Privacy Policy — MarketAnalyzer Pro

Section 01

Who We Are

MarketAnalyzer Pro ("we," "us," "our") is a paper trading simulation platform for educational purposes. This Privacy Policy explains how we collect, use, store, share, and protect information about you ("User," "you") when you access or use our Service.

By using the Service, you agree to the collection and use of information in accordance with this Privacy Policy. This Policy is incorporated by reference into our Terms of Service.

For privacy questions or data requests, contact us at support@marketanalyzerpro.com.

Section 02

Data We Collect

We collect only the minimum data necessary to provide, secure, and improve the Service.

Information You Provide Directly

Data Type	What We Collect	Purpose
Email address	Your email when you register for an account	Account authentication, transactional emails, service notices
Password	Stored as a bcrypt hash — never in plain text	Account security and authentication
Display name	Optional name provided during registration	Personalize in-app experience

Data We Collect Automatically

Data Type	What We Collect	Purpose
Paper trading activity	Simulated orders, virtual portfolio, virtual balance, trade history, watchlist	Core Service functionality
Usage analytics	Pages visited, features used, session duration, clicks — anonymized via Google Analytics 4	Improve the Service
Technical data	IP address (anonymized), browser type, OS, device type, screen resolution	Security monitoring, bug detection
Session data	Session tokens, login timestamps, session duration	Keep you logged in; detect suspicious activity
Log data	Request logs: endpoint, response time, error codes	Debugging, security, performance

Data We Do NOT Collect

Real money, payment card numbers, or financial account details (payments handled exclusively by Gumroad)
Real-world investment portfolio data or brokerage account information
Government-issued IDs, social security numbers, or tax identification numbers
Precise geolocation data
Biometric data of any kind
Personal data of children under 18 (see Section 11)

Section 03

How We Use Your Data

We use the information we collect for the following purposes, each grounded in a lawful basis under GDPR:

Purpose	Data Used	Legal Basis (GDPR)
Provide the Service	Email, trading activity, session data	Performance of a contract (Art. 6(1)(b))
Account authentication	Email, password hash, session tokens	Performance of a contract (Art. 6(1)(b))
Transactional emails	Email address	Performance of a contract (Art. 6(1)(b))
Analytics & improvement	Anonymized usage data via GA4	Legitimate interests (Art. 6(1)(f))
Security & fraud prevention	IP address, session data, logs	Legitimate interests (Art. 6(1)(f))
Legal compliance	Any relevant data	Legal obligation (Art. 6(1)(c))

We do not use your data to train AI or machine learning models. We do not use your data for targeted advertising. We do not use your personal data for any purpose beyond those described here without your explicit prior consent.

Section 04

Third-Party Services & Data Processors

To provide the Service, we work with the following third-party service providers. Each acts as a data processor under contract and is bound by appropriate data protection terms.

Provider	Role	Data Shared
Supabase	Database & authentication — secure storage of all user account and trading data	Email, password hash, trading activity, session data
Google Analytics 4	Anonymous usage analytics — tracks Service interaction with IP anonymization enabled	Anonymized usage events, page views, session data (no PII transmitted)
Finnhub	Market data provider — real-time stock quotes, fundamentals, market news	No personal data; only stock ticker symbols in API requests
Twelve Data	Market data provider — historical candlestick data, technical indicators	No personal data; only ticker symbols in API requests
Brevo	Email delivery — transactional emails: account confirmations, password resets, service notices, Terms update notifications	Email address and name (if provided) for delivery purposes only
Vercel	Hosting & CDN — serves the web application globally	IP addresses via server logs (standard hosting data); no personal data stored by Vercel beyond logs
Gumroad	Payment processing — handles all purchases and refunds	Email address at time of purchase; payment card data stays exclusively with Gumroad

✓

We Never Sell Your Data to Any Third Party The third parties listed above receive only the minimum data necessary to perform their specific function. None of these providers are permitted to use your data for their own marketing or to sell it to others.

Section 05

Cookies & Tracking

We use a minimal set of cookies required to operate the Service and understand usage. We do not use advertising cookies, tracking pixels, or third-party behavioral tracking beyond Google Analytics 4.

