Privacy policy

insiderdelta collects only the minimum information needed to operate the site. Specifically:

• Email address. When you sign in we collect your email address so we can deliver a magic-link sign-in message and associate your session with an account. We do not require a password.
• Session record. A randomly-generated session token, stored both in a HTTP-only cookie on your browser and in our database. Used to keep you signed in across visits. Sessions are valid for up to one year with rolling renewal on activity.
• Server access logs. Our servers record the routine information that any web server records: the page or API path you requested, the time, the response code, the requesting IP address, the user-agent string, and the referrer if present. These logs are retained for a limited period (typically 30-90 days) for security, abuse detection, and operational debugging.
• Analytics events. If Google Analytics is enabled on this deployment, we send anonymous pageview events on each navigation. Google Analytics may set its own cookies as part of this. We do not transmit your email or any account identifier to Google Analytics.

• We do not request or store any payment information directly. If a paid tier is offered, payment is processed by a PCI-compliant third-party processor; we receive only the metadata needed to grant access (e.g. subscription status).
• We do not collect or process personally identifying information beyond your email address and the session and log data described above.
• We do not sell, rent, or otherwise share your personal information with marketers or data brokers.

insiderdelta uses the smallest set of cookies it can:

• Session cookie.Issued by our authentication system when you sign in. HTTP-only and same-site so it’s not readable by client-side JavaScript or sent on cross-site requests.
• CSRF token. A short-lived cookie used to protect form submissions from cross-site request forgery.
• Third-party analytics cookies. If Google Analytics is loaded, it sets cookies under its own domains for measurement purposes. These can be blocked by browser preferences without affecting site functionality.

We use the following third-party services to operate the site. Each receives only the data minimally needed to perform its function.

• Resend - deliver magic-link sign-in emails. Receives the email address and the generated sign-in URL.
• VPS / hosting provider - serves the website and stores the database. Receives all HTTP traffic and stored data.
• Google Analytics (if enabled) - aggregate pageview measurement.
• SEC EDGAR and Yahoo Finance - we fetch from these endpoints to ingest filings and market data. Neither receives any information about you or any of our users; we only pull public reference data.

• Access and deletion. You can request a copy of the account-level information we hold about you, or request that we delete your account and the personal data tied to it, by writing to [email protected]. We respond as quickly as we reasonably can.
• Sign-out. Signing out invalidates your session in our database and clears the session cookie.
• Block analytics. Browser settings or extensions that block Google Analytics will prevent us from receiving pageview events from your visit. The site continues to function.

insiderdelta is not directed to children under the age of 13 and we do not knowingly collect personal information from children under 13. If you believe a child has provided personal information to us, please contact us so we can remove it.

We may update this policy when our practices change or when required by law. The effective date at the top of this page reflects the date of the most recent substantive change. Continued use of the site after an update constitutes acceptance of the updated policy.

Privacy questions can be sent to [email protected]. For broader inquiries see the contact page.