Privacy Policy

1. Introduction

Market Crash Monitor ("we," "our," "us") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, and share your information when you use our Service.

By using Market Crash Monitor, you consent to the data practices described in this policy.

2. Information We Collect

2.1 Information You Provide Directly

Account Information:

• Email address (required)
• Name (optional)
• Password (encrypted)
• Billing information (processed by Stripe)
• Payment method details (stored by Stripe, not by us)

Portfolio Information (Pro subscribers):

• Stock tickers and quantities
• Portfolio values
• Investment preferences
• Risk tolerance settings

Communications:

• Email correspondence
• Support tickets
• Feedback and survey responses
• Newsletter preferences

2.2 Information Collected Automatically

Usage Data:

• Pages visited and features used
• Time spent on the Service
• Click patterns and navigation paths
• Feature engagement metrics
• Login frequency and session duration

Technical Data:

• IP address
• Browser type and version
• Device type and operating system
• Screen resolution
• Referring website
• Access times and dates
• Cookies and similar tracking technologies

Performance Data:

• Error logs and crash reports
• API response times
• Feature performance metrics

2.3 Information from Third Parties

Authentication Services:

• If you sign up using OAuth (Google, etc.), we receive basic profile information

Payment Processors:

• Stripe provides transaction confirmation and payment status
• We do NOT store full credit card numbers

Market Data Providers:

• We fetch market data from third-party APIs
• This data is not personal to you

3. How We Use Your Information

3.1 To Provide and Improve the Service

• Create and manage your account
• Process subscription payments
• Deliver features based on your subscription tier
• Send email alerts and newsletters (if opted in)
• Analyze portfolio risk (Pro tier)
• Calculate personalized crash risk scores
• Provide customer support
• Improve Service functionality and user experience

3.2 For Communication

• Send transactional emails (subscription confirmations, password resets)
• Deliver market alerts based on your preferences
• Send newsletters (if subscribed)
• Respond to inquiries and support requests
• Notify you of Service changes or updates
• Send promotional materials (with opt-out option)

3.3 For Analytics and Research

• Analyze usage patterns to improve the Service
• Conduct aggregate statistical analysis
• Test new features and improvements
• Understand user behavior and preferences
• Monitor Service performance and reliability

3.4 For Legal and Security Purposes

• Comply with legal obligations
• Enforce our Terms of Service
• Detect and prevent fraud
• Protect against security threats
• Respond to law enforcement requests
• Protect our rights and property

4. Legal Bases for Processing (GDPR)

If you are in the European Economic Area (EEA), we process your data based on:

• Consent: When you opt-in to newsletters or marketing
• Contract: To provide the Service you subscribed to
• Legitimate Interests: To improve the Service, prevent fraud, and ensure security
• Legal Obligation: To comply with applicable laws

5. How We Share Your Information

5.1 We Do NOT Sell Your Personal Data

We do not sell, rent, or trade your personal information to third parties for marketing purposes.

5.2 Service Providers

We share data with trusted third-party service providers:

Hosting and Infrastructure:

• Vercel (hosting platform)
• Supabase (database and authentication)

Payment Processing:

• Stripe (payment processing and billing)
• Stripe handles all payment card information

Email Services:

• Mailgun
• For sending alerts, newsletters, and transactional emails

Analytics:

• Vercel Analytics
• For usage analytics and performance monitoring (privacy-friendly, no cookies)

These providers:

• Are contractually obligated to protect your data
• Can only use data to provide services to us
• Cannot use your data for their own purposes

5.3 Legal Requirements

We may disclose information if required to:

• Comply with legal processes (subpoenas, court orders)
• Enforce our Terms of Service
• Protect rights, property, or safety of us, users, or others
• Prevent fraud or security threats

5.4 Business Transfers

If we are acquired, merge, or undergo restructuring:

• User data may be transferred to the new entity
• You will be notified of any change in data control
• The new entity must honor this Privacy Policy

5.5 Aggregated Data

We may share anonymized, aggregated data that cannot identify you:

• Market research and trends
• Statistical analysis of user behavior
• Industry reports and insights

6. Data Storage and Security

6.1 Where We Store Your Data

• Database: Supabase (PostgreSQL) - servers in the United States (AWS)
• Hosting: Vercel - globally distributed
• Backups: Automated backups are encrypted and stored securely

6.2 How Long We Keep Your Data

• Active accounts: Data retained while account is active
• Cancelled subscriptions: Data retained for 30 days, then deleted
• Closed accounts: Most data deleted within 90 days
• Legal requirements: Some data retained longer if required by law
• Aggregated data: May be retained indefinitely (anonymized)

6.3 Security Measures

We implement industry-standard security practices:

• Encryption in transit (HTTPS/TLS)
• Encryption at rest (database encryption)
• Secure password hashing (bcrypt or similar)
• Regular security audits
• Access controls and authentication
• Firewall protection
• Monitoring for suspicious activity

However, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.

