Privacy Policy

Last updated: February 1, 2026

Privacy Policy

Last Updated: February 1, 2026

InsiderAct ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.

1. Information We Collect

1.1 Information You Provide

Account Information:

  • Email address
  • Password (encrypted)
  • Name (optional)
  • Profile information

Payment Information:

  • Processed through RevenueCat and third-party payment processors
  • We do not store credit card numbers or payment details
  • Payment processors may retain transaction records

User Preferences:

  • Watchlists
  • Alert configurations
  • Display settings
  • Subscription preferences

1.2 Automatically Collected Information

Usage Data:

  • Pages visited
  • Features used
  • Time spent on the Service
  • Click patterns and interactions

Device Information:

  • Browser type and version
  • Operating system
  • Device identifiers
  • IP address
  • Screen resolution

Location Data:

  • Approximate location based on IP address
  • We do not collect precise geolocation without consent

1.3 Cookies and Tracking Technologies

We use:

  • Essential Cookies: Required for authentication and basic functionality
  • Analytics Cookies: Google Analytics (web) and Firebase Analytics (mobile)
  • Preference Cookies: Remember your settings and choices

You can control cookies through your browser settings, but disabling essential cookies may affect functionality.

2. How We Use Your Information

2.1 To Provide the Service

  • Create and manage your account
  • Process subscriptions and payments
  • Display insider trading data based on your preferences
  • Send transactional emails (e.g., password resets, subscription confirmations)

2.2 To Improve the Service

  • Analyze usage patterns and trends
  • Identify and fix bugs
  • Develop new features
  • Optimize performance

2.3 To Communicate With You

  • Respond to support inquiries
  • Send important service updates
  • Notify you of changes to Terms or Privacy Policy
  • Send marketing communications (with consent, opt-out available)

2.4 For Security and Compliance

  • Detect and prevent fraud
  • Enforce our Terms of Service
  • Comply with legal obligations
  • Protect our rights and property

3. How We Share Your Information

3.1 We Do Not Sell Your Personal Information

We do not sell, rent, or trade your personal information to third parties for marketing purposes.

3.2 Service Providers

We share information with trusted third-party service providers:

Supabase (Database & Authentication):

  • Stores user account data
  • Manages authentication
  • Provides database infrastructure
  • Privacy Policy: https://supabase.com/privacy

RevenueCat (Subscription Management):

  • Processes subscription purchases
  • Manages subscription status
  • Handles billing
  • Privacy Policy: https://www.revenuecat.com/privacy

Google Analytics (Web Analytics):

  • Tracks website usage
  • Analyzes user behavior
  • Privacy Policy: https://policies.google.com/privacy

Firebase Analytics (Mobile Analytics):

  • Tracks mobile app usage
  • Analyzes user behavior
  • Privacy Policy: https://firebase.google.com/support/privacy

3.3 Legal Requirements

We may disclose your information if required to:

  • Comply with legal obligations or court orders
  • Enforce our Terms of Service
  • Protect our rights, property, or safety
  • Prevent fraud or illegal activity

3.4 Business Transfers

If InsiderAct is involved in a merger, acquisition, or sale of assets, your information may be transferred. We will notify you before your information is transferred and becomes subject to a different privacy policy.

4. Data Retention

4.1 Account Data

  • We retain your account data while your account is active
  • After account deletion, we delete personal information within 90 days
  • Some data may be retained longer for legal or business purposes

4.2 Analytics Data

  • Aggregated analytics data may be retained indefinitely
  • Individual user data is anonymized after 26 months (Google Analytics default)

4.3 Payment Records

  • Payment transaction records are retained as required by law (typically 7 years)
  • Managed by RevenueCat and payment processors

5. Your Privacy Rights

5.1 Access and Correction

  • View your account information at any time
  • Update or correct your information through account settings
  • Request a copy of your data by contacting support

5.2 Deletion

  • Delete your account through account settings
  • Request deletion by contacting [email protected]
  • We will delete your personal information within 90 days

5.3 Data Portability

  • Request a machine-readable copy of your data
  • Export your watchlists and preferences

5.4 Marketing Opt-Out

  • Unsubscribe from marketing emails via the unsubscribe link
  • Opt-out of push notifications through device settings

5.5 Cookie Preferences

  • Adjust cookie settings in your browser
  • Disable analytics cookies (functionality may be limited)

5.6 Rights for European Users (GDPR)

If you are in the European Economic Area, you have additional rights:

  • Right to access your personal data
  • Right to rectification of inaccurate data
  • Right to erasure ("right to be forgotten")
  • Right to restrict processing
  • Right to data portability
  • Right to object to processing
  • Right to withdraw consent

Contact us at [email protected] to exercise these rights.

