Privacy Policy
Last updated: January 2025
This policy complies with the EU General Data Protection Regulation (GDPR) and the Swiss Federal Act on Data Protection (LPD/FADP).
Basic features work without an account. Create an account only if you want premium features and personalized experience.
We collect only what's necessary: email for authentication and anonymous usage data to improve the service.
Data Controller
The data controller responsible for your personal data is:
1. Information We Collect
Account Information (If You Create an Account)
If you choose to create an account, we collect your email address for authentication purposes. We also store your subscription tier and feature usage limits. Account data is stored securely using Supabase (our authentication provider). You can use Google OAuth or email magic links to sign in.
User-Generated Data
If you have an account, we store your watchlist, notification preferences, and feedback submissions on our servers to provide you with a personalized experience across devices.
Cookies & Analytics
We use cookies for essential site functionality and, with your consent, for analytics purposes. See our Cookie Policy for details on the specific cookies we use and how to manage your preferences.
Push Notifications (Optional)
If you enable push notifications, we store an anonymous subscription identifier to send you alerts. This identifier is not linked to any personal information and can be removed by disabling notifications in your browser settings.
2. Legal Basis for Processing
We process your personal data based on the following legal grounds under GDPR Article 6 and LPD:
- Contract Performance (Art. 6(1)(b) GDPR): Processing necessary to provide you with the CatalystAlert service, including account management and subscription features.
- Consent (Art. 6(1)(a) GDPR): For analytics cookies and marketing communications. You can withdraw consent at any time through our cookie settings.
- Legitimate Interests (Art. 6(1)(f) GDPR): For security monitoring, fraud prevention, and service improvement, where our interests do not override your fundamental rights.
- Legal Obligation (Art. 6(1)(c) GDPR): When required to comply with applicable laws and regulations.
3. How We Use Information
- To provide and maintain the CatalystAlert service
- To authenticate your account and manage your subscription tier
- To understand how users interact with our platform and improve user experience
- To send push notifications about catalysts you're tracking (if enabled)
- To detect and prevent technical issues or abuse
- To process payments through Stripe (if you subscribe to a paid plan)
4. Data Retention
We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected:
| Data Type | Retention Period |
|---|---|
| Account data | Until account deletion |
| Watchlist & preferences | Until account deletion |
| Feedback submissions | Anonymized on account deletion, kept for 2 years |
| Analytics data | 26 months (Google Analytics default) |
| API request logs | 90 days |
| Payment records | 7 years (legal requirement) |
5. Information We Do NOT Collect
- Your name or phone number (only email is required for accounts)
- Financial information or trading data (payments handled by Stripe)
- Precise location data
- Device fingerprinting or cross-site tracking
- Your investment decisions or trading history
6. Your Rights Under GDPR & LPD
Under the GDPR and Swiss LPD, you have the following rights regarding your personal data:
- Right of Access (Art. 15 GDPR / Art. 25 LPD): You can request a copy of all personal data we hold about you. Use the "Download my data" feature in your account settings.
- Right to Rectification (Art. 16 GDPR / Art. 6 LPD): You can request correction of inaccurate or incomplete data.
- Right to Erasure (Art. 17 GDPR / Art. 17 LPD): You can request deletion of your account and all associated data. Use the "Delete Account" feature in your account settings.
- Right to Data Portability (Art. 20 GDPR / Art. 20 LPD): You can export your data in a machine-readable JSON format using the "Download my data" feature.
- Right to Withdraw Consent (Art. 7(3) GDPR): You can withdraw consent for analytics cookies at any time through our cookie settings.
- Right to Object (Art. 21 GDPR): You can object to processing based on legitimate interests.
- Right to Lodge a Complaint: You have the right to lodge a complaint with a supervisory authority (e.g., FDPIC in Switzerland, or your local EU data protection authority).
To exercise any of these rights, contact us at privacy@catalystalert.io. We will respond within 30 days.
7. International Data Transfers
Your data may be transferred to and processed in countries outside Switzerland and the European Economic Area (EEA), including:
- United States: For services provided by Google (Analytics), Stripe (payments), and Supabase (authentication).
These transfers are protected by appropriate safeguards including:
- EU-US Data Privacy Framework certification
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Swiss-US Privacy Shield principles where applicable
8. Data Security
We implement industry-standard security measures including:
- HTTPS/TLS encryption for all data in transit
- Encryption at rest for stored data
- Secure hosting infrastructure with regular security audits
- Access controls and authentication for all systems
- Regular security updates and monitoring
9. Third-Party Services
We use the following third-party services, each with their own privacy policies:
- Supabase: For user authentication and data storage (Privacy Policy)
- Stripe: For payment processing - we never see your full card details (Privacy Policy)
- Google Analytics: For anonymous usage statistics (Privacy Policy)
- Ahrefs: For traffic analysis (Privacy Policy)
10. Cookies
For detailed information about the cookies we use and how to manage your preferences, please see our Cookie Policy.
11. Children's Privacy
CatalystAlert is not directed at children under the age of 16. We do not knowingly collect information from children under 16. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately.
12. Changes to This Policy
We may update this privacy policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. For significant changes, we may also send you an email notification.
13. Contact Us
If you have any questions about this Privacy Policy or wish to exercise your rights, please contact us:
For general inquiries: info@catalystalert.io