Privacy Policy

This policy explains how RFS Intelligence Dashboard handles personal data for the public dashboard, account access, and Pro subscriptions.

What we collect

For account users, we collect email address, authentication state, and a hashed password managed by Supabase. We also store Polar customer and subscription identifiers, subscription status, period end, and a Pro entitlement flag.

Server and security logs may include IP address, user agent, request path, timestamp, and error metadata. Phase 3 does not use analytics cookies or marketing cookies.

Why we collect it

We process personal data to create accounts, authenticate sessions, provide Pro access, process billing through Polar, prevent fraud, secure the service, respond to support requests, and keep operational audit records.

The legal bases under the GDPR include performance of a contract, legitimate interests in operating and securing the service, compliance with legal obligations, and consent where a user opts in to Phase 4 launch notification email.

Where it lives

Authentication data is held in Supabase. Billing records and payment method handling are managed by Polar.sh as Merchant of Record. Entitlement state is stored in Cloudflare KV, and subscription mirror data is stored in Cloudflare D1.

Public chart and digest data is served from Cloudflare KV and does not require an account. Email opt-in state for Phase 4 launch notification is stored as a Cloudflare KV preference flag.

Who we share it with

We use sub-processors to operate the service: Supabase for authentication, Polar.sh for billing and invoices, Cloudflare for hosting, D1, KV, and request routing, and Resend for operational or opted-in email.

We do not provide account lists to advertisers. We may disclose data when required by law, to protect the service, or to enforce these terms.

How long we keep it

Account data is kept while the account is active and for a reasonable period after closure when needed for security, dispute handling, or audit purposes. Entitlement cache entries are removed when access ends.

Billing and invoice records are retained by Polar according to applicable tax and accounting obligations, including EU VAT retention periods that may be up to 7 years.

Your rights

Subject to the GDPR and other applicable privacy laws, you may request access, rectification, erasure, restriction, objection, and data portability. You may also withdraw consent for optional email notification preferences.

To exercise these rights, contact the founder at all.barends@gmail.com. Identity verification may be required before a request is processed.

Cookies

The service uses essential session cookies from Supabase auth for login, logout, and protected route access. These cookies are necessary for account functionality.

Phase 3 does not use analytics cookies, advertising cookies, or non-essential tracking cookies. If that changes, this policy and any required consent flow will be updated before use.

International transfers

Supabase and Polar may use EU infrastructure where available. Cloudflare operates a global edge network, so request metadata may be processed outside the European Economic Area as part of routing, security, and caching.

Where international transfers occur, they are handled through the safeguards offered by the relevant sub-processor, such as standard contractual clauses or equivalent legal mechanisms.

Contact and complaints

For privacy questions, contact all.barends@gmail.com. You also have the right to lodge a complaint with your national data protection authority.