Log in
Get started

Privacy Policy

Last updated: 7 June 2026

1. Data Controller

BubbleGuard Pro (“we”, “us”) is the data controller for personal data collected through this platform. Contact: [email protected]

2. Data We Collect

  • Account data: email address, name, hashed password
  • Usage data: tickers analysed, alerts created, watchlist contents
  • Billing data: Stripe customer ID, subscription plan, payment status (no card numbers — processed by Stripe)
  • Technical data: IP address, browser, session tokens (in HttpOnly cookies)

3. Legal Basis (GDPR Art. 6)

  • Contract performance (Art. 6.1.b): Account, analysis, billing
  • Legitimate interest (Art. 6.1.f): Security, fraud prevention, service improvement
  • Consent (Art. 6.1.a): Marketing emails (opt-in)

4. Data Retention

Account data is retained for the duration of your account plus 30 days after deletion. Analysis results are retained for 2 years. Billing records are retained for 7 years (legal obligation).

5. Your Rights (GDPR)

  • Access (Art. 15): Request a copy of your data
  • Portability (Art. 20): Download your data — Settings → Profile → Export My Data
  • Erasure (Art. 17): Delete your account — Settings → Profile → Delete Account
  • Rectification (Art. 16): Update your profile — Settings → Profile
  • Objection (Art. 21): Email [email protected]

6. Third-Party Processors

  • Stripe: Payment processing (USA, Privacy Shield + SCCs)
  • Hetzner: Infrastructure hosting (Germany/EU, GDPR-compliant)
  • Cloudflare: CDN and DDoS protection (USA, SCCs)
  • SendGrid: Transactional email (USA, SCCs)

7. Cookies

We use one strictly necessary HttpOnly cookie: refresh_token (7-day JWT). No advertising or analytics cookies. No consent banner required for strictly necessary cookies.

8. Data Transfers

Personal data may be transferred to processors outside the EU (Stripe, Cloudflare, SendGrid) under Standard Contractual Clauses approved by the European Commission.

9. Supervisory Authority

You have the right to lodge a complaint with your national data protection authority (e.g. Garante Privacy in Italy, CNIL in France, ICO in the UK).

10. Contact

For any privacy request: [email protected]. We respond within 30 days.