// privacy

Privacy Policy.

Effective: 2026-04-24. Version: 1.0.0.

// SUMMARY

We collect your email and a password hash to give you an account. We use Plausible (self-hosted, no cookies) for aggregate traffic stats. No third-party trackers. No advertising. No selling of data. No cross-site tracking. You can export or delete your data anytime.

This Privacy Policy describes how [APEX PREDATOR LLC] (“we”, “us”) collects, uses, and discloses personal information when you use apexpredator.live and the Apex Predator platform (the “Service”). We designed this policy to be honest and readable. If anything is unclear, email privacy@apexpredator.live.

1. Who is the controller

[APEX PREDATOR LLC] is the data controller for personal information processed through the Service. Contact: privacy@apexpredator.live.

2. What we collect

Information you give us:

  • Account info — email address, password hash (we never see or store your plaintext password);
  • Preferences — time zone, notification settings;
  • Waitlist / contact form submissions — email and any message you send;
  • Support communications — content of emails you send us.

Information collected automatically:

  • Aggregate site analytics via Plausible (self-hosted) — page URL, referrer, country, anonymized browser/OS. No cookies. No IP addresses retained beyond a temporary hash used for bot filtering.
  • Server logs — request path, timestamp, response code. Retained 30 days for security and debugging.
  • Error reports via Sentry — if your browser throws an error on our site, we capture the stack trace and anonymized environment info to fix the bug.

Information from paid tier (when live):

  • Brokerage connection tokens — stored encrypted at rest. We never see your broker password; we use OAuth or API keys you authorize;
  • Billing info — processed by Stripe. We never see your full card number. We store a Stripe customer ID and last-four / expiry for display;
  • Trade history we execute for you on your brokerage account — kept for support and regulatory compliance.

What we do not collect:

  • No Google Analytics. No Facebook Pixel. No ad-network pixels;
  • No precise geolocation;
  • No biometric data;
  • No data from brokers beyond what is needed to operate the Service.

3. How we use your information

  • To provide, maintain, and improve the Service;
  • To authenticate you;
  • To deliver alerts, digest emails, and transactional notices you opted into;
  • To prevent fraud, abuse, and security threats;
  • To comply with legal obligations, including tax, anti-money-laundering, and financial regulations when applicable;
  • To communicate about your account and material changes.

We do not sell or rent personal information. We do not use your information for behavioral advertising.

4. Legal bases (GDPR / UK GDPR)

Where GDPR applies, our legal bases are: (a) performance of a contract (your account); (b) our legitimate interests (security, analytics that you can opt out of); (c) your consent (where we ask for it explicitly); (d) legal obligation.

5. Who we share with

We share only as needed and only with processors bound by confidentiality:

  • Supabase — auth and database hosting;
  • Cloudflare — DDoS protection, CDN, DNS;
  • Sentry — error logs;
  • Resend — transactional email (once v1.1 ships);
  • Stripe — billing (once paid tier ships);
  • Your broker — only to execute trades you authorize.

We may disclose information when required by subpoena, court order, or law — and will push back where appropriate. We may disclose to counsel or law enforcement to investigate fraud or threats to safety. In a merger or acquisition, your information may transfer to the acquirer under the same privacy commitments.

6. International transfers

Our servers are located in the United States. If you access the Service from outside the U.S., your information is transferred to and processed in the U.S. under Standard Contractual Clauses where required.

7. Retention

  • Account data — while your account is active, plus 30 days after deletion;
  • Server logs — 30 days;
  • Transactional trade records — 7 years (financial-record retention);
  • Billing records — as required by tax law (generally 7 years).

8. Your rights — summary

You have the right to:

  • Access — request a copy of the personal information we hold about you;
  • Delete — request deletion of your account and associated data;
  • Correct — ask us to fix inaccuracies;
  • Port — receive your data in a machine-readable format;
  • Object — object to processing based on legitimate interests;
  • Opt out — opt out of marketing email at any time;
  • Withdraw consent — where processing is based on consent.

To exercise any right, email privacy@apexpredator.live. We verify your identity before acting. We will respond within 30 days (or longer where law permits).

9. Your rights — by jurisdiction

California (CCPA / CPRA)

California residents have the right to: (a) know what personal information we collect, use, disclose; (b) delete personal information; (c) correct inaccurate information; (d) limit use of sensitive personal information (we do not use sensitive PI for secondary purposes); (e) opt out of "sale" or "sharing" of personal information — we do not sell or share personal information as those terms are defined under the CCPA; (f) non-discrimination for exercising these rights. To submit a request, email privacy@apexpredator.live with "CCPA Request" in the subject line. Authorized agents may submit requests on your behalf with written authorization.

Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Utah (UCPA), Texas (TDPSA), Oregon (OCPA), Montana (MTCDPA), and other state privacy laws

Residents of these states have rights to access, correct, delete, and port personal data, and to opt out of targeted advertising, sale of personal data, and certain profiling. We do not engage in targeted advertising, sale, or profiling that produces legal or similarly significant effects. Submit requests to privacy@apexpredator.live. You may appeal a denial to the same address; if still unsatisfied, you may contact your state attorney general.

European Economic Area, United Kingdom, Switzerland

You have the rights described above plus the right to lodge a complaint with your supervisory authority. Our representative in the EU / UK: [not yet appointed — will be designated before any targeted EU launch].

Do Not Track

We do not track you across sites. We honor browser Do Not Track signals by default because we do not engage in cross-site tracking at all.

10. Children

The Service is not directed to children under 13. We do not knowingly collect personal information from children under 13. If you believe we have collected such information, contact privacy@apexpredator.live and we will delete it. (The Service is further restricted to users 18+ by our Terms.)

11. Security

We use industry-standard measures including encryption in transit (TLS 1.3), encryption at rest for sensitive fields, row-level access controls, and hardened CSP/HSTS headers. No security is perfect. If you discover a vulnerability, report it responsibly to security@apexpredator.live or via our security.txt.

12. Cookies and tracking

Short version: we use one functional cookie for your auth session (set by Supabase) and nothing else. See /legal/cookies.

13. Changes to this policy

We will announce material changes at least 30 days in advance by email and by notice on the Service. The effective date above always reflects the latest version.

14. Contact

[APEX PREDATOR LLC]
[street], [city], [state] [zip], USA
privacy@apexpredator.live