”). In the spirit of absolute transparency and decentralized ethics, this Policy serves as a binding declaration of our information-handling practices. We recognize that in the rapidly evolving landscape of Web3 and Decentralized Finance (DeFi), traditional privacy paradigms are often insufficient. Therefore, we have meticulously crafted this document to address the unique intersection of privacy, transparency, and immutability inherent in the Base blockchain. This Policy applies to all users of the Services, regardless of the method of access. Whether you are a casual trader, a liquidity provider, a developer using our APIs, or a bot interacting directly with our smart contracts, the principles outlined here govern your interactions. By accessing, browsing, or interacting with our Services in any capacity, whether through our primary interface, an API, or directly via smart contracts, you explicitly acknowledge and agree to the exhaustive practices outlined herein.

2. Our Decentralized Privacy Philosophy: A Deep Dive

Lemon Markets is fundamentally engineered as a decentralized, non-custody-oriented perpetual exchange. Our architecture is predicated on the following privacy-centric pillars:

2.1 Radical Data Minimization (The Zero-Knowledge Ideal)

We operate on the principle of “privacy by default.” We do not collect information that we do not strictly require for the functional operation of the interface or the protocol. Unlike centralized exchanges (CEXs), we do not maintain a central database of user identities, social security numbers, or real-world names. Our backend is designed to be as “blind” as possible to the individual identity of its users.

2.2 Self-Sovereign Identity and Pseudonymity

We believe that your identity should remain under your control. By utilizing cryptographic wallet addresses instead of usernames or email addresses, we ensure that your interaction with the protocol remains pseudonymized. While your activity is public, it is not linked to your legal identity unless you choose to make that connection yourself through external means.

2.3 Immutable Transparency vs. Private Sovereignty

The use of the Base blockchain ensures that all protocol-level interactions are transparent and verifiable. This provides a level of integrity that exceeds traditional financial transparency. However, we acknowledge the friction this creates with individual privacy. This Policy serves to educate users on this balance, helping you maintain your private sovereignty while utilizing a public ledger.

3. Exhaustive Definitions and Interpretations

To ensure absolute clarity and avoid any potential for misinterpretation, the following terms are used throughout this Policy with specific meanings:
  • Interface: Refers to the web-based graphical user interface, including all subdomains, hosted assets, and frontend codebases that allow users to interact with the Lemon Markets Protocol.
  • Protocol: Refers to the decentralized set of smart contracts, liquidity pools, and autonomous logic deployed on the Base blockchain (and any future supported networks) that facilitate perpetual trading.
  • On-chain Data: Any information that is permanently committed to the blockchain, including transaction hashes, block numbers, and state changes. This data is the source of truth for the protocol.
  • Off-chain Data: Any information that exists outside the blockchain, such as server logs, cached files, or local storage items on a user’s device.
  • User: Any entity (human or automated) that interacts with the Services.
  • Base: The Ethereum Layer 2 scaling solution developed by Coinbase, where the primary Lemon Markets infrastructure resides.
  • Smart Contract: Self-executing code that resides on the blockchain and governs the rules of the Protocol.
  • Liquidity Provider (LP): A user who deposits assets into the Protocol’s pools to facilitate trading and earn rewards.
  • Slippage: The difference between the expected price of a trade and the price at which the trade is executed.
  • RPC (Remote Procedure Call): The communication protocol used to send data to and from the blockchain.
  • DAO (Decentralized Autonomous Organization): The community-led governance structure that oversees the long-term evolution of the Protocol.
  • Web3: The decentralized web, built on blockchain technology.
  • Frontrun: The practice of anticipating a future transaction on the blockchain and placing a transaction ahead of it to profit from the price change.

4. Comprehensive Categorization of Information We Do NOT Collect

To provide absolute peace of mind, Lemon Markets categorically declares that it does NOT collect, store, or process the following categories of information. If anyone claiming to represent Lemon Markets asks for this information, they are scammers.
  • Legal Names: No first, middle, or last names.
  • Birth Records: No dates of birth or places of birth.
  • Government IDs: No driver’s licenses, passports, or national ID cards.
  • Photographic Records: No selfies or ID photos for KYC.

