Privacy Policy
What we collect, how we use it, who we share it with, and your rights.
Privacy Policy
Effective date: 2026-05-10
Version: 2026-05-10
Plain English: We collect very little. Email + password to log you in, plus security/audit metadata. No analytics. No advertising. No third-party tracking. We use AES-256 to encrypt secrets and PBKDF2-SHA256 (600,000 iterations) to hash passwords.
1. Who We Are
This Privacy Policy describes how [ENTITY NAME] ("Provider", "we", "us", "our") collects, uses, retains, and shares personal information through the Market Sniper service (the "Service").
If you have any questions, contact:
- Privacy: privacy@[domain]
- Legal: legal@[domain]
- Postal: [ENTITY NAME], Attn: Privacy, [REGISTERED ADDRESS]
2. Personal Information We Collect
We collect the minimum personal information needed to operate the Service. We do not maintain analytics SDKs, advertising pixels, social-media beacons, or cross-origin trackers.
2.1 Information You Provide
| Category | Data | Purpose |
|---|---|---|
| Account credentials | Email address; password (hashed, never stored in plaintext) | Account creation, authentication, recovery |
| Game identity link (optional) | The username, character name, or in-game handle you choose to associate with a supported game | Personalization of in-game data displays |
| Subscription information | Plan code (free / pro / pro+); subscription status | Entitlement enforcement |
| Support correspondence | Contents of any email or message you send to us | Responding to your request |
| Legal acceptances | The fact that you accepted a particular version of a particular legal document | Compliance recordkeeping (see §6) |
2.2 Information Collected Automatically
| Category | Data | Purpose |
|---|---|---|
| Session metadata | Session token (hashed); CSRF token; session creation/expiry timestamps | Authenticated access |
| Session fingerprint | A one-way SHA-256 hash of (User-Agent string, Accept-Language header, screen resolution, timezone offset) — the fingerprint is irreversible; the underlying browser values are not retained | Device-binding for audit integrity (FINRA-aspirational posture) |
| Geolocation (audit-only) | When a privileged operator action or sensitive event is recorded, we resolve the request's IP address to country / region / city via the offline MaxMind GeoLite2 database. The IP and resolved geo are stored on the audit row only, not on your user profile | Security audit, fraud detection, compliance reporting |
| Cookies | See the Cookie Policy for the full list. We use only first-party, strictly-necessary cookies (session and CSRF) and first-party functional storage. We do not set third-party cookies | Authentication; CSRF defense; first-party UI preferences |
2.3 Information We Do NOT Collect
We affirmatively do not collect:
- your real name (we do not ask)
- your phone number
- your street address (other than for billing if/when payment processing is activated — handled by the payment processor, not by us)
- your government-issued ID
- analytics or behavioral telemetry beyond what is required to deliver and secure the Service
- third-party advertising data
- social-media identifiers
If a form ever asks for this information in the future, this Privacy Policy will be updated and material change handling will apply (see §11).
2.4 Information from Game Publishers
We retrieve publicly available market data from game publisher APIs. This data is about the game economy as a whole, not about you personally. We do not retrieve, request, store, or process your individual game-account credentials, your game-account email, your character roster, your inventory, or any other private information from a game publisher.
2.5 Children
The Service is intended for users 18 years of age or older. Users between 13 and 17 may use the Service only with verifiable parental consent. We do not knowingly collect personal information from anyone under 13. If we learn we have collected personal information from a child under 13, we will delete it promptly. If you believe we have collected information from a child under 13, contact privacy@[domain].
3. How We Use Personal Information
We use personal information to:
- create and authenticate your account;
- deliver, operate, maintain, and improve the Service;
- enforce subscription tiers and entitlements;
- process payments (when paid billing is activated — by sending non-payment-instrument metadata to our payment processor);
- secure the Service (rate limiting, abuse detection, fraud prevention, audit logging);
- respond to your support requests;
- record your acceptance of legal documents (Terms of Service, Privacy Policy, Risk Disclosure, etc.) for compliance evidence;
- communicate with you about your account, security incidents, material changes to terms, and (if you opt in) product updates;
- comply with applicable laws and respond to lawful requests from authorities;
- exercise or defend our legal rights.
We do not use personal information for advertising, profiling for advertising, sale, or rent. We do not train any third-party machine-learning model on your personal information.
4. Legal Bases (EEA, UK, and similar regimes)
Where we process personal data of individuals subject to GDPR, UK GDPR, or similar regimes, we rely on the following legal bases:
| Activity | Legal basis |
|---|---|
| Account creation, authentication, delivery of the Service | Contract performance (Article 6(1)(b) GDPR) |
| Security, audit logging, fraud prevention | Legitimate interests (Article 6(1)(f) GDPR) — securing our infrastructure and protecting users |
| Recording legal acceptances | Legal obligation (Article 6(1)(c)) and legitimate interests |
| Marketing communications (opt-in only) | Consent (Article 6(1)(a)) |
| Responding to legal requests | Legal obligation |
You may withdraw consent at any time where consent is the legal basis. Withdrawal does not affect the lawfulness of processing before withdrawal.
5. Sub-Processors (Service Providers We Share Information With)
We share personal information only with sub-processors that perform a service on our behalf, under contract, with confidentiality and security obligations.
