Privacy Policy

We only collect what we need to run the product:

• Account data. Your name and email address when you sign in with Google or via an email magic link. If you use Google, we receive your profile name and avatar URL from Google’s OAuth response.
• Billing data. If you subscribe, Stripe stores your payment method and assigns a customer ID. We store the Stripe customer and subscription IDs, your current tier, and subscription status. We never see or store your card number, CVV, or bank details — those stay with Stripe.
• Newsletter preferences. If you subscribe to the free newsletter, we store your email and delivery preferences (cadence, last sent timestamp, unsubscribe token).
• Usage data. Server request logs (path, status, timing, IP, user agent) for reliability and abuse prevention. Product analytics events (page views, feature interactions) for understanding what’s useful. Error reports (stack traces, browser/OS) when something breaks.
• Cookies. A session cookie to keep you signed in, and a theme-preference cookie. That’s it. No third-party advertising cookies.

• To create and maintain your account and authenticate you.
• To deliver the product: daily positioning reads, the live dashboard, the weekly newsletter, and transactional email (welcome, receipts, password-free sign-in links).
• To process subscriptions, refunds, and cancellations via Stripe.
• To debug errors, measure reliability, and understand which features users actually use so we can make better product decisions.
• To prevent abuse (rate limiting, fraud detection, revoking access for clearly automated misuse).
• To comply with legal obligations when we receive a valid request.

We do not use your data to train machine learning models. We do not sell your data. We do not share your data with advertisers.

Running GammaTrends requires a handful of trusted vendors. Each one receives only the data needed to do its job:

• Google — OAuth sign-in. Receives the consent handshake; returns your profile name, email, and avatar URL.
• Stripe — payment processing and subscription management. Stores your payment method and handles PCI compliance.
• Resend — transactional and newsletter email delivery.
• Railway — hosting, database, and infrastructure. Your account row and session live on Railway’s managed Postgres.
• Sentry — error reporting. Receives stack traces and may include your user ID for correlating a crash to an account.
• PostHog — product analytics. Receives anonymized event data (page views, clicks) keyed to your account.

Each vendor has its own privacy policy that governs what it does with the data it receives.

• Active accounts: we keep your data for as long as your account is open.
• Closed accounts: if you delete your account, we remove personal identifiers within 30 days. We may retain minimal billing records longer when required by tax or accounting law.
• Server logs: retained for 30 days, then rotated out.
• Market data: option-chain snapshots and derived signals are anonymous (no user data attached) and retained for product history.

You can exercise these rights by submitting a request through our contact page:

• Access a copy of the personal data we hold about you.
• Correct inaccurate data.
• Delete your account and associated personal data (subject to the legal retention rules above).
• Export your data in a portable format.
• Withdraw consent or object to processing where we rely on consent or legitimate interest.

We respond to rights requests within 30 days. If you’re in the EU/UK and you’re unhappy with our response, you can complain to your local data protection authority.

We encrypt data in transit (TLS) and at rest (managed Postgres encryption). Access to production is limited to the engineers who need it. We use industry-standard authentication and session management. That said, no system is perfectly secure — if you believe your account has been compromised, contact us immediately through our contact page.

GammaTrends is not directed to anyone under 18. We do not knowingly collect data from children. If you believe a child has created an account, let us know through our contact page and we will remove it.

Our infrastructure runs in regions chosen by our hosting provider. By using the service, you consent to your data being processed in those regions, which may be outside your home country. We apply the same protections regardless of where the data lives.

We may update this policy as the product evolves. Material changes will be announced by email and/or an in-app notice before they take effect. The “Last updated” date at the top of this page will always reflect the most recent version.

Questions, requests, or complaints? Reach us through our contact page. We read every message.