Privacy Policy

1.1 18+ only. The Service is not intended for individuals under 18.

1.2 Consumer use by default; B2B may be offered. The Service is primarily for consumers (personal, non-commercial use). We may also offer B2B access under business plans or separate terms. This affects the data we collect (e.g., business billing details) and legal bases.

2.1 Account and profile data

• Email address
• Password (stored hashed by our auth provider)
• Optional: first name, last name, nationality, phone number
• Google OAuth: name/email/avatar (depending on your Google settings)

2.2 Subscription and billing data (Stripe)

• Stripe customer ID, subscription status/plan identifiers, renewal dates
• Account email (may prefill checkout)
• If B2B is offered/used: company name, VAT ID, billing address, invoice references (as applicable)

Payment method details are processed by Stripe, not stored by us.

2.3 Favourites and preferences

• User ID + favourites (issuers/position holders you save)
• Notification preferences
• Local cache in browser local storage (see Section 7)

2.4 Contact and support data

• Name, email, subject, message content (and any extra info you include)

2.5 Technical and usage data

• IP address, device/browser info, pages visited, referrer
• Hosting/server logs for security and reliability
• Analytics identifiers where you consent (see Section 7)

We display public regulatory disclosures. Sometimes a disclosure may include a natural person's name; if so, that can be personal data. If you believe such an entry is incorrect or inappropriate, contact us (Section 10).

• Provide accounts, authentication, favourites, and settings
• Provide subscriptions and manage billing status
• Send service emails/notifications (if enabled) via Resend
• Security, abuse prevention, anti-scraping, rate limiting
• Analytics and improvements (only where permitted/with consent as required)

• Contract: account + subscription delivery
• Legitimate interests: security, abuse prevention, essential logs, service reliability
• Consent: non-essential cookies/trackers (analytics/marketing) where required
• Legal obligation: tax/accounting retention where applicable

• Supabase (EU region): authentication + database + edge functions
• Stripe: payments/subscriptions
• Resend: email delivery (notifications/service messages)
• AWS Amplify / AWS: hosting, delivery, logs/monitoring
• Google (GTM/GA): analytics (subject to consent settings)
• CookieYes: consent management platform (stores your consent choices; serves the cookie banner and cookie preference center)
• Contact-handling endpoint/service used to receive your messages

7.1 CookieYes consent management
We use CookieYes to show a cookie banner and allow you to manage cookie preferences. CookieYes stores your consent choices (typically via a consent cookie).

7.2 Strictly necessary cookies
We use necessary cookies/technologies for authentication and security (e.g., to keep you logged in). These are required for the Service to function.

7.3 Analytics cookies (Google Tag Manager / Google Analytics)
We use GTM/GA to measure and improve the Service. Where required by law, we only place analytics cookies and run analytics tracking after you have given consent via CookieYes. You can change your consent at any time via the CookieYes preference settings.

7.4 Cookie list / cookie table
CookieYes typically provides a Cookie Declaration (a detailed list/table of cookies, purposes, providers, and expiry). You can rely on that for the detailed cookie list. We recommend linking to your CookieYes "Cookie Policy / Cookie Declaration" page from the Privacy Policy and site footer.

7.5 Local storage
We may store a local cache of favourites in browser local storage to improve UX. You can clear this in browser settings.

Some providers (Google, Stripe, Resend, AWS, CookieYes) may process data outside the EEA depending on their infrastructure. Where required, we rely on safeguards such as SCCs and other measures.

Access, rectification, erasure, restriction, portability (where applicable), objection (where applicable), and withdrawal of consent at any time.

Contact: contact@shortsinsights.com

You can also complain to the Autoriteit Persoonsgegevens (AP).

Email contact@shortsinsights.com with details (country/source/date/link). We will review and may correct/annotate where appropriate, considering the public nature of the source and applicable law.

• Account/profile: while active; deleted/anonymised upon request where possible unless retention required
• Subscription records: as needed for billing/admin/legal obligations
• Contact messages: typically up to 24 months
• Security logs: typically 30–180 days
• Analytics retention: per GA settings (you can state your configured period once confirmed)

We use reasonable technical and organisational measures (HTTPS, access controls, etc.).

We may update this Policy. The "Last updated" date shows the latest version.

contact@shortsinsights.com