Cookie Type	Examples	Purpose	Duration
Session cookies (essential)	Supabase auth token, session identifier	Keep you authenticated and maintain your session. Required for the Service to function.	Session (deleted when browser closes) or up to 7 days if "Remember me" is selected
Analytics cookies	Google Analytics 4 (_ga, _ga_*)	Anonymously track page views, feature usage, and session data to improve the Service. IP anonymization enabled. No personally identifiable information is sent to Google.	Up to 2 years (standard GA4 duration)

What We Do Not Use

Advertising or targeting cookies of any kind
Cross-site tracking cookies or social media tracking pixels
Fingerprinting techniques to identify users across sessions
Third-party behavioral data brokers

Cookie Control

You can control and delete cookies through your browser settings. Deleting essential session cookies will log you out. To opt out of Google Analytics tracking across the web, install the Google Analytics Opt-out Browser Add-on.

Section 06

We Do Not Sell Your Data

MarketAnalyzer Pro does not sell, rent, trade, license, transfer, or otherwise disclose your personal information to any third party for monetary or other valuable consideration. This commitment applies universally — to all users, in all jurisdictions, at all times.

🛡️

Absolute Commitment — No Exceptions Your email address, usage data, trading activity, and any other personal information will never be sold to data brokers, advertisers, or any other party. We generate revenue from product sales only, never from user data.

We may share data only in these limited, non-commercial circumstances:

Service providers: With the data processors in Section 4, strictly to perform their contracted function
Legal compliance: When required by valid court order, subpoena, or applicable law — only to the extent legally required
Protection of rights: To protect the legal rights, property, or safety of MarketAnalyzer Pro, our users, or others
Business transfer: In connection with a merger or acquisition, provided the acquiring entity agrees to honor this Privacy Policy

Section 07

Data Security

We implement industry-standard technical and organizational security measures to protect your personal information against unauthorized access, disclosure, alteration, and destruction.

Technical Measures

Encryption in transit: All data transmitted between your browser and our servers is encrypted using TLS 1.3
Encryption at rest: All data stored in Supabase is encrypted at rest using AES-256
Password hashing: Passwords are hashed using bcrypt — we never store plain-text passwords and cannot recover them
Row-level security: Database access is restricted at the row level — each user can only access their own data
Secure session tokens: Short-lived, cryptographically signed tokens managed by Supabase
HTTPS only: The Service is accessible exclusively over HTTPS

Organizational Measures

Principle of least privilege: access to user data is restricted to what is necessary
Regular review of third-party service providers for continued security compliance
Incident response procedures for potential data breaches

💡

No Absolute Security Guarantee No method of transmission over the internet is 100% secure. We strive to use commercially acceptable means to protect your data. We will notify affected users of any confirmed data breach as required by applicable law.

Section 08

Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes described in this Policy, or as required by applicable law.

Data Type	Retention Period	Reason
Account data (email, password hash)	Until you request account deletion	Required to provide the Service to active users
Paper trading activity	Until you request account deletion	Core Service feature — your trading history and virtual portfolio
Usage analytics	Up to 26 months (GA4 default)	Trend analysis for Service improvement
Server logs	Up to 90 days	Security monitoring and debugging
Transactional email records (Brevo)	Up to 12 months	Support inquiries and audit trail
Payment records (Gumroad)	Retained by Gumroad per their policy	Legal and financial compliance
Data after account deletion	Deleted within 30 days of confirmed request	Fulfillment of deletion request

After deletion, we may retain anonymized, aggregate data that cannot be linked back to you (e.g., aggregate usage statistics) indefinitely for Service improvement purposes.

Section 09

Your GDPR Rights — European Users

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have the following rights under GDPR. We respond to all verified requests within 30 days.

👁️

Right of Access

Request a copy of all personal data we hold about you and information on how we use it.

✏️

Right to Rectification

Request correction of inaccurate or incomplete personal data we hold about you.

🗑️

Right to Erasure

Request deletion of your personal data ("right to be forgotten"). We delete all your data within 30 days of a confirmed request.

⏸️

Right to Restriction

Request that we restrict processing of your data in certain circumstances.

📦

Data Portability

Request a copy of your data in a structured, machine-readable format to transfer to another service.

🚫

Right to Object

Object to processing based on legitimate interests, including the right to opt out of analytics tracking at any time.

