Privacy Policy

1) Scope & Relationship to the Terms

This Privacy Policy explains how we collect, use, disclose, and protect information in the Service. By using the Service, you agree to this Policy and our Terms of Service.

2) What We Collect

We collect information in three ways: (A) you provide it, (B) we collect it automatically, and (C) we obtain it from third parties.

A) Information you provide

• Waitlist & referrals (Prefinery): email address; consent; optional name; referral link data; anti-fraud signals (e.g., duplicate sign-ups).
• Account & profile (app): email, password (hashed), state or ZIP (optional), preferences (e.g., watchlist, notification settings).
• Support & surveys: messages, feature requests, bug reports, survey answers.
• Billing (Stripe): name, email, billing address, last4/brand/expiry of card via Stripe (we don’t see full card numbers).
• Consent records: timestamps and IP related to opt-in/out, ToS acceptance.

B) Information collected automatically

• Device & log data: IP address, approximate region/country, user-agent, device type, browser, OS, referrer, pages viewed, timestamps.
• US-only gate signals: IP-based geolocation country code, WAF challenge/allow/deny results, VPN/proxy flags.
• Session/usage metrics: feature clicks (e.g., toggles All/Stocks/Crypto), score views, time on page, error telemetry, rate-limit events.
• Cookies & similar tech:
  • Strictly necessary: session/auth, CSRF, WAF/edge cache, referral attribution.
  • Analytics (optional, requires consent): We use Google Analytics (GA4) and PostHog with IP anonymization enabled. This collects aggregated page views, events, and conversion funnels to help us improve the Service. These services use cookies and similar technologies. You can opt out via our cookie preferences.
  • No third-party ad pixels at launch. If we add them later, we’ll update this Policy and provide an opt-out.

C) Information from third parties

• Payment processor (Stripe): payment status, fraud screening results, subscription state.
• Waitlist/referrals (Prefinery): referral counts, rank, unique invite code usage, anti-fraud scoring.
• Infrastructure & security (Cloudflare): IP reputation, bot score, threat intel, edge logs.
• Market & crypto data (vendors such as Polygon and CoinGecko): quotes, OHLCV, metadata; not your brokerage/exchange data.
• Public social-signal sources (e.g., Reddit/X aggregations): public counts/velocity/trends only; we do not connect to or store your personal social-media accounts.

3) How We Use Information (Purposes)

We use information to:

• Provide and operate the Service (auth, sessions, dashboards, paywall, trials).
• Compute analytics (scores, badges, explanations) from vendor/public data.
• Enforce US-only access and protect against abuse (WAF, IP geofence, rate limits, anti-fraud).
• Process payments & subscriptions (Stripe).
• Run the waitlist & referral program (unique links, leaderboards, anti-fraud via Prefinery).
• Measure performance and improve the product (aggregated analytics, A/B tests).
• Communicate with you (transactional emails, product updates, build-in-public milestones; you can opt out of marketing).
• Comply with law, taxation, accounting, and to assert or defend legal claims.

We do not sell, broker, or share your personal information for cross-context behavioral advertising. If that changes, we will update this Policy and provide required opt-outs.

4) Our Legal Basis (transparency)

While we are US-only, we explain our bases in GDPR-style terms for clarity:

• Contractual necessity: running your account, providing the Service/trial, processing payments.
• Legitimate interests: security, fraud prevention, US-only enforcement, product analytics, improving features.
• Consent: marketing emails, optional cookies/analytics where applicable.
• Legal obligations: tax/financial recordkeeping, responding to lawful requests.

5) How We Share Information

We share information with service providers/processors under contracts that limit their use to our instructions:

• Framer (site/hosting for LP), Cloudflare (WAF, CDN, IP geofence), Prefinery (waitlist/referrals), Stripe (payments), Google (Google Analytics for website analytics), PostHog (product analytics).
• Professional advisors (legal, accounting, compliance) under confidentiality.
• Law enforcement or regulators when required by law or to protect rights/safety.
• Business transfers: if we explore or complete a merger, acquisition, or asset sale, data may be transferred under this Policy.

6) Cookies & Controls

• Required cookies: auth session, CSRF, WAF, referral attribution.
• Analytics cookies: optional and privacy-respecting if/when enabled; we’ll present a banner/setting if required.
• Do Not Track (DNT): there’s no industry consensus; we treat DNT as a preference but may not respond to it.

7) US-Only Access; International Visitors

The Service is offered only in the United States. We use IP geolocation, WAF rules, and payment checks to restrict access. If you are outside the U.S., do not use the Service.

8) Data Retention

9) Your Choices & Rights

• Access/Export: request a copy of your personal information.
• Correction: update inaccurate information.
• Deletion: delete your account and personal information (subject to lawful exceptions).
• Marketing opt-out: unsubscribe from non-transactional emails any time.

10) Security

We use reasonable administrative, technical, and physical safeguards, including encryption in transit (HTTPS), hashed passwords, and Cloudflare WAF.

11) Children’s Privacy

The Service is for adults (18+) and is not directed to children. We do not knowingly collect information from anyone under 13.

12) Automated Decision-Making & Profiling

Our product uses automated scoring models to classify assets (not people). We do not make automated decisions about you that produce legal effects.

13) How to Contact Us

Email: [email protected] (privacy requests) • [email protected] (general)