4.2 Contact and Communication Channels

  • Email Addresses: We do not require or store your email address for account creation.
  • Phone Numbers: No SMS verification or mobile tracking.
  • Physical Addresses: No home, office, or billing addresses.

4.3 Financial and Banking Data

  • Bank Accounts: No links to traditional bank accounts or routing numbers.
  • Credit/Debit Cards: No card numbers, CVVs, or expiry dates.
  • Tax IDs: No Social Security numbers or VAT identifiers.

4.4 Sensitive and Biometric Data

  • Biometrics: No fingerprints, facial scans, or voice recordings.
  • Sensitive Beliefs: No data on political, religious, or philosophical leanings.

4.5 CRITICAL: Private Keys and Recovery Phrases

  • WE NEVER HAVE ACCESS TO YOUR PRIVATE KEYS.
  • WE NEVER HAVE ACCESS TO YOUR SEED PHRASES.
  • If you lose these, we cannot recover your funds. We have zero visibility into this data as it never leaves your local wallet software.

5. Detailed Breakdown of Information We Process

Despite our commitment to minimization, certain data is essential for the technical operation of the Services. This data is categorized into three primary streams:

5.1 On-chain Information (Public, Permanent, and Immutable)

When you trigger any function within the Protocol, the following data is captured by the Base blockchain network:
  • Cryptographic Wallet Address: Your public 0x... identifier. This is your primary identity in the DeFi world.
  • Transactional Metadata: The precise timing of the transaction (block time), the gas fees paid, and the nonce (transaction count).
  • Execution Data: The specific smart contract functions called (e.g., depositVault, executeTrade).
  • Asset Interactions: The specific tokens (e.g., lmUSD, USDC, ETH, BTC) and the precise amounts (to 18 decimal places) involved.
  • Position Metrics: Your leverage ratios, entry/exit prices, liquidation thresholds, and cumulative realized/unrealized PnL.
  • Referral Data: If you used a referral link, the association between addresses may be recorded on-chain.

5.2 Technical Interface Logs (Temporary and Security-Oriented)

When you access the Interface via a web browser, our infrastructure providers (like KubeSmith and Cloudflare) may log:
  • IP Address: Processed for the sole purpose of DDoS mitigation and verifying compliance with geographic restrictions.
  • Browser Fingerprinting Data: User Agent strings, screen resolution, and OS version (to ensure the UI renders correctly).
  • Referrer Strings: Tracking which website or social media platform directed you to Lemon Markets.
  • Request Latency: How long it takes for our interface to respond to your browser.

5.3 Pseudonymized Analytics

We use privacy-preserving analytics to understand aggregate behavior:
  • Market Interest: Which trading pairs have the highest view counts.
  • Interface Churn: Where users might be getting stuck in the onboarding flow.
  • Error Logs: Capturing frontend crashes (without personal data) to push hotfixes.

6. Detailed Use of Browser-Based Persistence Technologies

We utilize modern web technologies to ensure that your trading experience is smooth and persistent.

6.1 Local Storage (Long-term Local Preferences)

This data is stored solely on your computer and is not transmitted to our servers:
  • Visual Preferences: Dark mode vs. Light mode toggle.
  • Chart Settings: Your indicators, timeframes, and drawing tools on the Candlestick charts.
  • Trading Defaults: Your preferred slippage (e.g., 0.1%, 0.5%, 1.0%), default leverage, and One-Click Trading settings.
  • Market Favorites: Market pairs you have starred for quick access.
  • Hide Small Balances: A toggle to declutter your portfolio view.
  • Connection History: A list of recently connected wallet providers (for UI convenience).

6.2 Session Storage (Temporary Session Data)

This data is cleared as soon as you close your browser tab:
  • Form State: Partial inputs in the order form.
  • Tab History: Which sub-pages you visited during this specific session.
  • API Cache: Temporary local cache of asset prices and market metadata to reduce network calls.

6.3 IndexedDB (Advanced Data Caching)

For performance optimization, we may cache certain non-sensitive data:
  • Historical Price Data: Caching previous candle data to speed up chart loading.
  • Icon Sets: Local caching of token logos.
  • Big Data Sets: Caching large lists (like all available trading pairs) to reduce initial load time.

