Plain English summary: We collect only what we need to run the service (your email, usage data). We never sell your data. We use Supabase for auth and Stripe for payments — both are reputable services with strong security. You can delete your account and all your data at any time. UK/EU users have full GDPR rights.
TimingAX (“we”, “us”, “our”) is the operator of the platform at timingax.co.uk. For UK and EU users, we act as the data controller under the UK GDPR and GDPR respectively.
| Data type | Why we collect it | Legal basis |
|---|---|---|
| Email address | Account creation, login, transactional emails (password reset, billing) | Contract performance |
| Usage data | Analysis count per month (enforcing free-tier limit), features used | Legitimate interests |
| Payment data | Processed entirely by Stripe — we never see or store card numbers | Contract performance |
| Subscription status | Determining your access level (free / Pro / Lifetime) | Contract performance |
| IP address & browser | Security, fraud prevention, basic analytics via Vercel | Legitimate interests |
| Watchlist assets | Storing your personal watchlist between sessions | Contract performance |
We do not collect: trading account details, brokerage credentials, financial position data, or any sensitive personal data. We do not use advertising trackers.
Your account credentials and profile data are stored in Supabase (supabase.com). Supabase is SOC 2 Type 2 certified and stores data in the EU by default. Their privacy policy applies: supabase.com/privacy.
All payment processing is handled by Stripe, Inc. We share only what Stripe requires (email, subscription plan) to process your payment. We never see, transmit or store full card details. Stripe is PCI DSS Level 1 certified. Their privacy policy: stripe.com/gb/privacy.
The platform is hosted on Vercel (vercel.com). Vercel may log request metadata (IP, user agent, timestamp) for infrastructure purposes. Vercel's privacy policy: vercel.com/legal/privacy-policy.
We do not use Google Analytics, Meta Pixel, or any advertising network tracking technologies.
You have the right to:
To exercise any of these rights, contact us from your registered email address. We will respond within 30 days. You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk, or your national supervisory authority if you are in the EU.
TimingAX uses:
We do not use advertising cookies, third-party tracking cookies, or Google Analytics. You can clear localStorage and cookies at any time in your browser settings.
TimingAX is not intended for users under 18 years of age. We do not knowingly collect personal data from children. If we discover we have inadvertently collected data from a minor, we will delete it promptly.
Your data may be processed in the United States (by Supabase and Stripe). Both providers rely on Standard Contractual Clauses and/or equivalent safeguards approved under UK GDPR/GDPR for such transfers.
We use industry-standard measures to protect your data: HTTPS everywhere, encrypted passwords (never stored in plain text), Supabase row-level security, and periodic security reviews. No system is 100% secure; in the unlikely event of a breach affecting your personal data, we will notify you and the relevant supervisory authority as required by law.
We may update this Privacy Policy from time to time. We will notify you of material changes via email to your registered address. The “Last updated” date at the top of this page reflects the most recent revision.
For privacy-related questions, requests to exercise your rights, or data protection concerns, please contact us through the platform or from your registered email address. We aim to respond to all enquiries within 5 business days.
Summary: We collect your email and usage data to run the service. We don't sell it, don't track you with ads, use reputable infrastructure (Supabase, Stripe, Vercel), and you can delete everything at any time.