Privacy Policy
Last updated: May 20, 2026
1. Introduction
Dipsern ("we," "us," or "our") operates the website at dipsern.com. This Privacy Policy explains what personal data we collect, how we use it, who we share it with, and your rights regarding that data.
2. Data We Collect
We collect the following categories of personal data:
- Account information — email address, full name, and password (hashed) when you create an account.
- Profile data — experience level, preferred asset categories, investment goals, and theme preference, collected during onboarding.
- Usage data — which assets you analyze, number of analyses performed per month, and features used, stored for freemium usage tracking.
- Payment information — billing details processed by Stripe. We do not store credit card numbers; Stripe handles all payment data directly.
- Technical data — IP address, browser type, and device information collected automatically via Vercel Analytics.
3. How We Store Your Data
Your account and profile data are stored in a Supabase PostgreSQL database with Row Level Security (RLS) enabled, ensuring you can only access your own data. The application is hosted on Vercel's infrastructure. All data is transmitted over HTTPS. API keys (for Premium users) are SHA-256 hashed before storage — we never store plaintext keys.
4. Third-Party Processors
We use the following third-party services to operate Dipsern:
| Service | Purpose | Data Shared |
|---|---|---|
| Supabase | Authentication & database | Email, profile, usage data |
| Vercel | Hosting & analytics | IP address, browser info |
| Stripe | Payment processing | Billing & payment details |
| Resend | Transactional email | Email address, name |
| Anthropic | AI-generated signal interpretations | Ticker, signal data (no PII) |
| GitHub Actions | Daily data pipeline (cron) | No user data — only public market prices |
Each processor maintains its own privacy policy and is contractually obligated to protect your data.
5. How We Use Your Data
- To provide and operate the Dipsern analysis platform.
- To manage your account, subscription, and usage limits.
- To send transactional emails (account confirmation, subscription updates).
- To personalize your experience based on your profile preferences.
- To improve our service through aggregated, anonymized analytics.
We do not sell your personal data to third parties. We do not use your data for advertising.
6. Cookies & Local Storage
We use essential cookies for authentication (Supabase session tokens) and theme preference. Vercel Analytics may use cookies or similar technologies to collect anonymous usage data; these are opt-in via our cookie banner. We do not use third-party advertising or tracking cookies. See our Cookie Policy for the full breakdown.
7. Your Rights
Depending on your jurisdiction (including under GDPR and CCPA), you have the right to:
- Access — request a copy of the personal data we hold about you.
- Rectification — correct inaccurate or incomplete personal data.
- Deletion — request that we delete your personal data and account.
- Portability — receive your data in a structured, machine-readable format.
- Objection — object to processing of your personal data for certain purposes.
To exercise any of these rights, contact us at support@dipsern.com. We will respond within 30 days. You can also download a complete machine-readable copy of your data at any time from your account settings.
7b. California Privacy Rights (CCPA / CPRA)
If you are a California resident, the California Consumer Privacy Act gives you additional rights:
- Right to know — what categories of personal information we collect, the sources, the purposes, and the categories of third parties with whom we share it. This is fully disclosed in sections 2, 4 and 5 above.
- Right to delete — request that we delete your personal information. You can self-serve this from your settings ("Delete Account") or email us.
- Right to correct — request that inaccurate personal information be corrected.
- Right to opt-out of sale/sharing — Dipsern does not sell or share your personal data for cross-context behavioral advertising. There is nothing to opt out of.
- Right to non-discrimination — we will not deny service, charge different prices, or provide a different quality of service because you exercised your rights.
8. Data Retention
We retain your account data for as long as your account is active. If you request account deletion, we will remove your personal data within 30 days, except where retention is required by law (e.g., financial transaction records). Anonymized, aggregated analytics data may be retained indefinitely.
9. Security
We implement industry-standard security measures including HTTPS encryption, Row Level Security on our database, hashed API keys, and secure authentication via Supabase Auth. While no system is 100% secure, we take reasonable steps to protect your data.
10. Children's Privacy
Dipsern is not intended for use by individuals under the age of 18. We do not knowingly collect personal data from children.
11. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated via email or a notice on our website. Your continued use of Dipsern after changes constitutes acceptance of the updated policy.
12. Contact
If you have questions about this Privacy Policy or your personal data, contact us at: