Privacy Policy
01

What We Collect

Account Information: We collect your email address when you sign up or join the waitlist. This is used for authentication, billing, and account management.

Messaging & Alerts: If you connect your Telegram account, we store your Telegram chat ID to send you pick notifications and market updates. You can disconnect at any time.

Wallet Address: If you provide your Polymarket wallet address, we store it to help you track which markets you're participating in. This is optional.

Usage Data: We collect information about how you use the service — which picks you view, when you log in, which features you use. This helps us improve the service.

Payment Data: Payment information (card details, billing address) is processed securely by Stripe. We never store your credit card numbers or sensitive payment data.

Analytics: We use privacy-respecting analytics to understand service performance and user behavior. This may include device type, browser information, and general geographic location.

02

How We Use Your Data

Deliver the Service: We use your email and wallet address to provide picks, alerts, and account access. Without this data, we cannot operate your subscription.

Communications: We use your email to send pick notifications, billing confirmations, service updates, and administrative messages. We may send occasional product updates or important notices.

Improve the Service: We analyze usage patterns to understand which features are valuable, identify bugs, optimize performance, and plan new functionality.

Legal Compliance: We may use your data to comply with applicable laws, respond to legal requests, prevent fraud, and enforce our Terms of Service.

Security: We monitor account activity to detect and prevent unauthorized access, fraud, and misuse.

What We Don't Do: We do not sell, rent, trade, or share your personal data with third parties for marketing purposes. We do not build profiles to sell to advertisers.

03

Legal Basis for Processing (GDPR)

Nordspike OÜ is registered in Estonia and complies with the EU General Data Protection Regulation (GDPR). We process your personal data based on:

Contract Performance: We process your data to fulfill the subscription agreement you entered into.

Legitimate Interest: We process usage data and analytics to improve the service and maintain security.

Consent: We rely on your consent for non-essential communications and newsletter sending. You can withdraw consent at any time by updating your preferences or contacting us.

Legal Obligation: We process data as required by law, including tax and financial regulations.

04

Data Sharing & Processors

We use trusted third-party service providers to operate the service. These processors handle data only as needed and are bound by confidentiality agreements:

Supabase: Database and authentication provider. Stores account data and usage analytics.

Vercel: Hosting and deployment provider. Hosts the Automated.Money website and application.

Stripe: Payment processor. Handles subscription billing and card processing. Stripe does not share your card details with us.

Resend: Email delivery service. Sends pick notifications and alerts to your email address.

Telegram: If you connect Telegram, your chat ID is shared with Telegram's API to send notifications.

We do not share your data with advertisers, data brokers, or other marketers. We do not sell personal data.

05

Your Data Rights (GDPR)

Under the GDPR, you have the right to:

Access: Request a copy of all personal data we hold about you.

Correction: Request we correct inaccurate or incomplete data.

Deletion: Request deletion of your data ("right to be forgotten"), except where we must retain it by law.

Portability: Receive your data in a structured, commonly used format to port to another service.

Object: Object to processing of your data for certain purposes (e.g., marketing).

Withdraw Consent: Withdraw consent for data processing at any time.

To exercise any of these rights, contact us at hello@automated.money. We will respond within 30 days.

06

Data Retention

We retain personal data only as long as necessary:

Account Active: While your subscription is active, we retain your email, wallet address, and usage data.

After Cancellation: After you cancel, we retain billing records for 7 years to comply with tax and financial regulations. We delete usage data after 12 months unless required by law.

On Request: You can request deletion of your account and data at any time. We will delete non-essential data immediately, subject to legal retention requirements.

Automated Deletion: We automatically delete failed login attempts and temporary session data within 30 days.

07

Security

We implement industry-standard security measures to protect your data:

Encryption in Transit: All data transmitted between your device and our servers uses HTTPS/TLS encryption.

Encryption at Rest: Sensitive data is encrypted in our database.

Access Control: We use role-based access control and row-level security (RLS) policies to limit who can access data.

Authentication: Accounts are protected by email-based authentication and optional multi-factor authentication.

Monitoring: We monitor for suspicious activity and unauthorized access attempts.

No Absolute Security: No method of internet transmission or storage is 100% secure. We cannot guarantee absolute protection against all security threats. Report any suspected breach to hello@automated.money immediately.

08

Cookies & Analytics

Essential Cookies: We use minimal cookies only for essential functionality — session management, authentication, and CSRF protection. These are required for the service to work.

Analytics: We use privacy-respecting analytics tools to measure page views, user flows, and service performance. This data is anonymized and does not identify individual users. We do not use advertising networks or pixel trackers.

Third-Party Tracking: We do not use third-party tracking pixels, ads networks, or social media trackers. We do not retarget you with ads.

Most browsers allow you to control cookies via settings. Disabling essential cookies may prevent you from logging in or using the service.

09

Contact & Data Protection

Company: Nordspike OÜ, registered in Estonia

Data Contact: For privacy inquiries, data subject requests, or to report a data breach, contact: hello@automated.money

Supervisory Authority: If you believe your rights have been violated, you have the right to lodge a complaint with the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon).

We will respond to data subject requests and privacy inquiries within 30 days.

Last modified: July 17, 2026