Privacy Policy
Last updated: March 10, 2026
ChartChest ("we", "us", or "our") operates chartchest.com (the "Service"). This policy explains what data we collect, how we use it, and your rights.
1. Information We Collect
Account data
When you create an account we collect your email address and a hashed password (managed by Supabase Auth). You may optionally provide a display name.
Usage data
We automatically collect standard server logs including IP address, browser type, pages visited, and timestamps. This data is used to maintain service reliability and is not sold.
Payment data
Payments are processed by Stripe. We never store your full card number or CVV. Stripe's privacy policy is available at stripe.com/privacy. We store only your Stripe Customer ID to manage your subscription status.
Watchlist and analysis data
Tickers you save to your watchlist and the analyses you request are stored in our database (Supabase) to provide the Service and personalise your experience.
Cookies and analytics
We use Google AdSense to serve ads on our landing page, which may set cookies and collect pseudonymous ad-interaction data. You can opt out via Google's Ad Settings. We do not currently use additional tracking beyond what AdSense requires.
2. How We Use Your Data
- To create and manage your account
- To process subscription payments via Stripe
- To deliver analysis results, scanner data, and watchlist alerts
- To maintain service uptime, debug issues, and prevent abuse
- To send transactional emails (subscription receipts, watchlist alerts)
We do not sell your personal data. We do not use your data to train our ML models (models are trained on public market data).
3. Data Retention
Account data is retained for as long as your account is active. You may request deletion at any time (see Section 7). Server logs are retained for up to 90 days. Stripe transaction records are retained as required by applicable financial regulations.
4. Data Sharing
We share data only with service providers necessary to operate ChartChest:
- Supabase — database and authentication
- Stripe — payment processing
- Render — hosting and compute
- Google — advertising (AdSense)
We may disclose data if required by law or to protect rights, safety, or property.
5. Security
We implement industry-standard security measures: HTTPS everywhere, API key authentication, JWT-verified sessions, Stripe webhook signature verification, and rate limiting. No system is perfectly secure; we cannot guarantee absolute security.
6. Children's Privacy
ChartChest is not directed at children under 13 (or 16 in the EU/UK). We do not knowingly collect data from children. If you believe a child has provided us data, please contact us and we will delete it.
7. Your Rights
Depending on your location you may have the right to access, correct, export, or delete your personal data, and to object to or restrict certain processing. To exercise any of these rights, email us at privacy@chartchest.com. We will respond within 30 days.
8. California (CCPA)
California residents have additional rights under the CCPA, including the right to know what personal information is collected and to opt out of any sale of personal information. We do not sell personal information. To submit a CCPA request, email privacy@chartchest.com.
9. Changes to This Policy
We may update this policy periodically. Material changes will be announced via a notice on the website or by email. Continued use of the Service after the effective date constitutes acceptance of the updated policy.
10. Contact
Questions? Email us at privacy@chartchest.com.