Privacy Policy

Introduction

Tickerbot, LLC (“we,” “us,” or “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website, developer API, dashboard, and related services (collectively, the “Service”).

Information We Collect

Account Information

When you create an account, we collect:

• Email address (collected directly when you sign up with email/password, or received from your chosen identity provider — Google or GitHub — when you sign in with one)
• User ID, hashed authentication credentials (for email/password signups), and authentication provider identifiers
• Display name (if provided by you or your identity provider)
• Avatar URL (if provided by your identity provider)

API Usage Data

To operate and meter the Service, we collect:

• SQL queries and webhook subscription definitions you submit
• Webhook target URLs you configure
• API key usage, request counts, and rate-limit counters
• Webhook delivery attempts, response codes, and retry history
• Dashboard activity (pages viewed, settings changed)

Device and Technical Information

We automatically collect:

• Device type, operating system, and browser information
• IP address (used for rate-limiting and abuse prevention; hashed when stored against the public sandbox endpoint)
• Request metadata: timestamp, endpoint hit, response status, latency
• Error reports and diagnostic logs
• Analytics events when you visit our marketing site (Google Analytics 4 on production hostname only)

Payment Information

Payment processing for paid subscriptions is handled by Stripe, Inc. We receive limited subscription metadata from Stripe (plan, status, billing interval, current period end) but do not store full payment card details on our servers.

How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve the Service
• Create and manage your account and API keys
• Evaluate your queries and webhook subscriptions against live market data
• Deliver webhook payloads to URLs you configure
• Process subscription payments, manage billing, and enforce plan quotas
• Respond to your support requests and communications
• Analyze usage patterns to improve product reliability and feature design
• Detect and prevent fraud, abuse, key leakage, and security incidents
• Comply with legal obligations

We do not use your queries, webhook subscriptions, or other Service content to train machine-learning models or sell to third parties.

Third-Party Services

The Service relies on third-party infrastructure providers that may process limited data on our behalf:

Firebase / Google Cloud Platform

Used for authentication, Firestore database storage, and Cloud Functions hosting. Account data, API keys (stored as SHA-256 hashes), and subscription state are stored on Google Cloud infrastructure in accordance with Google’s privacy policy.

Stripe

Processes paid subscription payments. Stripe collects and handles payment-card data according to its privacy policy and PCI-DSS standards. We never receive or store your full card number or CVV.

DigitalOcean

Hosts our scanner pipeline (PostgreSQL + Node application) which computes signals and evaluates webhook subscriptions. Data processed includes ticker-level computed values; no personal account data is stored on DigitalOcean.

Identity Providers (Google, GitHub)

If you choose to sign in with Google or GitHub, those providers handle the authentication exchange and share a minimal profile (email, user ID, name, avatar URL) with us. Your interactions with those providers are governed by their respective privacy policies.

Google Analytics 4

Loaded only on the production marketing site (tickerbot.io) to measure page views and traffic attribution. We do not load analytics on the dashboard, API endpoints, or staging hosts.

Email Delivery

We use a transactional email provider to send account-related messages (welcome, password reset, support replies). Your email address is shared with that provider solely for delivery.

Data Sharing and Disclosure

We do not sell your personal information. We may share your information in the following limited circumstances:

• With service providers: Third-party vendors who help us operate the Service (as listed above), bound by appropriate confidentiality and data-processing terms
• For legal reasons: When required by law, subpoena, court order, or legal process
• To protect rights: To enforce our Terms, protect our or users’ rights, or investigate suspected fraud or abuse
• Business transfers: In connection with a merger, acquisition, or sale of assets, in which case users will be notified
• With your consent: When you explicitly authorize us to share information (e.g., when you configure a webhook to deliver to a third-party URL)

Note: by configuring a webhook subscription, you direct us to transmit payloads (including ticker data and signal context) to the target URL you specify. You are responsible for the security of any URL you configure.

Data Security

We implement industry-standard security measures, including encryption in transit (TLS), encryption at rest for sensitive data, SHA-256 hashing of API keys (we never store raw keys after they are first shown to you), scoped Firestore security rules, and regular review of access patterns. No method of transmission over the internet is 100% secure, so absolute security cannot be guaranteed.

Data Retention

We retain account data, API keys, and subscription state for as long as your account is active. Per-IP sandbox rate-limit records are automatically deleted ~7 days after last activity. Webhook delivery logs are retained for diagnostics and may be aggregated or deleted over time. You may request deletion of your account and associated personal data at any time by contacting us.

Your Rights and Choices

Depending on your jurisdiction, you may have the following rights:

• Access: Request a copy of the personal information we hold about you
• Correction: Request correction of inaccurate information
• Deletion: Request deletion of your account and personal data
• Opt-out: Unsubscribe from non-essential email communications (transactional account emails remain)
• Data portability: Request your data in a portable format

To exercise any of these rights, email support@tickerbot.io from the address associated with your account.

Children’s Privacy

Our Service is not intended for users under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that we have collected such information, we will take steps to delete it.

International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence, including the United States. These countries may have different data-protection laws. By using the Service, you consent to the transfer of your information to the United States and other countries where our service providers operate.

California Privacy Rights

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information we collect, the right to delete your information, and the right to opt out of the sale of personal information. We do not sell personal information.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on our website and updating the “Last Updated” date. Your continued use of the Service after changes constitutes acceptance of the updated policy.

Contact Us

If you have questions about this Privacy Policy or our privacy practices, please contact us at:

Email: support@tickerbot.io
Website: https://tickerbot.io