7. How We Utilize the Information We Process

The limited data we have access to is used exclusively for the following purposes:
  1. Facilitating Protocol Interactions: Converting your clicks into blockchain-ready transactions.
  2. Maintaining Interface Integrity: Monitoring for bugs, lag, or broken links.
  3. Security and Abuse Prevention: Identifying and blocking malicious actors attempting to perform Flash Loan attacks or manipulate the Interface.
  4. Geographic Compliance: Enforcing blocks on restricted jurisdictions to ensure the Protocol remains sustainable and legally compliant globally.
  5. Community Transparency: Generating aggregate volume and TVL (Total Value Locked) reports for the Lemon Markets community.
  6. Optimizing User Experience: Adjusting the UI based on aggregate device and browser trends.
  7. Protocol Evolution: Analyzing aggregate trading volume to decide which new markets to list next.

8. Third-Party Infrastructure: The Tech Stack Disclosures

Lemon Markets is a composition of various decentralized and centralized infrastructure pieces. Each has its own privacy implications.

8.1 Remote Procedure Call (RPC) Layer

Your wallet communicates with the blockchain via RPC nodes.
  • Default Providers: We may provide default RPCs (e.g., Alchemy, QuickNode). These providers see your IP address and your wallet’s requests.
  • Public RPCs: Free public RPCs often have lower privacy standards.
  • Privacy Tip: You can always set a custom RPC in your wallet settings to use a provider that guarantees higher levels of privacy.

8.2 Frontend Deployment & Hosting

  • KubeSmith: We use KubeSmith for high-speed global delivery. They collect standard server logs for security and performance monitoring.
  • Cloudflare: Used for DNS management and protection against cyber-attacks.

8.3 Data Indexing Services

  • The Graph / Subgraphs: Used to index on-chain data so it can be viewed quickly in the Interface (e.g., your trade history). This service only processes data that is already public on the blockchain.

8.4 Analytics Platforms

  • Privacy-First Analytics: We may use tools that obfuscate IP addresses and do not use tracking cookies (e.g., Plausible or Matomo).

9. Information Sharing: Explicit Prohibitions

WE DO NOT SELL YOUR DATA. WE DO NOT MONETIZE YOUR PRIVACY. Lemon Markets has no data sales department. We do not share your information with:
  • Advertising networks.
  • Data brokers.
  • External marketing agencies.
  • Hedge funds or other trading entities.

9.1 Exceptional Circumstances

We would only share information if:
  • Legally Compelled: We receive a valid, enforceable legal order from a jurisdiction with actual authority.
  • Life and Safety: To prevent imminent physical harm or a catastrophic technical exploit of the Protocol.
  • Asset Transfer: If the development of the Interface is handed over to a new entity (e.g., the Lemon DAO), your data remains protected under the same principles.

10. The Blockchain Immutability Reality Check

Users must be fully aware of the technical nature of blockchain interactions:
  • No Delete Button: Once you sign a transaction, it is written into the history of the Base blockchain forever.
  • Public Traceability: While your name is not on-chain, anyone with your wallet address can see every trade you’ve ever made on the protocol.
  • GDPR vs. Blockchain: Traditional Right to Erasure (Article 17) cannot be enforced on a decentralized, immutable ledger. This is a technical limitation, not a policy choice.

11. Advanced Security Measures

We take the security of the Services extremely seriously:
  • Client-Side Processing: Most of the logic of the Interface happens in your own browser, not on our servers.
  • Constant Auditing: Our smart contracts undergo rigorous testing by third-party security firms.
  • Sub-Resource Integrity (SRI): We use SRI hashes to ensure that the code your browser loads hasn’t been tampered with.
  • Safe Multisig: All protocol parameters are controlled via a secure Gnosis Safe multisig.

12. Global Jurisdictional Disclosures

12.1 European Economic Area (EEA) and GDPR

If you are in the EEA, you have certain rights under the General Data Protection Regulation.
  • Data Controller: For on-chain data, no single entity is the controller. For the interface, Lemon Markets acts as the processor of technical logs.
  • Legal Basis: Our processing of technical logs is based on Legitimate Interests (Security and Functionality).

