Privacy

Just your email address — and only when you sign in. We store it so we can send you magic-link sign-in emails and the factor-change alerts you opt into.

Postgres on Fly.io (US East). Emails sent via Resend (US). Everything we send to Resend is the recipient address and the message body — they handle delivery, we do not share your address with anyone else.

One session cookie (__Host-fw_session), HttpOnly + Secure + SameSite=Lax, expires in 30 days. It contains a random session id — nothing identifying you. Clear it any time by signing out.

Sign in, go to /account, click "Delete account". Your user row + every subscription + every session is removed immediately (cascade). Notification logs are kept for 30 days for debugging, then purged.

Every email has a one-click unsubscribe link. No login required. Or unsubscribe individual subscriptions from /account.

We don't sell or share your data. Period. The dashboard data itself (factor returns, screens) is computed from public sources via SynapseDiscovery and is freely viewable without an account.

Issues, questions, or "please delete my data": email is the contact channel since this is a one-developer project. Email the address you signed up with.