5.1 Currently Active
| Sub-processor | Purpose | Data | Location |
|---|---|---|---|
| MaxMind, Inc. (GeoLite2) | Offline IP-to-geolocation database (file-based — runs on our servers; no API calls to MaxMind from production) | None (offline lookup) | N/A |
5.2 Planned (Activated as Features Land)
The following are not yet active. They become active as the corresponding features ship; the active list above will be updated.
| Sub-processor | Purpose | Data shared (when active) |
|---|---|---|
| Stripe, Inc. | Payment processing | Email; subscription status; payment-instrument metadata (Stripe handles your full payment instrument; we do not see card numbers) |
| Email service provider (TBD) | Transactional email (account verification, security alerts, billing receipts) | Email address; message content |
| AI / LLM provider (TBD) | Pro+ AI synthesis and AI coach features | Aggregated, de-identified market-data prompts; no PII transmitted |
We will update this list and notify users by in-app notice plus email when a new sub-processor becomes active. A request to be notified by email about new sub-processors can be made to privacy@[domain].
5.3 Other Disclosure Scenarios
We may also disclose personal information:
- in response to a subpoena, court order, regulatory request, or other lawful demand (we evaluate every request and challenge overbroad ones);
- to enforce our Terms or protect our rights, our users' rights, or the public's rights;
- in connection with a corporate transaction (merger, acquisition, financing, sale of assets, bankruptcy) — with notice and the opportunity for you to delete your account before the transfer takes effect.
We do not sell personal information. We do not "share" personal information for cross-context behavioral advertising as that term is defined under the California Privacy Rights Act.
6. Data Retention
| Data | Retention period |
|---|---|
| Account record (email, password hash, account state) | For the life of the account, plus 90 days after account closure (to handle billing reconciliation, fraud investigation, support follow-ups) |
| Session records | Per SESSION_TTL_SECONDS configuration (sessions expire and are revoked) — closed sessions are retained 90 days for security audit |
| Subscription / billing records | 7 years for tax, audit, and dispute resolution purposes |
Audit logs (privileged_action_audits, legal_acceptances, legal_documents) | Indefinitely, consistent with our FINRA-aspirational compliance posture. Audit data is append-only at the database layer; deletion is enforced-disabled by trigger |
| Support correspondence | 3 years |
| Server logs (request logs, error logs) | 90 days |
| Cookies | See the Cookie Policy |
If you exercise a deletion right (see §7), we will delete or anonymize personal information in the account record and operational stores, but we will retain audit-relevant data (legal acceptance evidence, security audit logs) where retention is required by law or necessary to defend legal claims.
7. Your Rights
Depending on your location, you may have some or all of the following rights:
- Access — request a copy of the personal information we hold about you.
- Correction — request that we correct inaccurate or incomplete information.
- Deletion — request that we delete your personal information (subject to retention obligations described in §6).
- Portability — request your personal information in a structured, commonly used, machine-readable format.
- Restriction — request that we restrict processing of your personal information.
- Objection — object to processing based on legitimate interests.
- Withdraw consent — where processing is based on consent.
- Lodge a complaint — with a supervisory authority (your local data protection authority in the EEA/UK; the California Privacy Protection Agency in California; equivalent bodies elsewhere).
7.1 California-specific rights (CCPA / CPRA)
California residents have the right to know what personal information we collect, to whom we disclose it, and to request deletion. We do not sell personal information and do not "share" personal information for cross-context behavioral advertising. We do not engage in profiling that produces legal or similarly significant effects. California residents may also opt out of any future "sale" or "share" via privacy@[domain] — though as of the version date of this Policy, neither activity is occurring.
7.2 How to Exercise Rights
Send a request to privacy@[domain] from the email associated with your account, or use the in-app "Download my data" / "Delete my account" controls in account settings. We will verify your identity (typically by confirming the request from the account email, plus a follow-up authentication step) and respond within thirty (30) days, or such other period as required by law.
8. International Data Transfers
We are based in the United States and our infrastructure is hosted in the United States. If you access the Service from outside the United States, your personal information will be transferred to and processed in the United States. We rely on appropriate safeguards (standard contractual clauses where applicable, plus the security measures described in §9) for such transfers.
9. Security
We implement reasonable technical and organizational measures to protect personal information, including:
- Passwords are hashed with PBKDF2-SHA256 at 600,000 iterations (
werkzeug.security.generate_password_hash). We never store passwords in plaintext. - System secrets (API keys, third-party credentials) are encrypted at rest with AES-256-GCM in our SysAdmin Secrets Vault, with key-encryption-key (KEK) material loaded from environment at boot and fail-closed if missing.
- Session tokens are stored as SHA-256 hashes; the raw token is held only by the user's browser.
- Sessions carry an irreversible device fingerprint (one-way SHA-256 hash of UA / Accept-Language / screen resolution / timezone offset) for audit binding.
- Audit logs are append-only at the database layer (SQLite
BEFORE UPDATE/BEFORE DELETEtriggers fail-closed at boot; tampering is detectable). - Transport is TLS for all network traffic.
- Access to production data is gated by RBAC with audit logging of every privileged action.
No method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security.
In the event of a personal data breach, we will notify affected users without undue delay, and in any case within 72 hours where required by GDPR or similar law.
10. AI Features and Pro+ Tier
When you use Pro+ AI synthesis features (e.g., "Deep AI synthesis", "AI coach"), the inputs to those features are derived from publicly available market data and your own usage context. We do not transmit your account email, password, payment information, or other PII to any AI provider as part of feature-input prompts. AI outputs are subject to the disclaimers in the Risk Disclosure document — they are tools, not advice.
We do not permit AI providers to train their models on our prompt traffic. Where the AI provider's terms allow training-by-default, we explicitly opt out via API parameters where supported.
11. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated by in-app notice and email and will require fresh affirmative acceptance. Non-material changes (clarifications, formatting) will be reflected by an updated version date without forced re-acceptance. The current effective version and full version history are available at /legal/privacy.
12. Contact
For privacy questions, requests, or complaints:
[ENTITY NAME]
Attn: Privacy
[REGISTERED ADDRESS]
privacy@[domain]
Last updated: 2026-05-10