Privacy Policy

Last updated: 25 May 2026

This policy explains what data Shishin collects, how it's used, who it's shared with, and what rights you have over it. Plain language; the legal version defers to the Terms of Service when interpretation is needed.

What we collect

• Account data. Your email address, when you signed up, and password hash. Managed by Supabase (our auth provider).
• Usage data. Which pages you visit, when, and basic device/browser info. Used to detect bugs and abuse.
• Email preferences. If you opt in to digest or alert emails, we keep that preference associated with your account.

We don't collect financial information beyond what's needed to process a payment, and we don't collect that at all during the trial.

How we use it

• To operate the Service — show you the signals you signed up for, log you in, send you alerts you requested.
• To improve the Service — investigate bugs, measure which features are used.
• To communicate with you about account or service changes (administrative emails, never sold).

We don't sell your data. We don't share it with advertisers. We don't share it with brokerages, market makers, or any party that might use it to trade against you.

Who else handles it

The Service runs on infrastructure provided by:

• Supabase — authentication and user database
• Vercel — web frontend hosting and request logs
• Our backend host — API server and signal database (provider listed at paid launch)

Each is a data processor acting on our instructions. Each has its own security practices that you can review on their respective websites.

How long we keep it

• Account data — for as long as your account exists, plus 30 days after closure (in case you change your mind).
• Usage logs — 90 days, then aggregated / anonymised.
• Signal history — indefinitely, because the public performance record needs to remain auditable.

Your rights

If you're in a jurisdiction that grants data-subject rights (EU/UK GDPR, California CCPA, etc.), you have the right to:

• Access the data we hold about you
• Correct it if it's inaccurate
• Delete it (within legal retention obligations)
• Receive a portable copy
• Object to processing for certain purposes

Email [email protected] and we'll act within 30 days.

Cookies and similar

We use functional cookies only — the session cookie that keeps you logged in. No tracking pixels, no advertising cookies, no third-party analytics with user-level identity. If we ever add analytics, it will be aggregate-only (e.g. Plausible) and disclosed here first.

Children

The Service isn't intended for anyone under 18, and we don't knowingly collect data from minors. If you believe we have, email [email protected] and we'll delete it.

Changes to this policy

Material changes will be announced via email or an in-app notice at least 14 days before they take effect.

Contact

Privacy questions: [email protected]. General contact: [email protected].