StableLens

Privacy Policy

Last updated: 16 May 2026

1. Information We Collect

Account data. When you create an account, we collect your email address and authentication credentials (via Google OAuth or magic link).

Usage data. Anonymous analytics — pages visited, feature usage, general interaction patterns — collected via Vercel Analytics. No third-party advertising trackers, no cross-context behavioural tracking.

Alert preferences. When you create alerts, we store your threshold configurations and notification preferences in our database.

2. How We Use Your Information

  • To provide and maintain the StableLens platform
  • To send alert notifications you have configured
  • To send periodic newsletter updates (only if subscribed)
  • To improve our platform and user experience
  • To communicate important service updates

3. Data Storage & Security

Your data is stored using Supabase (Postgres) with row-level security policies enforced at the database layer. All data is encrypted in transit (TLS 1.3) and at rest. We do not sell, rent, or share your personal data with third parties.

4. Subprocessors

We use the following third-party services to operate the platform:

  • Supabase — database, authentication, file storage (US)
  • Vercel — hosting, edge functions, analytics (US)
  • Stripe — payment processing (US). We never store card details.
  • Resend — transactional email delivery (US)
  • CoinGecko, DefiLlama, Federal Reserve (FRED) — read-only market data sources

Subprocessor change notifications. We will provide at least 30 days advance notice on this page or by email before adding a new subprocessor or replacing an existing one. The list above is the authoritative inventory.

5. Cookies

We use essential cookies for authentication and theme preferences. We do not use third-party tracking cookies or advertising cookies. Vercel Analytics is cookie-free and aggregates without persistent identifiers.

6. Data subject rights (GDPR Articles 15–22)

If you are in the European Economic Area, United Kingdom, or Switzerland, you have the following rights under the General Data Protection Regulation:

  • Right to access (Article 15) — confirm whether we process your data and obtain a copy
  • Right to rectification (Article 16) — correct inaccurate or incomplete data
  • Right to erasure / right to be forgotten (Article 17) — request deletion of your account and personal data
  • Right to restriction of processing (Article 18) — limit how we process your data while a dispute is resolved
  • Right to data portability (Article 20) — receive your data in a structured, machine-readable format
  • Right to object (Article 21) — object to processing based on legitimate interests, including direct marketing
  • Right to withdraw consent (Article 7) — where processing relies on consent, withdraw it at any time

How to exercise these rights. Email privacy@stablelens.com with your account email and a description of the right you wish to exercise. We will respond within 30 days of receipt (GDPR Article 12(3)). We may need to verify your identity before acting on the request.

7. California residents — CCPA / CPRA rights

If you are a California resident, you have the following rights under the California Consumer Privacy Act and the California Privacy Rights Act:

  • Right to know — what personal information we collect, how we use it, and with whom we share it
  • Right to delete — request deletion of personal information we have collected from you
  • Right to correct — request correction of inaccurate personal information
  • Right to opt-out of sale / sharing — as noted below, we do not sell or share personal information
  • Right to non-discrimination — we will not deny you service or charge a different price for exercising these rights

We do not sell or share personal information for cross-context behavioural advertising. We do not have a "Do Not Sell or Share" link because there is nothing to opt out of.

Email privacy@stablelens.com to exercise any of these rights.

8. International transfers

Personal data may be transferred to the United States, where Supabase, Vercel, Stripe, and Resend are headquartered. For transfers originating in the European Economic Area, United Kingdom, or Switzerland, we rely on the Standard Contractual Clauses approved by the European Commission (Commission Implementing Decision 2021/914 of 4 June 2021) and equivalent UK / Swiss adequacy mechanisms.

9. Data Processing Agreement (DPA)

Institutional customers can request a Data Processing Agreement covering GDPR Article 28 processor obligations, Standard Contractual Clauses for international transfers, audit-rights provisions, and breach-notification timelines.

Email dominic@stablelens.com with your legal entity name and intended use to initiate a DPA. Typical turnaround is 5 business days for the standard template; bespoke amendments are handled case-by-case.

10. Data retention

We retain account data for as long as your account is active. Alert history and usage logs are retained for 12 months. You can request deletion of your data at any time per Section 6 or 7 above.

11. Children

StableLens is intended for institutional and adult use. We do not knowingly collect personal information from individuals under 16. If you believe we have collected information from a minor, contact privacy@stablelens.com and we will delete it.

12. Changes to this policy

We will post material changes to this page and update the "Last updated" date above. For changes that affect how we process your data, we will provide advance notice by email where reasonably possible.

13. Contact

Privacy inquiries: privacy@stablelens.com
DPA / procurement: dominic@stablelens.com

Back to StableLens