Legal

Privacy Policy

Last updated: June 21, 2026

1. What we collect

When you use SkyView we collect only what we need:

  • Email address — for sign-in, password recovery, billing receipts, and product notifications.
  • Password (hashed) — stored as an argon2id hash; we never see the plaintext.
  • Stripe customer ID + subscription state — to grant/remove Pro access. Payment card details are held by Stripe; we never see or store full card numbers.
  • Discord user ID — only if you opt-in to Discord auto-role assignment. We use it solely to assign the SkyView Pro role in our server.
  • Basic request logs — IP, user-agent, page URL — for rate limiting, abuse prevention, and debugging. Retained ~30 days.

We do NOT collect: your trading account credentials, broker positions, real-name profile data, or any third-party tracking beyond what Stripe and Discord need to do their jobs.

2. Third-party processors

We use these services to operate SkyView:

  • Stripe (billing) — your email + card. stripe.com/privacy
  • Resend (transactional email) — your email + email content we send you. resend.com/legal/privacy-policy
  • Discord (community + role bot) — your Discord user ID if you connect it. discord.com/privacy
  • Polygon.io (market data) — your IP/request metadata when we proxy chain data. Polygon is the upstream data source.
  • Vercel (frontend hosting) and Fly.io (backend hosting) — standard server logs.
  • Cloudflare (DNS + edge) — request metadata.

3. Cookies & local storage

  • skyview_session — HttpOnly cookie that authenticates you. Signed with HMAC, scoped to .skyviewlabs.io, 30-day expiry. Strictly necessary; no consent prompt under EU rules.
  • localStorage — used for your watchlist (★ pinned tickers) and to remember you've dismissed the first-time hint. Never leaves your device.

We do not use third-party analytics cookies, ad trackers, or cross-site identifiers.

4. How we use your data

  • Operate the Service (sign-in, billing, content delivery).
  • Notify you of account / subscription events (trial ending, payment failed, password reset).
  • Prevent abuse and debug issues (logs).
  • Improve the product (in aggregate; never identifying individuals to third parties).

5. Your rights

You can:

  • Access or update your email — request via /contact.
  • Delete your account — request via /contact; we'll remove your row from our DB within 30 days. Billing receipts may be retained by Stripe per their policies.
  • Unsubscribe from product emails — every email has a footer link (or hit /contact).
  • Disconnect Discord — visit your Discord account settings → Authorized Apps and revoke SkyView.

If you are in the EU/EEA or California, you have additional rights under GDPR / CCPA. We treat all users the same way; contact us to exercise any right.

6. Data retention

Account data is kept while your account is active. After account deletion, we keep minimum records required for legal/tax purposes (typically 7 years for billing data, per IRS rules). Request logs are pruned after 30 days.

7. Security

Transport encryption (HTTPS), HttpOnly + Secure cookies, argon2id password hashing, signed sessions, content-security-policy headers, rate limiting. No data store is 100% bulletproof — we take reasonable steps and disclose material breaches promptly.

8. Children

SkyView is not directed to anyone under 18. If we learn we've collected data from a minor, we'll delete it promptly.

9. Changes

We'll post material updates to this page with a new “Last updated” date and notify subscribers by email at least 14 days in advance.

10. Contact

Reach us at /contact or hi@skyviewlabs.io.