Legal

Privacy Policy

Last updated: June 6, 2026

MarketBriefed ("we," "us," or "our") operates the website and application at marketbriefed.com (the "Service"). This Privacy Policy describes the types of information we collect from and about you when you use the Service, how we use and protect that information, the circumstances under which we may share it, and the choices you have regarding your personal data. By using the Service, you consent to the collection and use of your information as described in this Privacy Policy.

1. Information We Collect

1.1 Information You Provide Directly

Account Registration. When you create an account, we collect your email address, username, and password. Your password is cryptographically hashed using bcrypt via Supabase Auth — we never see, store, or have access to your plaintext password.
Profile Information. You may optionally provide a display name, avatar color preference, and other profile details.
Watchlist and Portfolio Data. If you add tickers to your watchlist or use portfolio tracking features, we store those selections to personalize your briefings, alerts, and content recommendations.
User-Generated Content. Posts, replies, votes, and other content you submit through discussion threads and social features.
Contact Information. When you contact us through the in-app contact form, we collect the subject and message content, along with your email address for reply purposes.
Payment Information. If you subscribe to a paid plan, payment is processed by our third-party payment processor. We do not directly collect, store, or have access to your full credit card number. We may receive from the processor: the last four digits of your card, card brand, expiration date, billing address, and transaction confirmation details.
Preferences and Settings. Your display preferences (dark/light mode, compact view, text size), notification preferences, and frequency settings.

1.2 Information Collected Automatically

Usage Data. We collect standard server-side log data including IP addresses, browser type and version, operating system, referring/exit pages, pages viewed, timestamps, and clickstream data. This helps us understand how the Service is used and diagnose technical issues.
Device Information. We may collect information about the device you use to access the Service, including device type, screen resolution, and browser capabilities.
Cookies and Local Storage. We use browser local storage (not cookies) to persist your authentication session, theme preference, and other application settings. We do not use third-party tracking cookies, advertising pixels, or behavioral tracking technologies. We do not run advertisements of any kind.

1.3 Information We Do Not Collect

We do not collect: biometric data, geolocation data, contact lists, browsing history outside of our Service, or data from social media accounts unless you explicitly provide it.

2. How We Use Your Information

Data	Purpose	Legal Basis
Email address	Account authentication, password resets, essential service notifications (security alerts, billing confirmations). We will not send marketing or promotional emails without your explicit opt-in consent.	Contract performance; legitimate interest
Username	Displayed alongside your posts in threads and social features. Used as a login credential.	Contract performance
Watchlist / Portfolio	Personalize your daily briefings, sector views, price alerts, and learning recommendations.	Contract performance
Thread posts & replies	Displayed to other authenticated users in the Social section of the platform.	Contract performance; consent
Usage data & logs	Improve the Service, fix bugs, understand feature adoption, detect abuse. Never sold or used for advertising.	Legitimate interest
Payment data	Process subscription payments, prevent fraud, and maintain billing records.	Contract performance; legal obligation
Contact form messages	Respond to your support requests, feedback, and inquiries.	Legitimate interest; consent

3. Data Sharing and Disclosure

We do not sell, rent, lease, or trade your personal information to any third party. We do not share your data with advertisers. We share data only in the following limited circumstances:

3.1 Service Providers (Data Processors)

We use the following third-party service providers who process data on our behalf, solely to provide the Service:

Supabase — Database hosting, user authentication, and data storage. Data is stored in Supabase-managed PostgreSQL databases with row-level security (RLS) policies.
Vercel — Application hosting, serverless function execution, and content delivery (CDN). Vercel processes server logs which may include IP addresses.
Resend — Transactional email delivery (welcome emails, password resets, contact form forwarding). Resend receives the recipient email address and email content necessary for delivery.
Market Data Providers — Third-party market-data APIs that supply quotes, fundamentals, and related financial data. These services receive ticker symbol queries but no personally identifiable information about you.

Each provider processes data under their own privacy policies and applicable data processing agreements. We select providers that maintain appropriate security standards.

3.2 Legal Requirements

We may disclose your information if we believe in good faith that disclosure is necessary to: (a) comply with a legal obligation, subpoena, court order, or governmental request; (b) protect and defend the rights, property, or safety of MarketBriefed, our users, or the public; (c) detect, prevent, or address fraud, security, or technical issues; or (d) enforce our Terms of Service.

3.3 Business Transfers

If MarketBriefed is involved in a merger, acquisition, reorganization, asset sale, or bankruptcy, your personal information may be transferred as part of that transaction. We will provide notice before your personal data is transferred and becomes subject to a different privacy policy.

3.4 Aggregated and De-Identified Data

We may create aggregated, anonymized, or de-identified data from your personal information (e.g., aggregate user counts, feature usage statistics). Such data cannot reasonably be used to identify you and is not subject to the restrictions of this Privacy Policy.

