Privacy Policy

1. Introduction

Dipsern ("we," "us," or "our") operates the website at dipsern.com. This Privacy Policy explains what personal data we collect, how we use it, who we share it with, and your rights regarding that data.

2. Data We Collect

We collect the following categories of personal data:

• Account information — email address, full name, and password (hashed) when you create an account.
• Profile data — experience level, preferred asset categories, investment goals, and theme preference, collected during onboarding.
• Usage data — which assets you analyze, number of analyses performed per month, and features used, stored for freemium usage tracking.
• Payment information — billing details processed by Stripe. We do not store credit card numbers; Stripe handles all payment data directly.
• Technical data — IP address, browser type, and device information collected automatically via Vercel Analytics.

3. How We Store Your Data

Your account and profile data are stored in a Supabase PostgreSQL database with Row Level Security (RLS) enabled, ensuring you can only access your own data. The application is hosted on Vercel's infrastructure. All data is transmitted over HTTPS. API keys (for Premium users) are SHA-256 hashed before storage — we never store plaintext keys.

4. Third-Party Processors

We use the following third-party services to operate Dipsern:

Each processor maintains its own privacy policy and is contractually obligated to protect your data.

5. How We Use Your Data

• To provide and operate the Dipsern analysis platform.
• To manage your account, subscription, and usage limits.
• To send transactional emails (account confirmation, subscription updates).
• To personalize your experience based on your profile preferences.
• To improve our service through aggregated, anonymized analytics.

We do not sell your personal data to third parties. We do not use your data for advertising.

6. Cookies & Local Storage

We use essential cookies for authentication (Supabase session tokens) and theme preference. Vercel Analytics may use cookies or similar technologies to collect anonymous usage data. We do not use third-party advertising or tracking cookies. You can disable cookies in your browser settings, but this may prevent you from logging in.

7. Your Rights

Depending on your jurisdiction (including under GDPR and CCPA), you have the right to:

• Access — request a copy of the personal data we hold about you.
• Rectification — correct inaccurate or incomplete personal data.
• Deletion — request that we delete your personal data and account.
• Portability — receive your data in a structured, machine-readable format.
• Objection — object to processing of your personal data for certain purposes.

To exercise any of these rights, contact us at support@dipsern-v8.com. We will respond within 30 days.

8. Data Retention

We retain your account data for as long as your account is active. If you request account deletion, we will remove your personal data within 30 days, except where retention is required by law (e.g., financial transaction records). Anonymized, aggregated analytics data may be retained indefinitely.

9. Security

We implement industry-standard security measures including HTTPS encryption, Row Level Security on our database, hashed API keys, and secure authentication via Supabase Auth. While no system is 100% secure, we take reasonable steps to protect your data.

10. Children's Privacy

Dipsern is not intended for use by individuals under the age of 18. We do not knowingly collect personal data from children.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or a notice on our website. Your continued use of Dipsern after changes constitutes acceptance of the updated policy.

12. Contact

If you have questions about this Privacy Policy or your personal data, contact us at:

support@dipsern-v8.com