Privacy Policy

Last updated: April 22, 2026

ChartChest ("we", "us", or "our") operates chartchest.com (the "Service"). This policy explains what data we collect, how we use it, and your rights.

1. Information We Collect

Account data

When you create an account we collect your email address and a hashed password (managed by Supabase Auth). You may optionally provide a display name.

Usage data

We automatically collect standard server logs including IP address, browser type, pages visited, and timestamps. This data is used to maintain service reliability and is not sold.

Payment data

Payments are processed by Stripe. We never store your full card number or CVV. Stripe's privacy policy is available at stripe.com/privacy. We store only your Stripe Customer ID to manage your subscription status.

Watchlist and analysis data

Tickers you save to your watchlist and the analyses you request are stored in our database (Supabase) to provide the Service and personalise your experience.

Cookies and analytics

We use Google Analytics 4 (GA4) on our website pages (landing page and documentation). GA4 collects standard internet log information including your IP address, browser type, device type, pages visited, and timestamps, and associates this with a pseudonymous analytics identifier. This data is used to understand site traffic and improve the Service. You can opt out via the Google Analytics Opt-out Browser Add-on.

Google Analytics may set persistent cookies on your device. Our use of this service means Google may also collect and process data in accordance with Google's Privacy Policy.

2. How We Use Your Data

• To create and manage your account
• To process subscription payments via Stripe
• To deliver analysis results, scanner data, and in-app watchlist signal notifications
• To maintain service uptime, debug issues, and prevent abuse
• To send essential account or billing-related communications when required for service operation

We do not sell your personal data. We do not use your data to train our ML models (models are trained on public market data).

3. Data Retention

Account data is retained for as long as your account is active. You may request deletion at any time (see Section 7). Server logs are retained for up to 90 days. Stripe transaction records are retained as required by applicable financial regulations.

4. Data Sharing

We share data only with service providers necessary to operate ChartChest:

• Supabase — database and authentication
• Stripe — payment processing
• Render — hosting and compute
• Google — website analytics (Google Analytics 4). We do not use Google's advertising features or share data for advertising purposes.
• Yahoo Finance — public market data source. We do not share your personal data with Yahoo Finance; market data is retrieved on your behalf in response to your queries.

We do not sell, rent, or trade your personal data to any third party. We may disclose data if required by law, court order, or to protect the rights, safety, or property of ChartChest, its users, or the public.

5. Security

We implement industry-standard security measures: HTTPS everywhere, API key authentication, JWT-verified sessions, Stripe webhook signature verification, and rate limiting. No system is perfectly secure; we cannot guarantee absolute security.

6. Children's Privacy

ChartChest is not directed at children under 13 (or 16 in the EU/UK). We do not knowingly collect data from children. If you believe a child has provided us data, please contact us and we will delete it.

7. Your Rights

Depending on your location you may have the right to:

• Access — request a copy of the personal data we hold about you
• Rectification — request correction of inaccurate or incomplete data
• Erasure — request deletion of your personal data ("right to be forgotten")
• Portability — receive your data in a structured, machine-readable format
• Objection / Restriction — object to or restrict certain processing activities
• Withdraw consent — where processing is based on consent, withdraw it at any time without affecting the lawfulness of prior processing

To exercise any of these rights, email us at cc14ventures@gmail.com. We will respond within 30 days. If you are in the EU or UK and believe your rights have not been addressed, you have the right to lodge a complaint with your local data protection supervisory authority (e.g., the ICO in the UK, or the relevant EU member state DPA).

8. California (CCPA / CPRA)

California residents have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), including the right to know what personal information is collected, used, or disclosed; the right to delete personal information; and the right to opt out of any sale or sharing of personal information. We do not sell or share personal information. To submit a CCPA/CPRA request, email cc14ventures@gmail.com.

9. Changes to This Policy

We may update this policy periodically. Material changes will be announced via a notice on the website or by email. Continued use of the Service after the effective date constitutes acceptance of the updated policy.

10. Contact

Questions? Email us at cc14ventures@gmail.com.