Privacy Policy

Last updated: May 22, 2026

This Privacy Policy explains how Insider Trading Tracker (“we”, “us”, or “our”) collects, uses, and shares information when you visit insidertradingtracker.co or use our services (the “Service”). By using the Service you agree to the practices described here. If you do not agree, please do not use the Service.

1. Information we collect

Information you provide

  • Account information. When you register we collect your name, email address, and a password (stored as a salted bcrypt hash — never in plaintext). If you sign in with Google, we receive your Google account identifier, email, and profile name through Google Identity Services; we do not receive your Google password.
  • Subscription & payment information. If you upgrade to a paid plan, payment is processed by Stripe, Inc. We never see or store full credit-card numbers. We retain a Stripe customer ID and subscription ID to manage your plan.
  • User-generated content. Alert rules, watchlist entries, and other preferences you save in your account.
  • Communications. Messages you send to contact@insidertradingtracker.co and email events (delivery, opens, clicks) for transactional emails we send via Resend.

Information collected automatically

  • Usage data. Pages visited, features used, approximate timestamps, and referrer URL.
  • Device & technical data. IP address, browser type, operating system, screen size, and language preference.
  • Cookies & similar technologies. Authentication cookies (`ce_token`) and analytics identifiers — see Section 5.

We do not collect bank-account numbers, social security numbers, or any other government identifiers.

2. How we use your information

  • Provide, operate, and maintain the Service.
  • Authenticate you, secure your account, and prevent fraud or abuse.
  • Send transactional emails (alerts you have set up, password resets, billing receipts, watchlist digests).
  • Process subscription payments and manage your plan via Stripe.
  • Personalize what you see (e.g. your watchlist, your saved alert rules, your dashboard filters).
  • Measure aggregate usage and improve the Service.
  • Comply with legal obligations.

We do not sell your personal information. We do not share data with brokers for advertising re-sale.

3. How we share your information

We share information only with the categories of recipients listed below, and only as needed to deliver the Service.

  • Infrastructure providers. Railway (application hosting and PostgreSQL database) located in the United States.
  • Payments. Stripe, Inc. processes all subscription transactions under Stripe’s privacy policy.
  • Authentication. Google LLC, when you choose to sign in with Google.
  • Email delivery. Resend Communications, Inc., for transactional and digest emails.
  • Analytics. Google Analytics 4 (Google LLC), Meta Pixel (Meta Platforms, Inc.), Hotjar Ltd., and Ahrefs Pte. Ltd. for aggregate traffic and behavior analysis. These providers may set cookies — see Section 5.
  • AI services. Anthropic PBC powers our trade-explainer and politician-summary features. Only ticker-level aggregate data (public SEC and STOCK Act filings) is sent — no account-level or personally-identifying information.
  • Public-data partners. Finnhub (company sector / market cap enrichment) and Quiver Quantitative (congressional trade disclosures). These calls are server-to-server and do not include your information.
  • Legal requirements. If required by subpoena, court order, or to protect our rights, safety, or property.
  • Business transfers. If we are involved in a merger, acquisition, or sale of assets, your information may be transferred. We will provide notice before any transfer.

4. Data sources we display

Insider trading data on the Service is sourced from SEC EDGAR Form 4 filings, which are public records. Congressional trade disclosures are sourced from Quiver Quantitative via the STOCK Act-mandated public disclosures. Names, roles, and transactions of corporate insiders and members of Congress that appear on the Service are part of public regulatory filings — not information we collect from those individuals.

5. Cookies and tracking technologies

We use the following categories of cookies and similar technologies:

  • Strictly necessary. `ce_token` — JWT session cookie that keeps you signed in. Required for authenticated features. Cannot be disabled if you want to use a logged-in feature.
  • Analytics. Google Analytics, Meta Pixel, Hotjar, and Ahrefs Analytics set first- or third-party cookies to measure aggregate behavior. You can opt out in your browser settings or via the respective providers’ opt-out tools.

You can configure your browser to refuse cookies or to alert you when a cookie is set. Disabling strictly-necessary cookies will affect functionality.

6. Data retention

We retain account data for as long as your account is active. Subscription and billing records are retained for at least seven (7) years to comply with US tax and accounting obligations. Analytics data is retained for up to 26 months in aggregate form. Email-delivery logs are retained for up to 90 days. If you delete your account (see Section 7), we delete account records within 30 days, except where retention is required by law.

7. Your rights and choices

Depending on where you live, you may have the following rights:

  • Access — request a copy of the personal information we hold about you.
  • Correction — ask us to correct inaccurate information.
  • Deletion — ask us to delete your account and associated personal data.
  • Portability — receive your data in a machine-readable format.
  • Objection / restriction — object to certain uses of your data.
  • Withdraw consent for any processing based on consent (e.g. analytics cookies).
  • California residents have additional rights under the California Consumer Privacy Act (CCPA) / California Privacy Rights Act (CPRA), including the right to know what is collected and the right to opt out of sale or sharing of personal information. We do not sell or share personal information for cross-context behavioral advertising.
  • EU / UK residents have rights under the GDPR / UK GDPR. The legal bases for our processing are: (a) performance of a contract (delivering the Service to you), (b) our legitimate interests (operating, securing, and improving the Service), (c) your consent for analytics cookies, and (d) compliance with legal obligations.

To exercise any of these rights, email us at contact@insidertradingtracker.co. We will respond within 30 days (45 days for CCPA requests).

8. Children’s privacy

The Service is not directed to children under 13 (or under 16 in the EEA). We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, contact us and we will delete it.

9. Security

We use industry-standard technical and organizational measures to protect your data, including HTTPS / TLS for data in transit, bcrypt password hashing, JWT session tokens, and principle-of-least-privilege access for our team. No system is 100% secure; we cannot guarantee absolute security.

10. International data transfers

We operate primarily in the United States. Our service providers may process data in the US and other countries. When we transfer data outside the European Economic Area or the United Kingdom, we rely on Standard Contractual Clauses or other valid transfer mechanisms.

11. Third-party links

The Service may link to third-party websites (e.g. SEC EDGAR). We are not responsible for the privacy practices of those sites. Please review their privacy policies before sharing personal information.

12. Changes to this policy

We may update this Privacy Policy from time to time. We will post the new version here and update the “Last updated” date above. Material changes will be communicated via email or a prominent notice in the Service. Your continued use of the Service after changes take effect constitutes acceptance.

13. Contact

Questions, requests, or complaints? Email contact@insidertradingtracker.co.