HexWarden Labs LLC (“Company,” “we,” “us,” or “our”), a Colorado limited liability company, operates InsiderBrief at insiderbrief.io (the “Service”). This Privacy Policy explains how we collect, use, disclose, and protect your information when you use our Service.
1. Information We Collect
1.1 Information You Provide
- Account Information: When you create an account, we collect your name, email address, and password.
- Billing Information: When you subscribe to a paid plan, payment information is collected and processed by our third-party payment processor (Stripe). We do not store your full credit card number on our servers.
- Communications: If you contact us via email or through the Service, we collect the contents of your messages and any information you provide.
1.2 Information Collected Automatically
- Usage Data: We collect information about how you interact with the Service, including pages viewed, features used, search queries, and timestamps.
- Device and Browser Information: We may collect device type, operating system, browser type, and screen resolution.
- Log Data: Our servers automatically record information including your IP address, access times, and referring URLs.
- Cookies and Similar Technologies: We use cookies and similar tracking technologies to maintain sessions, remember preferences, and understand usage patterns. See Section 6 for details.
1.3 Information from Third Parties
We may receive information from third-party authentication providers if you choose to sign in using a third-party service (e.g., Google).
2. How We Use Your Information
We use collected information to:
- Provide, maintain, and improve the Service.
- Process subscriptions and payments.
- Send transactional communications (account confirmations, billing receipts, service updates).
- Send marketing communications, where you have opted in. You may unsubscribe at any time.
- Monitor and analyze usage trends to improve user experience.
- Detect, prevent, and address fraud, abuse, or technical issues.
- Comply with legal obligations.
3. How We Share Your Information
We do not sell your personal information. We may share your information in the following circumstances:
- Service Providers: We share information with third-party vendors who perform services on our behalf, including payment processing (Stripe), email delivery (Resend), hosting (Vercel), and database services (Supabase). These providers are contractually obligated to use your information only as necessary to provide their services.
- Legal Requirements: We may disclose information if required by law, regulation, legal process, or governmental request.
- Business Transfers: In connection with a merger, acquisition, or sale of assets, your information may be transferred as part of the transaction.
- Protection of Rights: We may disclose information to protect the rights, property, or safety of HexWarden Labs LLC, our users, or the public.
4. Data Retention
We retain your personal information for as long as your account is active or as needed to provide the Service. If you close your account, we will delete or anonymize your personal information within 90 days, except where retention is required by law or for legitimate business purposes (e.g., resolving disputes, enforcing agreements).
5. Data Security
We implement reasonable technical and organizational measures to protect your information, including:
- Encryption of data in transit (TLS/HTTPS).
- Encryption of sensitive data at rest.
- Role-based access controls.
- Regular security reviews.
However, no method of transmission or storage is completely secure, and we cannot guarantee absolute security.
6. Cookies
We use the following types of cookies:
- Essential Cookies: Required for the Service to function (e.g., session authentication). These cannot be disabled.
- Analytics Cookies: Help us understand how users interact with the Service. You may opt out of these through your browser settings or our cookie preferences.
We do not use advertising or third-party tracking cookies.
7. Your Rights and Choices
Depending on your jurisdiction, you may have the following rights regarding your personal information:
- Access: Request a copy of the personal information we hold about you.
- Correction: Request correction of inaccurate or incomplete information.
- Deletion: Request deletion of your personal information, subject to legal retention requirements.
- Portability: Request your data in a structured, machine-readable format.
- Opt-Out: Unsubscribe from marketing emails at any time using the link provided in each email.
To exercise any of these rights, contact us at signal@insiderbrief.io. We will respond within 30 days.
8. State Privacy Rights
8.1 California Residents (CCPA/CPRA)
California residents have additional rights under the California Consumer Privacy Act, including the right to know what personal information is collected, the right to delete, and the right to opt out of the sale of personal information. We do not sell personal information. To submit a request, email signal@insiderbrief.io.
8.2 Colorado Residents (CPA)
Colorado residents have rights under the Colorado Privacy Act, including the right to access, correct, delete, and obtain a portable copy of personal data, as well as the right to opt out of targeted advertising and profiling. We do not engage in targeted advertising or the sale of personal data.
8.3 Other U.S. State Privacy Laws
Residents of states with applicable privacy legislation (including Virginia, Connecticut, Utah, and others) may have similar rights. Contact us at signal@insiderbrief.io to exercise your rights under applicable state law.
9. Children's Privacy
The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected information from a child under 18, we will promptly delete it.
10. International Users
The Service is operated in the United States. If you access the Service from outside the U.S., your information may be transferred to and processed in the United States, where data protection laws may differ from those in your jurisdiction.
11. Third-Party Links
The Service may contain links to third-party websites or services, including SEC.gov and financial data providers. We are not responsible for the privacy practices of these third parties and encourage you to review their privacy policies.
12. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated via the Service or email. The “Last Updated” date at the top reflects the most recent revision. Your continued use of the Service after changes are posted constitutes acceptance of the revised policy.
13. Contact Us
For questions or concerns about this Privacy Policy or our data practices, contact us at:
HexWarden Labs LLC
Email: signal@insiderbrief.io