Privacy Policy

1. Information we collect

We collect only what is necessary to operate the platform:

• Account data — email address, hashed authentication credentials, and account preferences provided during sign-up.
• Subscription data — plan tier, billing status, and payment metadata returned by our payment processor (we do not see or store full card numbers).
• Usage telemetry — page views, feature usage, error logs, and aggregate performance metrics used to operate and improve the service.
• Technical data — IP address, browser user agent, device type, and similar identifiers received automatically by our servers.
• Disclaimer acknowledgement — a timestamp recording your acceptance of the on-boarding disclaimer.

We do not knowingly collect data from children under the age of 18 and the platform is not directed to them.

2. How we use it

• to authenticate you and operate your account;
• to provide, maintain, and improve the platform;
• to process subscriptions through our payment processor;
• to detect and prevent abuse, fraud, and unauthorised access;
• to comply with legal obligations.

3. Cookies and similar technologies

We use a small number of first-party cookies and equivalent browser storage to keep you signed in, remember your theme preference, and store your disclaimer acknowledgement. We may use privacy-respecting analytics to understand aggregate usage. We do not sell your personal information.

4. Third-party services

We rely on a limited set of third-party processors to operate the platform:

• Authentication and database — Supabase.
• Payments — Stripe (subject to Stripe's privacy policy).
• Hosting and edge delivery — Vercel.
• Analytics and error monitoring — privacy-respecting providers selected to minimise data sharing.
• Public market data — Polymarket and Kalshi public endpoints (no personal data sent).

Each processor handles your data only as instructed and under its own privacy terms.

5. Data retention

We retain account data for the lifetime of your account and for a reasonable period thereafter to comply with legal, tax, and accounting obligations. Telemetry and logs are retained for shorter operational windows. You may request deletion at any time.

6. Your rights

Subject to applicable law, you have the right to:

• access the personal data we hold about you;
• correct inaccurate or incomplete data;
• request deletion of your data;
• restrict or object to certain processing;
• request portability of your data;
• withdraw consent where processing is based on consent;
• lodge a complaint with your local data-protection authority.

We aim to respond to verified requests within 30 days. Where the GDPR, UK GDPR, CCPA, or another regional law applies, your statutory rights are preserved.

7. International transfers

Our processors may store and process data outside your country of residence. Where required, we rely on standard contractual clauses or equivalent safeguards.

8. Security

We use commercially reasonable technical and organisational measures to protect your data, including encryption in transit, access controls, and audit logging. No system is perfectly secure; you use the platform at your own risk.

9. Changes to this policy

We may update this policy from time to time. The effective date at the top of this page will be revised. Material changes will be communicated through the platform.

10. Contact

For privacy questions or to exercise your rights, visit our contact page.