Privacy Policy

RideTheDrop — ridethedrop.com · Last updated: May 27, 2026

1. Who We Are

RideTheDrop (“we,” “us,” “our”) is a financial information service operated by Amit Bagree, accessible at ridethedrop.com. We provide curated RSI momentum signals and AI-generated market commentary for informational purposes only.

For privacy questions: support@ridethedrop.com

2. What Data We Collect

2a. Data you give us via Google Sign-In

When you authenticate with Google, we receive from Google and store:

Email address
Display name
Google account ID (internal identifier only — never shown publicly)
Profile photo URL (used for your avatar initials fallback)

We do not receive your Google password.

2b. Data you create in the app

Stored in our database, linked to your account:

Bookmarks: tickers you save to your Watchlist or Portfolio
Filter presets: named sector/fundamentals filter combinations you save
Brokerage preference: which brokerage(s) you select for deep-link navigation
Marketing preference: whether you opted in to product updates and market insights emails at sign-up

2c. Usage events

When you click a “Trade [ticker] on [Brokerage]” link, we record the ticker symbol, the brokerage selected, and the timestamp.

Why we collect this: We want to understand whether the app is genuinely helping users act on signals and make informed decisions. This data is used solely for product improvement. It is never sold, shared with brokerages, or used to profile you for advertising.

This data is linked to your account and retained for 12 months, after which it is anonymised.

2d. Subscription and billing data

Payments are processed by Stripe. We store only your Stripe customer ID (an opaque reference), subscription status, and renewal date. We never see or store your full card number, CVV, or bank details.

2e. Technical and usage data

Session tokens: Auth tokens are stored in your browser’s localStorage to keep you signed in. They expire and rotate automatically.
Server logs: Our CDN logs standard HTTP request metadata (IP address, timestamp, URL path, browser user agent) as part of normal operation. These are not linked to your account and are retained for approximately 7 days.
Aggregate analytics: We may use cookieless, privacy-preserving analytics to understand aggregate traffic. No individual user tracking.

2f. What we do NOT collect

Location data (GPS, precise coordinates)
Photos or camera access
Microphone or device sensors
Browsing history outside ridethedrop.com
Financial account balances, portfolio values, or trading history from your brokerage

3. How We Use Your Data

Purpose	Data used	Basis
Authenticate you and keep you signed in	Email, Google ID, session token	Contract
Personalise your dashboard	Bookmarks, filter presets, brokerage preference	Contract
Manage your subscription	Stripe customer ID, renewal date	Contract
Send product updates (if opted in)	Email, marketing consent flag	Consent
Understand how users act on signals	Brokerage link click events	Legitimate interest
Respond to support requests	Email	Legitimate interest
Understand aggregate usage	Anonymised analytics	Legitimate interest

We do not use your data for advertising, sell it to third parties, or share it with data brokers.

4. Third-Party Services

Service	What they receive	Privacy policy
Google (OAuth)	Your Google account ID and profile at login	policies.google.com/privacy
Supabase (database + auth)	All app data listed in Section 2	supabase.com/privacy
Stripe (payments)	Email, billing details	stripe.com/privacy
Cloudflare (CDN + hosting)	IP address, HTTP request metadata	cloudflare.com/privacypolicy

5. Data Retention

Account data (email, name, preferences): retained while your account is active. Deleted within 30 days of account deletion request.
Brokerage click events: retained for 12 months, then anonymised.
Stripe billing records: retained for 7 years per financial record-keeping requirements.
CDN server logs: retained approximately 7 days.

6. Your Rights

All users may:

Access: Request a copy of the personal data we hold about you.
Deletion: Request deletion of your account and all associated data.
Correction: Request correction of inaccurate data.
Opt out of marketing: Unsubscribe via the link in any marketing email.

EU/EEA residents (GDPR) may additionally object to processing based on legitimate interests, restrict processing pending a dispute, and lodge a complaint with your local data protection authority.

California residents (CCPA/CPRA) have the right to know what personal information we collect, delete it, and opt out of sale (we do not sell personal information).

To exercise any of these rights, email support@ridethedrop.com. We will respond within 30 days (GDPR) or 45 days (CCPA).

7. Cookies and Local Storage

We do not use advertising or tracking cookies. We use:

Technology	Purpose	Type
`localStorage` (auth token)	Keep you signed in between sessions	Essential
`localStorage` (user preferences cache)	Avoid redundant API calls	Essential

8. Data Security

All data in transit is encrypted via HTTPS/TLS.
Database Row-Level Security (RLS) ensures each user can only read/write their own rows.
Service-role credentials are never exposed to the browser.
We do not store passwords (Google OAuth only).

9. Children’s Privacy

RideTheDrop is intended for adults interested in financial markets. We do not knowingly collect data from anyone under 16. If you believe a child under 16 has created an account, email support@ridethedrop.com and we will delete the account promptly.

10. Changes to This Policy

We may update this policy as the product evolves. Material changes will be communicated via email at least 14 days before taking effect. The “Last updated” date at the top of this page always reflects the current version.