Privacy Policy

• Account information: email address, name (optional), and password (stored as a one-way hash, never in plain text)
• Usage data: pages viewed, features used, charts created and exported (collected to improve the product)
• Payment information: processed entirely by Stripe — we never see, access, or store your credit card number, expiration date, or CVV
• Technical data: IP address, browser type, and device information (used for security, rate limiting, and abuse prevention)

• Provide, maintain, and improve the Service
• Process payments and manage your subscription
• Send transactional emails: account verification, password resets, alert notifications
• Analyze usage patterns to improve features and performance
• Detect and prevent fraud, abuse, and unauthorized access

• We do NOT sell, rent, or trade your personal data to anyone, for any reason, ever
• We do NOT use advertising networks or tracking pixels
• We do NOT share your data with data brokers or marketing platforms
• We do NOT use your data for behavioral advertising or ad targeting
• We do NOT track your activity across other websites or services

We use the following services, each with their own privacy policies:

• Stripe (stripe.com): payment processing, PCI DSS Level 1 compliant
• Resend (resend.com): transactional email delivery
• Sentry (sentry.io): application error tracking — no personally identifiable information is included in error reports
• Vercel (vercel.com): application hosting and content delivery
• Neon (neon.tech): database hosting, encrypted at rest
• Upstash (upstash.com): caching and rate limiting

• We use a single session cookie for authentication (HTTP-only, Secure, SameSite=Strict)
• We do NOT use tracking cookies, analytics cookies, or any third-party cookies
• We do NOT use local storage for tracking purposes

• All data is encrypted in transit using TLS 1.2 or higher
• Sensitive database fields are encrypted at rest using AES-256-GCM
• Passwords are hashed using bcrypt with a cost factor of 12
• Database access is restricted to a dedicated role with least-privilege permissions
• All application code undergoes security review before deployment

• Your account data is retained for as long as your account is active
• Upon account deletion, all personal data is permanently removed within 30 days
• Security access logs are retained for 365 days, then automatically deleted
• Payment records are retained as required by applicable tax and financial regulations

You have the right to:

• Access: view all data associated with your account in Settings
• Correction: update your personal information at any time in Settings
• Deletion: permanently delete your account and all associated data in Settings
• Export: download your saved charts and configurations at any time through the Export feature

For any data requests, contact privacy@marketbrief.com.

Market Brief is not directed at children under the age of 13. We do not knowingly collect personal information from children. If we become aware that a child under 13 has provided personal information, we will take steps to delete it promptly.

We will notify you via email before any material changes to this Privacy Policy take effect. The updated policy will be posted on this page with a revised effective date. Previous versions are available upon request.

For privacy-related questions or concerns, contact us at privacy@marketbrief.com.