4. Data Security

We implement industry-standard technical and organizational security measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

Passwords hashed using bcrypt via Supabase Auth (we never store plaintext passwords)
All data in transit encrypted using TLS (HTTPS)
Row-level security (RLS) policies in our database ensuring users can only access their own data
API keys and secrets stored as environment variables, never in client-side code
Regular security reviews of our codebase and infrastructure
Access to production systems restricted to authorized personnel

However, no method of electronic storage or transmission over the Internet is 100% secure. While we strive to use commercially reasonable means to protect your personal data, we cannot guarantee its absolute security. You are responsible for maintaining the security of your account credentials.

5. Data Retention

Account data is retained for as long as your account is active.
Server logs (IP addresses, request data) are retained for up to 90 days for security and debugging purposes.
User-Generated Content (thread posts and replies) may persist in an anonymized or orphaned form after account deletion, as other users may have relied upon or replied to that content. Alternatively, you may delete individual posts and replies before deleting your account.
Payment records are retained as required by applicable tax and financial reporting laws.
Contact form messages are retained for up to 12 months after resolution.

If you delete your account, we will remove or anonymize your personal data within 30 days, except where retention is required by law, necessary for legitimate business purposes (e.g., fraud prevention, dispute resolution), or where data has been anonymized and can no longer identify you.

6. Your Rights and Choices

Depending on your jurisdiction, you may have certain rights regarding your personal data. These may include:

Right to Access. Request a copy of the personal data we hold about you.
Right to Rectification. Request correction of inaccurate or incomplete personal data.
Right to Erasure ("Right to Be Forgotten"). Request deletion of your personal data, subject to legal retention requirements.
Right to Data Portability. Request your data in a structured, commonly used, machine-readable format.
Right to Object. Object to certain types of data processing, including processing based on legitimate interests.
Right to Restrict Processing. Request that we limit our use of your data in certain circumstances.
Right to Withdraw Consent. Where processing is based on your consent, you may withdraw consent at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, contact us at privacy@marketbriefed.com. We will verify your identity and respond within 30 days (or within the timeframe required by applicable law). We will not discriminate against you for exercising any of these rights.

7. California Privacy Rights (CCPA/CPRA)

If you are a California resident, the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) grant you additional rights regarding your personal information:

Right to Know. You may request that we disclose the categories and specific pieces of personal information we have collected about you, the sources of collection, the purposes for collection, and the third parties with whom we share it.
Right to Delete. You may request deletion of your personal information, subject to certain exceptions.
Right to Correct. You may request correction of inaccurate personal information.
Right to Opt Out of Sale/Sharing. We do not sell or share your personal information for cross-context behavioral advertising. Because we do not engage in these practices, there is no need to opt out.
Right to Non-Discrimination. We will not deny goods or services, charge different prices, or provide a different quality of service because you exercised your CCPA rights.

To submit a request, email privacy@marketbriefed.com with "California Privacy Request" in the subject line.

8. International Data Transfers

The Service is operated from the United States. If you access the Service from outside the United States, please be aware that your personal data may be transferred to, stored, and processed in the United States or other countries where our service providers maintain facilities. These countries may have data protection laws that differ from those of your jurisdiction. By using the Service, you consent to the transfer of your information to the United States and other countries as described in this Privacy Policy.

9. Children's Privacy

The Service is not directed to and not intended for children under the age of 18. We do not knowingly collect personal information from anyone under 18 years of age. If we discover that we have inadvertently collected personal data from a minor, we will promptly delete that information. If you are a parent or guardian and believe that your child has provided us with personal information, please contact us at privacy@marketbriefed.com.

10. Do Not Track Signals

Some web browsers transmit "Do Not Track" (DNT) signals. Because there is no uniform standard for interpreting DNT signals, the Service does not currently respond to DNT signals. However, as described in this Policy, we do not use third-party tracking cookies or engage in cross-site behavioral tracking.

11. Third-Party Links

The Service may contain links to external websites, including news sources, SEC filings, company investor relations pages, and financial data providers. We are not responsible for the privacy practices, content, or security of those third-party sites. We encourage you to review the privacy policies of any external sites you visit.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes, we will: (a) revise the "Last updated" date at the top of this page; (b) notify you via email to the address associated with your account; and/or (c) provide a prominent notice within the Service. Your continued use of the Service after such changes constitutes your acceptance of the revised Privacy Policy.

13. Contact Us

If you have questions, concerns, or complaints about this Privacy Policy or our data practices, or if you wish to exercise any of your privacy rights, contact us at:

MarketBriefed
Email: privacy@marketbriefed.com
General support: support@marketbriefed.com

We will acknowledge your inquiry within 5 business days and endeavor to resolve it within 30 days.