12.2 California (CCPA/CPRA)

  • Notice at Collection: We do not collect personal information.
  • Right to Know: You can see all the data we collect by simply looking at your own wallet’s history on Basescan.
  • Do Not Sell: We do not sell your personal information.

12.3 International Transfers

Your data (technical logs) may be processed in the United States or other locations where our hosting providers operate.

13. Children’s Privacy

The Lemon Markets Protocol is explicitly designed for users 18 years of age or older. We do not knowingly collect or maintain data on children. If we discover such data, we will take immediate steps to purge it from our technical logs.

14. Changes and Evolutions of This Policy

As the DeFi space evolves, so will this Policy.
  • Versioning: Each version of the Policy will be archived and accessible.
  • Update Cycle: We review our privacy practices every quarter.
  • Announcement: Any major change will be broadcasted across our primary social channels and the Discord governance forum.

15. User Empowerment and Privacy Controls

You have the power to control your privacy while using Lemon Markets:
  1. Use a VPN: Encrypt your connection and hide your IP address from infrastructure providers.
  2. Private RPCs: Use an RPC provider that has a strict no-log policy.
  3. Burner Wallets: Use fresh wallet addresses for different trading sessions to prevent long-term tracking.
  4. Browser Extensions: Use extensions that block trackers and scripts.
  5. Manual Purge: Frequently clear your Local Storage and Cookies.

16. Frequently Asked Questions (FAQ)

16.1 Can you see my bank balance?

No. We only see the assets you have linked to your Web3 wallet and interacting with the Protocol.

16.2 Can you block me from my funds?

No. Because the Protocol is decentralized and non-custodial, we have no power to freeze your assets or prevent you from interacting with the smart contracts directly via the blockchain.

16.3 Do you track my location?

We only use your IP address to determine your general country-level location for compliance purposes. We do not track your precise GPS coordinates.

16.4 Is my trading history anonymous?

It is pseudonymous. It is not attached to your name, but it is attached to your wallet address. If your wallet address is linked to your identity elsewhere (e.g., on Twitter or a CEX), your trades can be linked to you.

16.5 What happens if I delete my wallet?

Deleting your wallet software does not delete your on-chain history. Your address and its associated data remain on the blockchain forever.

17. Security Best Practices for Users

To maximize your privacy and security while using Lemon Markets, we recommend the following:
  • Check the URL: Always ensure you are on https://lemonmarkets.finance to avoid phishing attacks.
  • Use Official Wallets: Stick to reputable wallet providers like MetaMask, Rainbow, or Coinbase Wallet.
  • Revoke Permissions: Periodically use tools like Revoke.cash to clean up any unused smart contract approvals.
  • Hardware Wallets: For high-value trading, use a hardware wallet (e.g., Ledger, Trezor) to store your keys offline.
  • Social Media Caution: Never share your wallet address or trade history in public forums if you wish to remain anonymous.
  • Browser Isolation: Consider using a dedicated browser or profile for trading that has no social media or personal accounts logged in.
  • Two-Factor Authentication (2FA): While we don’t have accounts, many centralized exchanges and wallet providers offer 2FA. Use it wherever possible.

18. Community Governance and Privacy Oversight

As Lemon Markets moves toward full DAO (Decentralized Autonomous Organization) governance, privacy standards will be part of the community’s legislative responsibility.
  • Governance Proposals: Users holding governance tokens may propose changes to this Privacy Policy.
  • Transparency Reports: The DAO may commission third-party privacy audits to ensure the Interface remains as private as possible.
  • Support Channels: Our Discord-based support system is designed to minimize data retention. Support tickets are purged after successful resolution.
  • DAO Artifacts: All governance decisions, including those affecting privacy, are documented in our public GitHub repository.

19. Transparency Manifest: Our Commitment to the Community

We commit to the following principles of transparency:
  1. Open Source Protocol: Our core smart contracts will always be open for public inspection.
  2. Audit Reveal: We will never hide a critical audit finding; we will fix it and disclose it.
  3. Revenue Transparency: Protocol fees and their distribution will be visible on-chain.
  4. No Backdoors: We will never implement features that allow us to bypass user privacy or protocol rules.

