Privacy Policy

We store the minimum needed to deliver your daily briefing: your account, an encrypted copy of your SiteGiant credentials, your Telegram recipient binding, and aggregate snapshots of your channel performance. We don't collect your buyers' personal data and we don't sell or share any of it.

Account data

• Your email address (used for login and service email).
• A password hash (managed by Supabase Auth).
• Your selected plan and subscription status.

SiteGiant credentials

• Your SiteGiant username and password, encrypted at rest with AES-256-GCM. They are decrypted only inside the patrol worker process at scrape time. We never display or transmit them in plain text.

Telegram binding

• The chat ID and handle of the Telegram account you bind, plus a recipient label you choose. Used solely to send your daily briefing.

Channel data (aggregate only)

• Daily snapshots of your channels: total GMV, order counts, SKU-level stats, channel health metrics. We do not store your buyers' names, emails, phone numbers, or addresses.

Operational data

• Logs of scrape attempts, delivery status of Telegram messages, billing events from Stripe, and audit records of sensitive actions.

• To deliver the Service (run scrapes, generate briefings, send Telegram messages, render the dashboard).
• To bill you correctly (via Stripe).
• To send service emails (verification, password reset, important account changes).
• To debug, monitor, and prevent abuse.

We do not use your data to train AI models. We do not sell or share it for advertising.

We use the following service providers to run GoalKeeper:

• Supabase — database, authentication, and file storage. Data is stored in their hosted Postgres.
• Vercel — web hosting for the dashboard and APIs.
• Stripe — payment processing. Stripe receives your card details directly; we never see or store them.
• Telegram — delivery of daily briefings and alerts to recipients you bind.
• Resend — transactional email (verification, password reset).

Each provider has its own privacy policy. We share only the minimum data each provider needs to do its job.

• SiteGiant credentials: AES-256-GCM at rest. Encryption key rotated with versioning.
• Connections to the dashboard and APIs use HTTPS.
• Database access is gated by row-level security; users can only read their own rows.
• Only the patrol worker and our admin tooling have credentials to read across users; access is logged.

• Account data: kept while your account is active.
• Daily snapshots and reports: kept for the life of the account (used to power trends and history).
• Operational logs: kept for 90 days.
• Stripe billing records: retained per Stripe's requirements (typically 7 years for accounting).

If you delete your account, we soft-delete immediately and purge associated data within 30 days. Billing records that we're legally required to retain remain in Stripe's ledger.

• Access: The dashboard shows everything we store under your account. Email us if you need a structured export.
• Correct: Update credentials, recipient labels, and goals in Settings.
• Delete: Settings → Account → Delete. Or email us.
• Object / restrict: Email us if you have a specific request and we'll work with you in good faith.

The Service is not directed to anyone under 16. We don't knowingly collect data from children.

We'll update the “Last updated” date above and, for material changes, email account holders before the change takes effect.

For privacy questions or to exercise your rights: privacy@goalkeeper.example.