GJ SmashersGJ Smashers

Privacy Policy

Effective April 20, 2026

1. Summary

GJ Smashers (“we”) collects the minimum personal data needed to run a subscription SaaS, keep accounts secure, and communicate with you. We do not sell personal data. This policy explains what we collect, why, and your rights.

2. Data We Collect

  • Account: email address, account password hash, sign-up timestamp, last-login timestamp, Supabase user id.
  • Profile: name, phone (if provided), country/state, Instagram handle (if provided during request-access intake), billing address (if collected by Stripe at checkout).
  • Payment: Stripe customer id, subscription id, plan, status, current-period dates, last invoice id. We do not store full card numbers or CVC — those live only in Stripe.
  • Device and security: device fingerprint hash, IP address, user agent, and timestamps for logins, device registrations, and disclaimer acceptance. Used to detect abuse and enforce device-trust limits.
  • Usage: pages visited, actions taken inside the platform, engine events triggered for your account, notification deliveries and failures.
  • Communications: emails we send, SMS we send, push-notification subscriptions you register, and related delivery status records.

3. How We Use Data

  • Provide the Service (authenticate, serve analysis, deliver alerts).
  • Process subscriptions and billing through Stripe.
  • Protect accounts from abuse, fraud, and duplicate signups.
  • Send transactional email (welcome, billing, receipts) and, if opted in, signal-alert email and SMS.
  • Improve the Service by analyzing aggregate usage patterns.
  • Comply with legal obligations and enforce our Terms.

With your consent, we may use your contact information to provide updates, product announcements, and offers related to other services under common ownership, including analytics tools and educational platforms.

4. Legal Bases

For users in jurisdictions that require them, our legal bases include contract performance (delivering the subscription you paid for), legitimate interests (fraud prevention, product improvement), consent (optional email/SMS alerts), and legal obligation (tax/accounting records).

5. Sharing

We share data only with service providers required to run the platform:

  • Stripe — payment processing, subscription lifecycle, receipts.
  • Supabase — authentication and data hosting.
  • Vercel — web hosting.
  • Resend — transactional and alert email delivery.
  • Twilio — SMS alert delivery (if you opt in).
  • Discord — community chat (if you join).
  • TradingView — external market-data signals (webhook).

We may share personal data with our affiliates and companies under common ownership or control for purposes consistent with this Privacy Policy.

We do not sell personal data to advertisers, brokers, data brokers, or any other third party. We may disclose data when required by law or to protect the rights, property, or safety of users or the public.

6. Retention

Account and billing records are retained while your account is active and for a period thereafter to meet legal, tax, and audit requirements. Security logs (login events, device registrations, disclaimer-acceptance records) are retained long enough to investigate fraud and abuse, typically one to two years. You may request deletion of personal data under Section 8.

7. Security

We use industry-standard measures: encryption in transit (TLS), encryption at rest for Supabase data, service-role isolation for administrative writes, HMAC-verified webhooks, rate limits on public endpoints, and row-level security policies. No system is perfectly secure; you should choose a strong password and notify us of any suspicious activity.

8. Your Rights

Depending on your jurisdiction (including U.S. state laws such as the CCPA/CPRA and, where applicable, GDPR), you may have the right to access, correct, delete, or export your personal data, and to restrict or object to certain processing. To exercise any of these rights, email support@gjtrades.com. We will respond within the timeframes required by law.

9. Children

The Service is not directed to children under 18 and we do not knowingly collect personal data from them. If you believe a minor has provided personal data, contact us and we will delete it.

10. International Transfers

Data is processed in the United States by our service providers. If you access the Service from another country, you consent to the transfer and processing of your data in the United States.

11. Cookies and Similar Technologies

We use cookies and similar storage for authentication (session cookies set by Supabase), functional preferences (e.g., settings), and essential security (CSRF, device fingerprinting hashes). We do not use advertising or tracking cookies.

12. Changes

We will post updates to this policy at /privacyand revise the “Effective” date. Material changes will be communicated via email or an in-app notice.

13. Contact

Email: support@gjtrades.com