7. Your Privacy Rights

7.1 Rights for All Users

• Access: Request a copy of your personal data
• Correction: Update or correct your information
• Deletion: Request deletion of your account and data
• Opt-Out: Unsubscribe from marketing emails
• Object: Object to certain data processing activities

7.2 Additional Rights (GDPR - EEA Users)

• Data Portability: Receive your data in a machine-readable format
• Restriction: Restrict certain processing of your data
• Withdraw Consent: Withdraw consent for consent-based processing
• Complaint: Lodge a complaint with your data protection authority

7.3 Additional Rights (CCPA - California Residents)

California residents have rights under the California Consumer Privacy Act (CCPA):

• Right to know what personal information is collected
• Right to know if personal information is sold or disclosed
• Right to opt-out of sale of personal information (we don't sell data)
• Right to deletion
• Right to non-discrimination for exercising CCPA rights

7.4 How to Exercise Your Rights

To exercise any of these rights, you can:

• Privacy Settings Page: Logged-in users can access their Privacy & Data Management page to:
  • Export all your personal data (Right to Data Portability)
  • Delete your account and all associated data (Right to Erasure)
  • Manage cookie preferences
  • View data processing information
• Email: Contact us at info@marketcrashmonitor.com for any privacy-related requests
• Account Settings: Update your profile and preferences in your Account Settings

We will respond within:

• 30 days for most requests (GDPR requirement)
• 45 days for complex requests (with notification)

Note: For account deletion requests, the action is immediate and irreversible. We recommend exporting your data first if you want to keep a copy.

8. Cookies and Tracking Technologies

8.1 What Are Cookies?

Cookies are small text files stored on your device that help us provide and improve the Service.

8.2 Types of Cookies We Use

Essential Cookies (Required):

• Authentication and session management
• Security features
• Load balancing

Functional Cookies:

• Remember your preferences
• Store dashboard settings
• Maintain alert configurations

Analytics Cookies (Optional):

• Track usage patterns
• Measure feature performance
• Understand user behavior

Marketing Cookies (Optional):

• Track conversions from ads
• Retargeting (if applicable)

8.3 Cookie Controls

You can control cookies through:

• Cookie Consent Banner: When you first visit our site, you'll see a cookie consent banner where you can accept, reject, or customize cookie preferences
• Cookie Settings: Click the cookie icon in the bottom-right corner of any page to manage your preferences at any time
• Privacy Settings: Logged-in users can access cookie management from their Privacy & Data Management page
• Browser Settings: Disable or delete cookies through your browser's privacy settings
• Do Not Track: We respect Do Not Track signals (if applicable)

Note: Disabling essential cookies may prevent the Service from functioning properly. Essential cookies are required for authentication, security, and basic site functionality.

9. Third-Party Links and Services

9.1 External Links

Our Service may contain links to external websites:

• We are not responsible for third-party privacy practices
• Review their privacy policies before providing data
• Clicking links is at your own risk

9.2 OAuth/Social Login

If you use social login (Google, etc.):

• We receive basic profile information
• Review the social platform's privacy policy
• You can revoke access at any time

10. Children's Privacy

Market Crash Monitor is NOT intended for users under 18 years of age.

• We do not knowingly collect data from children
• If we discover we have collected data from a child, we will delete it
• Parents: Contact us if you believe your child has provided data

11. International Data Transfers

If you are outside the United States:

• Your data may be transferred to and processed in the United States
• We ensure appropriate safeguards are in place
• For EEA users, we comply with GDPR transfer requirements

12. Changes to This Privacy Policy

• We may update this Privacy Policy periodically
• Changes will be posted with a new "Last Updated" date
• Material changes will be communicated via email or prominent notice
• Continued use after changes constitutes acceptance

13. California "Shine the Light" Law

California Civil Code Section 1798.83 permits California residents to request information about disclosure of personal information to third parties for direct marketing purposes. We do not share personal information with third parties for their direct marketing purposes.

14. Contact Us

For privacy-related questions or to exercise your rights:

Privacy Contact:

• Email: info@marketcrashmonitor.com
• Subject Line: "Privacy Request"

Data Protection Officer:

• Email: info@marketcrashmonitor.com
• Subject Line: "DPO Request"

Response Time:

We aim to respond to all privacy inquiries within 30 days.

15. Specific Disclosures

15.1 Categories of Personal Information (CCPA)

We collect the following categories:

• Identifiers (email, IP address)
• Commercial information (subscription history)
• Internet activity (usage data)
• Financial information (processed by Stripe)
• Inferences (risk preferences, usage patterns)

15.2 Purposes of Collection (CCPA)

We use personal information to:

• Provide the Service
• Process transactions
• Improve user experience
• Communicate with users
• Ensure security

15.3 Data Retention Schedule

16. Your Consent

By using Market Crash Monitor, you consent to:

• This Privacy Policy
• Collection and use of information as described
• Transfer of data to service providers
• Cookies and tracking technologies