How to Exercise Your GDPR Rights

Email support@marketanalyzerpro.com with subject "GDPR Request — [Right Type]" (e.g., "GDPR Request — Right to Erasure"). We will verify your identity before processing and respond within 30 days.

You also have the right to lodge a complaint with your local supervisory authority (e.g., the ICO in the UK, or your national data protection authority in the EU).

ℹ️

No Charge for GDPR Requests Exercising your rights is free of charge in most circumstances. We may charge a reasonable administrative fee only for requests that are manifestly unfounded or excessive.

Section 10

CCPA Rights — California Users

If you are a California resident, the California Consumer Privacy Act (CCPA) as amended by the CPRA gives you the following rights regarding your personal information.

Your California Rights

Right to Know: Request disclosure of the categories and specific pieces of personal information we have collected about you, the purposes for collection, and categories of third parties with whom we share information.
Right to Delete: Request deletion of personal information we have collected about you, subject to certain exceptions.
Right to Correct: Request correction of inaccurate personal information we hold about you.
Right to Opt Out of Sale or Sharing: Direct us not to sell or share your personal information. We do not sell or share personal information for cross-context behavioral advertising, so this right is already satisfied by our existing practices.
Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights.

CCPA Personal Information Collected

CCPA Category	Data Collected	Purpose
Identifiers	Email address	Account creation and authentication
Internet Activity	Pages visited, features used (anonymized via GA4)	Service improvement analytics
Inferences	Paper trading preferences inferred from usage patterns	Service personalization within the app

How to Submit a California Rights Request

Email support@marketanalyzerpro.com with subject "CCPA Rights Request". We will verify your identity and respond within 45 days (extendable by 45 days with notice).

Section 11

Children's Privacy

MarketAnalyzer Pro is intended exclusively for users who are 18 years of age or older. We do not knowingly collect personal information from children under 18. The Service, its content, and its tools — including financial simulation, market analysis, and AI risk scoring — are not directed at minors.

⚠️

No Data Collection From Minors If we discover we have inadvertently collected personal information from a user under 18, we will promptly delete that information and terminate the associated account. If you are a parent or guardian and believe your child under 18 has provided information to us, contact us immediately at support@marketanalyzerpro.com.

This commitment is consistent with COPPA (U.S.), GDPR's special protections for children's data, and our Terms of Service eligibility requirements.

Section 12

Account & Data Deletion

You have the right to request complete deletion of your account and all associated personal data at any time, free of charge. Requests are processed within 30 days.

📧

How to Delete Your Account Email support@marketanalyzerpro.com with subject "Delete My Account". Include the email address associated with your account. We confirm receipt within 2 business days and complete deletion within 30 days.

What Gets Deleted

Your email address and account profile
Your password hash and authentication credentials
Your entire paper trading history, virtual portfolio, and virtual balance
Your watchlist and saved preferences
Any support correspondence associated with your account

What May Be Retained After Deletion

Anonymized, aggregated usage statistics that cannot be linked back to you
Server logs for up to 90 days (security monitoring)
Payment records retained by Gumroad per their legal obligations
Records required by law, regulation, or legal process

Section 13

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make material changes, we will:

Update the "Last updated" date at the top of this page
Send an email notification to all registered users via Brevo, our email delivery service
Display a prominent notice within the Service the next time you log in

Your continued use of the Service after the effective date of any changes constitutes acceptance of the updated Policy. For changes that materially reduce your privacy protections, we will seek explicit consent where required by applicable law.

Section 14

Contact & Privacy Requests

For all privacy-related questions, data requests, or concerns, contact us below. We are committed to responding promptly and transparently.

General privacy questions	support@marketanalyzerpro.com
GDPR rights requests	support@marketanalyzerpro.com — subject: "GDPR Request — [Right Type]"
CCPA rights requests	support@marketanalyzerpro.com — subject: "CCPA Rights Request"
Account deletion	support@marketanalyzerpro.com — subject: "Delete My Account"
Children's privacy concerns	support@marketanalyzerpro.com — subject: "Children's Privacy"
Security reports	support@marketanalyzerpro.com — subject: "Security Concern"

Last updated June 2026. See also our Terms of Service.