Privacy Policy

Last updated: March 13, 2026

Effective for all users including residents of the European Economic Area (GDPR), California (CCPA/CPRA), and other jurisdictions with applicable privacy laws.

1. Who We Are

Stonkistan (“we,” “us,” “our”) operates Stonkistan.com — a market data aggregation and attention-tracking platform. We are the data controller for personal data collected through this website.

Contact: freedom@stonkistan.com

2. Data We Collect

2.1 Automatically Collected Data

Server logs: IP addresses, browser type, referring URLs, pages visited, timestamps. Retained for up to 30 days for security purposes.
Hashed session keys: A one-way cryptographic hash of your IP address (irreversible) used to enable anonymous features like comments and watchlists. Not a personal identifier.

2.2 Data You Provide Voluntarily

Account sign-in via Google: Your Google email address, display name, and profile photo URL are sent by Google to Clerk when you choose Google Sign-In. We receive only what Google provides; we cannot access your Google password, contacts, or other data.
Account sign-in via Email (one-time code): You provide your email address; Clerk sends a one-time verification code. No password is created or stored.
Account sign-in via Solana wallet (Phantom or compatible): Your public wallet address is recorded as your account identity. Your wallet signs a one-time message to prove ownership — no transaction is submitted, no private key or seed phrase is ever sent to or stored by Stonkistan or Clerk.
Comments: Text you post. Auto-deleted after 7 days.
Watchlist entries: Asset symbols saved to your watchlist. Deleted with your account or on request.
Contact form submissions: Messages sent via our Freedom of Speech form, including any email address you choose to provide.
Read-only wallet connect (non-account): You may also connect a wallet without creating an account. In this case we read your on-chain balance only; nothing is stored in our database.

2.3 Data from Third Parties

Google AdSense: May collect cookie identifiers for ad personalization. Subject to Google's Privacy Policy.
Clerk: Authentication provider handling all sign-in methods (Google, email, Solana wallet). See Clerk Privacy Policy.
Stripe: Payment processor. See Stripe Privacy Policy. We never see full card numbers.

3. How We Use Your Data

To deliver and operate the website and its features
To process Pro Citizenship subscriptions and payments
To display anonymous community features (watchlists, comments)
To respond to inquiries submitted via our contact form
To detect and prevent fraud, abuse, or security threats
To comply with legal obligations
To analyze aggregate, anonymized usage patterns to improve the site

We do not sell personal data to third parties. We do not use personal data for automated decision-making that produces legal effects.

4. Legal Basis for Processing (GDPR)

For users in the European Economic Area, we process data under the following legal bases:

Contractual necessity: Account creation, subscription management, payment processing.
Legitimate interests: Security logging, fraud prevention, anonymous session keys for site functionality.
Consent: Analytics cookies, advertising cookies (Google AdSense), contact form submissions. You may withdraw consent at any time.
Legal obligation: Compliance with applicable laws.

5. Cookies & Tracking

We use cookies and similar technologies. For full details, see our Cookie Policy.

Summary of cookie categories:

Strictly Necessary: Authentication tokens, session management. No consent required.
Analytics: Aggregate usage statistics. Consent required in EU/UK.
Advertising: Google AdSense personalization. Consent required. Declining results in non-personalized ads.

You can manage your cookie preferences at any time via our cookie consent banner or by contacting us.

6. Data Retention

Comments and article interactions: deleted after 7 days (automated)
Watchlist data: retained until account deletion or on request
Account data (Pro Citizens): retained for the duration of subscription plus 90 days after cancellation
Server access logs: up to 30 days
Contact form submissions: up to 12 months
Payment records: as required by applicable tax law (typically 7 years)

7. Your Rights

7.1 Rights Under GDPR (EU/EEA/UK)

Right of access: Request a copy of personal data we hold about you
Right to rectification: Correct inaccurate personal data
Right to erasure: Request deletion of your personal data (“right to be forgotten”)
Right to restrict processing: Limit how we use your data
Right to data portability: Receive your data in a machine-readable format
Right to object: Object to processing based on legitimate interests
Right to withdraw consent: At any time, without affecting prior processing

7.2 Rights Under CCPA/CPRA (California)

Right to know what personal information is collected
Right to delete personal information
Right to opt-out of the sale or sharing of personal information (we do not sell data)
Right to non-discrimination for exercising your rights
Right to correct inaccurate personal information
Right to limit use of sensitive personal information

To exercise any rights, email us at freedom@stonkistan.com. We will respond within 30 days (GDPR) or 45 days (CCPA).

8. International Data Transfers

Stonkistan is hosted on Vercel infrastructure in the United States. If you are located in the EU/EEA, your data may be transferred to and processed in the US. We rely on Vercel's Standard Contractual Clauses and appropriate safeguards for such transfers. Stripe and Clerk maintain their own transfer mechanisms; please review their respective policies.

9. Children's Privacy

Stonkistan is not directed at children under 16 years of age (or 13 in the United States). We do not knowingly collect personal data from children. If you believe a child has provided data to us, contact us immediately at freedom@stonkistan.com.

10. Data Security

We implement industry-standard security measures including encrypted database connections (TLS), hashed identifiers, and access-controlled infrastructure. No method of transmission over the internet is 100% secure. We cannot guarantee absolute security but commit to promptly notifying affected users in the event of a data breach where required by law.

11. Changes to This Policy

We may update this policy periodically. Material changes will be indicated by updating the “Last updated” date. Your continued use of the site after changes constitutes acceptance. For significant changes, we will provide additional notice where required.

12. Supervisory Authority

EU/EEA residents have the right to lodge a complaint with their local data protection supervisory authority. UK residents may contact the ICO at ico.org.uk. California residents may contact the California Privacy Protection Agency.

13. Contact

For all privacy inquiries, data subject requests, or to exercise your rights:

Email: freedom@stonkistan.com