Privacy Policy · Polyasso

01 — Overview

Polyasso ("we", "us") takes your privacy seriously. This policy explains what data we collect, why we collect it, and how it is used and protected. By using the Service, you agree to this policy.

We collect only what we need to run the Service. We do not sell your data. We do not run ads.

02 — Data We Collect

Data	Why we collect it	Stored where
Email address	Account creation, login, transactional emails (verification, billing alerts)	PostgreSQL on Render
Hashed password	Authentication. Passwords are hashed with Werkzeug/bcrypt — never stored in plaintext.	PostgreSQL on Render
Subscription tier & billing dates	Enforcing plan limits and renewal tracking	PostgreSQL on Render
Stripe customer & subscription IDs	Payment processing and billing portal access	PostgreSQL (IDs only) + Stripe
Analysis runs & picks	Displaying your history, P&L tracking, PDF export	PostgreSQL on Render
Referral code & referred-by	Crediting referral rewards	PostgreSQL on Render

We do not collect payment card details. All payment processing is handled directly by Stripe and governed by Stripe's Privacy Policy.

03 — How We Use Your Data

To authenticate your account and enforce subscription tier limits.
To send transactional emails: email verification, payment confirmations, and billing failure alerts.
To display your analysis history and P&L tracking within the app.
To process subscription renewals and referral rewards via Stripe.
To monitor and improve Service reliability and fix bugs.

We do not use your data for advertising, profiling, or sale to third parties.

04 — Third-Party Services

Running the Service requires the following third-party processors, each with their own privacy policies:

Render — hosts our backend and PostgreSQL database (US servers).
Cloudflare — hosts our frontend (global CDN).
Stripe — payment processing. Your card data never touches our servers.
Resend — transactional email delivery (verification, billing).
Anthropic (Claude API) — AI analysis. Market data is sent to Claude for research. No personally identifiable user information is included in these requests.
Polymarket / Gamma API — public market data. No user data is sent.
OpenWeatherMap, NewsAPI, The Odds API — public data enrichment. No user data is sent.

05 — Cookies & Tracking

We do not use cookies for advertising or third-party tracking. The app uses JWT tokens (stored in your browser's localStorage) for authentication only. We do not use Google Analytics or any analytics platform that shares your data with third parties.

06 — Data Retention

Your account data, analysis history, and picks are retained for as long as your account is active. If you delete your account, your data is removed from our database within 30 days. Stripe retains billing records independently per their own retention policies.

07 — Your Rights

Depending on your location, you may have rights under GDPR (EU/UK) or CCPA (California) including:

The right to access the personal data we hold about you.
The right to correct inaccurate data.
The right to deletion ("right to be forgotten").
The right to data portability (export of your data).
The right to opt out of any data sale (we do not sell data).

To exercise any of these rights, email picks@polyasso.com. We will respond within 30 days.

08 — Security

We use industry-standard security practices: HTTPS for all data in transit, bcrypt password hashing, JWT-based authentication with expiry, and environment variable management for all secrets. Our infrastructure runs on Render's managed cloud environment.

No system is perfectly secure. If you believe you've found a security vulnerability, please disclose it responsibly to picks@polyasso.com.

09 — Children

The Service is not directed at children under 18. We do not knowingly collect data from minors. If we become aware that a minor has created an account, we will delete it promptly.

10 — Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email to registered users. Continued use of the Service after changes constitutes acceptance of the revised policy.

11 — Contact

Privacy questions or data requests: picks@polyasso.com