5.7 Rights for California Users (CCPA)

If you are a California resident, you have:

  • Right to know what personal information is collected
  • Right to know if personal information is sold or disclosed
  • Right to opt-out of the sale of personal information (we do not sell data)
  • Right to deletion of personal information
  • Right to non-discrimination for exercising your rights

6. Data Security

6.1 Security Measures

We implement industry-standard security measures:

  • Encryption: Data in transit (TLS/SSL) and at rest
  • Authentication: Secure password hashing (bcrypt)
  • Access Controls: Role-based access to data
  • Monitoring: Continuous security monitoring and logging
  • Infrastructure: Secure cloud hosting (Supabase)

6.2 Limitations

No method of transmission over the Internet is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

6.3 Your Responsibility

  • Use a strong, unique password
  • Enable two-factor authentication if available
  • Do not share your account credentials
  • Log out when using shared devices

7. Children's Privacy

InsiderAct is not intended for users under 18 years of age. We do not knowingly collect personal information from children under 18.

If you believe a child under 18 has provided us with personal information, please contact us at [email protected], and we will delete the information.

8. International Data Transfers

8.1 Data Location

  • Our services are hosted on servers located in [Primary Data Center Location]
  • Third-party services may store data in various locations worldwide

8.2 EU-US Data Transfers

For European users, we ensure adequate protection through:

  • Standard Contractual Clauses (SCCs)
  • Compliance with GDPR requirements
  • Supabase and RevenueCat's data protection measures

9. Third-Party Links

The Service may contain links to third-party websites or services. We are not responsible for the privacy practices of third parties. Please review their privacy policies.

10. Do Not Track (DNT)

We do not currently respond to Do Not Track (DNT) browser signals. You can control tracking through your browser settings and cookie preferences.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

  • Posting the updated policy on our website
  • Sending an email notification (for registered users)
  • Displaying a notice in the Service

Your continued use after changes constitutes acceptance of the updated Privacy Policy.

12. California "Shine the Light" Law

California residents may request information about personal information disclosed to third parties for direct marketing purposes. We do not share personal information with third parties for their direct marketing purposes.

13. Nevada Privacy Rights

Nevada residents may opt-out of the sale of personal information. We do not sell personal information as defined by Nevada law.

14. Contact Us

For questions, concerns, or requests regarding this Privacy Policy or your personal information:

Email: [email protected] Data Protection Officer: [email protected] Mailing Address: InsiderAct [Your Business Address]

Response Time: We will respond to privacy requests within 30 days (or as required by applicable law).

15. Specific Information for Users

15.1 What Data We Collect About You

  • Email address and account credentials
  • Usage data (pages viewed, features used)
  • Device information (browser, OS, IP address)
  • Payment information (managed by RevenueCat)
  • Preferences (watchlists, alerts, settings)

15.2 How We Use Your Data

  • Provide and improve the Service
  • Process subscriptions and payments
  • Send important service communications
  • Analyze usage and performance
  • Ensure security and prevent fraud

15.3 Who We Share Your Data With

  • Supabase (database and authentication)
  • RevenueCat (subscription management)
  • Google Analytics / Firebase (analytics)
  • Payment processors (via RevenueCat)

15.4 How Long We Keep Your Data

  • Account data: While account is active + 90 days after deletion
  • Analytics: Anonymized after 26 months
  • Payment records: As required by law (typically 7 years)

15.5 Your Rights

  • Access, correct, or delete your data
  • Export your data
  • Opt-out of marketing
  • Lodge a complaint with a supervisory authority (EU users)

Last Updated: February 1, 2026

By using InsiderAct, you consent to the collection and use of your information as described in this Privacy Policy.