Privacy Policy

1. Who we are

EdgeBeacon is currently operated by the founder pending formation of a legal entity. During this interim period the founder is the data controller for personal data processed through the Service. A registered entity will be named in this Policy before any paid subscription is offered.

Contact email: hello@edgebeacon.pro
A registered postal address will be added to this section before the paid product launches.

2. What we collect

• Account data: your email address and a hashed password (managed by our authentication provider, Supabase — we never see your password in plain text).
• Preferences: timezone, email-subscription state, and other settings you choose.
• Email engagement: basic delivery and open/click signals from your interaction with our emails, used to diagnose deliverability.
• Technical data: IP address, browser type, and request logs, retained for security, abuse-prevention, and debugging.
• Support correspondence: the content of emails you send us.

3. What we do not collect

During the beta we do not collect:

• brokerage or trading-account credentials;
• your live portfolio, positions, or trade history;
• bank-account details or other payment information;
• government identifiers (Social Security Numbers, National Insurance Numbers, passport numbers).

We have no link to your broker. We do not need your trading data to operate the Service.

4. How we use your data

• to create and authenticate your account;
• to deliver the daily signal brief and product updates if you have opted in;
• to detect and prevent fraud, abuse, and security incidents;
• to debug, diagnose, and improve the Service;
• to respond to your support enquiries;
• to comply with legal and regulatory obligations.

We do not use your personal data to train external AI models.

5. Lawful basis for processing (UK-GDPR)

We rely on the following lawful bases under Article 6 of UK-GDPR:

• Performance of a contract — to provide the Service you have signed up for.
• Legitimate interests — to operate the Service securely, prevent abuse, and improve the product. We balance these interests against your rights.
• Consent — for the optional daily email and any future marketing communications. You can withdraw consent at any time.
• Legal obligation — where we are required by law to retain or disclose data.

6. How we share your data

We share personal data only with the following processors, each of which handles data under its own security and privacy commitments:

• Supabase — authentication and database.
• Resend — transactional and product-update email delivery.
• Cloudflare R2 — object storage for engine state and artefacts.
• Vercel — web hosting and edge delivery.

We do not sell your personal data, and we do not share it with third parties for cross-context behavioural advertising. This statement is intended to satisfy the disclosure requirements of the California Consumer Privacy Act (CCPA) as amended by the CPRA.

We may disclose data if required by law, court order, or legitimate regulatory request, or where necessary to protect the rights, property, or safety of EdgeBeacon, our users, or others.

7. Cookies and tracking

During the beta we use a single authentication cookie to keep you signed in. We do not run analytics tools, advertising pixels, or third-party trackers on the Service. We do not use cookies for cross-site tracking.

8. Your rights

UK and EEA users (UK-GDPR / EU-GDPR). You have the right to:

• access the personal data we hold about you;
• have inaccurate data rectified;
• have your data erased (the "right to be forgotten");
• restrict how we process your data;
• receive your data in a portable, machine-readable format;
• object to processing based on legitimate interests;
• withdraw consent at any time where we rely on consent.

California residents (CCPA / CPRA). You have the right to:

• know what personal information we collect and how we use it;
• request deletion of your personal information;
• correct inaccurate personal information;
• opt out of the sale or sharing of personal information (we do not sell or share, so there is nothing to opt out of, but the right is preserved);
• not be discriminated against for exercising your rights.

9. How to exercise your rights

During the beta, the single channel for all privacy requests is email. Send your request to hello@edgebeacon.pro from the email address associated with your account, and state what you want done — for example "unsubscribe from the daily email", "delete my account and personal data", or "send me a copy of the data you hold about me". We may ask you to verify your identity before acting.

We aim to acknowledge every request within three business days and to complete the action within one month for UK and EEA requests and 45 days for California requests. If a request is complex we may extend the response window and will tell you why.

In-product self-service controls for email preferences and account deletion will be added before the paid product launches.

10. Data retention

We retain account data for as long as your account is active. When you close your account, we anonymise or delete your personal data within 30 days, except where we are required to retain specific records for longer to meet legal, regulatory, tax, or fraud-prevention obligations.

11. Security

We rely on our processors' encryption in transit (TLS) and at rest, strict access controls, and the principle of least privilege for engineering access. We keep audit logs of administrative actions.

No system is perfectly secure. In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the UK Information Commissioner's Office within 72 hours where required, and notify affected users without undue delay.

12. Children

The Service is not intended for anyone under 18 years old. We do not knowingly collect personal data from minors. If you believe a minor has provided us with personal data, email us and we will delete it.

13. International data transfers

Our processors (Supabase, Resend, Cloudflare R2, Vercel, and our news data providers) operate data centres in the United Kingdom, the European Union, and the United States. Your data may be transferred to or processed in any of these regions during normal operation of the Service.

Formal cross-border transfer documentation (UK International Data Transfer Agreement, EU Standard Contractual Clauses, and any required processor data-processing agreements) has not yet been finalized and will be put in place before any paid subscription is offered. Each processor we use publishes its own transfer-safeguard programme; by using the Service during beta you acknowledge that data may move between these regions under those processor-level programmes.

14. Changes to this policy

We may update this Privacy Policy from time to time. For material changes we will notify registered users by email and update the "last updated" date below. We encourage you to review this page periodically.

15. Contact and complaints

For any privacy question or to exercise a right, email hello@edgebeacon.pro.

UK users who are not satisfied with our response have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's supervisory authority for data-protection matters, at ico.org.uk. EEA users may complain to their local data-protection authority. We would, however, appreciate the chance to address your concerns first.