1. Information We Collect

We collect the following categories of information:

Account information: email address and full name provided at sign-up
Usage data: pages visited, features used, watchlist tickers, filter preferences, and session timestamps
Payment information: billing details processed and stored by Stripe — we do not store card numbers on our servers
Device & log data: IP address, browser type, operating system, and referring URLs collected automatically via server logs

2. How We Use Your Information

We use the information we collect to:

Provide, operate, and improve the Service
Process subscription payments and manage billing
Send transactional emails (email verification, password reset, receipts)
Send catalyst alerts and digest emails when enabled in your account
Respond to support requests and communications
Detect and prevent fraud, abuse, and security incidents
Comply with legal obligations

We do not sell your personal information to third parties.

3. Third-Party Services

We share data with the following third-party service providers as necessary to operate the Service:

Supabase — authentication and database hosting (your account data and watchlist)
Stripe — payment processing and subscription management
Polygon.io — market data, news, and financial indicators (no personal data shared)
Resend — transactional and alert email delivery

Each provider processes data according to their own privacy policies and data processing agreements.

International data transfers: Our service providers (Supabase, Stripe, Resend) may process your data outside of the European Economic Area (EEA). Where such transfers occur, they are governed by Standard Contractual Clauses (SCCs) or other transfer mechanisms approved by the European Commission, as described in each provider's data processing agreement. By using the Service, you acknowledge that your data may be transferred to and processed in countries outside your jurisdiction.

4. Data Retention

We retain your account data for as long as your account is active. If you delete your account, we will delete your personal data within 30 days, except where we are required to retain it for legal or compliance purposes (e.g., billing records retained for 7 years for tax compliance).

5. Security Measures

We implement industry-standard security measures including TLS encryption in transit, bcrypt password hashing, and row-level security on our database. However, no method of transmission or storage is 100% secure. We encourage you to use a strong, unique password and to notify us immediately of any suspected unauthorized access to your account.

6. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

Access: request a copy of the personal data we hold about you
Correction: request correction of inaccurate data
Deletion: request deletion of your account and associated data
Portability: request your data in a structured, machine-readable format
Objection: object to processing of your data for marketing purposes

To exercise any of these rights, contact us at privacy@stockglow.app.

7. Cookies & Analytics

We use essential cookies required for authentication and session management. We do not currently use third-party advertising cookies or behavioral tracking cookies. Server-side analytics may be collected via request logs to understand aggregate usage patterns.

8. Children's Privacy

The Service is not directed to children under 13 years of age. We do not knowingly collect personal information from children under 13. If we become aware that we have inadvertently collected such information, we will promptly delete it.

9. Contact

If you have questions or concerns about this Privacy Policy or our data practices, please contact us at privacy@stockglow.app.