20. Technical Appendix: Data Processing Map

Data TypeStorage LocationRetention PeriodSensitivity
Wallet AddressBase BlockchainPermanentLow (Public)
Transaction HashBase BlockchainPermanentLow (Public)
IP AddressInfrastructure Logs30-90 DaysMedium
Theme SettingsBrowser Local StorageUser-DeletedLow
Slippage ContextBrowser Local StorageUser-DeletedLow
RPC ActivityRPC Provider LogsVariable (3rd Party)Medium
Referral CodeBrowser Local StorageUser-DeletedLow

21. Contact and Formal Communications

For administrative questions regarding this Policy, or to report a privacy-related concern:
Last Updated: January 22, 2026 Document ID: LM-PRIVACY-EXHAUSTIVE-2026-001 Version: 5.0.0 (The Ultimate Definitive Edition)

Glossary of Technical Terms

  1. Amm (Automated Market Maker): A type of decentralized exchange protocol that relies on a mathematical formula to price assets.
  2. DApp (Decentralized Application): An application that runs on a distributed computing system.
  3. ERC-20: A technical standard for fungible tokens on the Ethereum blockchain and its Layer 2s like Base.
  4. Gas Fee: The cost paid to the network to process a transaction.
  5. Index Price: The real-time aggregate price of an asset across multiple exchanges.
  6. Layer 2 (L2): A secondary framework or protocol built on top of an existing blockchain (Layer 1, like Ethereum) to improve scalability and speed.
  7. Oracle: A service that provides real-world data (like asset prices) to a blockchain.
  8. PnL (Profit and Loss): The net gain or loss from a trading position.
  9. Slippage: The difference between the expected price of a trade and the actual price.
  10. TVL (Total Value Locked): The total amount of assets currently held within the Protocol’s smart contracts.
  11. Waitlist/Whitelist: A list of addresses permitted to access certain early-stage or restricted features.
  12. Yield Farming: The practice of staking or lending crypto assets in order to generate high returns or rewards in the form of additional cryptocurrency.
  13. Zero-Knowledge (ZK): A cryptographic method that allows one party to prove to another that they know a value, without conveying any information apart from the fact that they know the value.
  14. Bridge: A tool that allows you to move assets between different blockchain networks.
  15. Nonce: A number used once to prevent transaction replay attacks in Ethereum-style networks.
  16. Gwei: A small unit of Ethereum used to measure gas prices.
  17. Mainnet: The primary production blockchain network.
  18. Testnet: A secondary network used for testing code before deployment to Mainnet.
  19. Snapshot: A governance tool used to record the state of a blockchain at a specific block for voting purposes.
  20. Stablecoin: A cryptocurrency pegged to a stable asset, like the US Dollar (e.g., USDC, lmUSD).
  21. Custody: The legal right or duty to care for something. In crypto, non-custodial means you hold your own assets.
  22. Decentralization: The transfer of control and decision-making from a centralized entity (individual, organization, or group) to a distributed network.
  23. Distributed Ledger: A consensus of replicated, shared, and synchronized digital data geographically spread across multiple sites, countries, or institutions.
  24. Encryption: The process of encoding information so that only authorized parties can access it.
  25. Hashed Data: Data that has been converted into a unique string of characters for security and verification purposes.
  26. Immutability: The inability to be changed or deleted once recorded on the blockchain.
  27. Off-chain: Transactions or data processing that happens outside of the blockchain network.
  28. On-chain: Transactions or data processing that happens directly on the blockchain network.
  29. Private Key: A secret sequence of numbers and letters used to authorize transactions from a wallet.
  30. Public Key: A cryptographic key that can be shared with anyone and is used to identify a wallet on the network.
  31. Seed Phrase: A series of words that acts as a master key to a cryptocurrency wallet.
  32. Sybil Attack: A type of security threat where one person creates multiple accounts or nodes to gain disproportionate influence.
  33. Validating Node: A computer on the network that verifies transactions and adds them to the blockchain.
  34. Vault: A smart contract used to securely store and manage assets.
  35. Web Socket: A communication protocol that provides full-duplex communication channels over a single TCP connection, often used for real-time price updates.