Privacy Policy
Last updated: May 3, 2026
⚠ Placeholder policy for development. Review by qualified counsel required before public launch, especially regarding GDPR and CCPA-specific language.
What we collect
- Account: email, name, Clerk user ID
- Subscription state: Stripe customer ID, plan, status, renewal date
- In-app activity: your watchlist, alert rules, settings
- Technical: IP address, browser, and minimal analytics (self-hosted PostHog, no third-party ad networks)
What we don't collect
- Payment card numbers (Stripe handles this; we never see card data)
- Your brokerage credentials or portfolio holdings
- Any data for the purpose of selling or sharing with advertisers
Processors we use
- Clerk — authentication (SOC 2 Type 2)
- Stripe — payment processing (PCI DSS Level 1)
- Polygon.io — market data provider (no user data sent)
- Resend — transactional email delivery
- Supabase / Fly.io — database and application hosting
Your rights
You can request a full CSV export of your data or permanent deletion of your account at any time. Email privacy@tapeline.io. We will fulfil the request within 30 days.
GDPR (EU) and CCPA (California)
Residents of the EU and California have additional rights under local law, including the right to access, correct, or delete personal data, and the right to opt out of data sales (we don't sell any data). Exercise these rights via the email above.
Data retention
Active accounts: data retained as long as the account is open. Cancelled accounts: 30 days, then permanent deletion.