Your data, handled with care.

Polisnap is operated as a sole proprietorship (entreprise individuelle) based in the Province of Quebec, Canada. For any privacy question, write to support@polisnap.app.

As required under Quebec's Law 25 (art. 3.1), Polisnap has designated a person in charge of the protection of personal information. You can reach the Privacy Officer at support@polisnap.app with the subject line PRIVACY.

This Privacy Policy covers the website at polisnap.app, the Polisnap iOS app, and the transactional emails we send through our email provider. It explains what data we collect, why we collect it, how long we keep it, who we share it with, and what rights you have over it.

We collect the smallest set of data we can to make Polisnap work. The categories below are grouped by purpose:

• Account data — your email address and a hashed password — or, if you use Sign in with Apple, an opaque Apple identifier plus the email Apple chooses to relay (which may be a private relay address).
• Profile data — your language preference, your push-notification toggle, and an optional avatar.
• Portfolio data — the list of tickers (stocks and ETFs) you add to your portfolio, your custom alert preferences (signal × risk level), and any holding-level toggles you set.
• Device data — your APNs device token (needed to deliver notifications), your iOS version, the Polisnap app version, and your device model class.
• Subscription data — your Apple in-app purchase receipt (handled by Apple and RevenueCat), your subscription status (Free or Pro), and the renewal/expiration timestamps that come back from Apple.
• Diagnostic & log data — minimal server logs — IP address, timestamps, error traces — kept briefly for security and debugging.

We do not collect real names beyond what you choose to put in the email field, payment card numbers (those are handled entirely by Apple), brokerage credentials, transaction history, contacts, biometrics, or precise location data. We do not track you across other apps or websites.

Each piece of data we hold is used for a specific purpose and rests on a specific legal basis (performance of contract, legitimate interest, consent, or legal obligation). The table below makes the mapping explicit.

As required by Law 25 (art. 12.1) and GDPR (art. 22), we tell you when automated systems are involved. Polisnap uses AI to produce informational signals. These signals do not produce legal effects or similarly significant decisions about you — they are informational only, and you remain free to act on them or ignore them. You can also disable push notifications entirely at any time in Settings.

Your data is processed in the United States by Supabase Inc., and in the other countries listed in our sub-processor records. For Quebec residents, we have completed a Privacy Impact Assessment as required by Law 25 (art. 17) before transferring personal information outside Quebec. For EU/UK/Swiss residents, transfers rely on Standard Contractual Clauses or on the EU-U.S. Data Privacy Framework where the receiving vendor participates. We use vendors that encrypt data in transit (TLS) and at rest (AES-256).

Account, profile, and portfolio data are kept until you delete your account. Diagnostic logs are kept for up to 90 days. Subscription receipts are kept while the subscription is active and up to 7 years after, for tax record-keeping. When you delete your account, your data is purged within 30 days, except where a specific item must be retained longer to comply with a legal obligation (for example, tax records of a paid subscription).

We use industry-standard safeguards: TLS in transit, AES-256 encryption at rest by our hosting provider, hashed passwords (never stored in plaintext), and principle-of-least-privilege access for administrative operations. We monitor for suspicious activity and patch the stack promptly. No system is 100% secure — but we apply the level of protection a reasonable financial-tooling app should apply.

Depending on where you live, you have one or more of the following rights over your personal information. We honor them regardless of where you are based, to the extent the law of your jurisdiction grants them.

• Everyone — the right to access your data, correct it, delete it, and withdraw your consent at any time.
• Quebec (Law 25) — the rights of access, rectification, portability, deindexation (cessation of dissemination), withdrawal of consent, and the right to lodge a complaint with the Commission d'accès à l'information du Québec (CAI).
• European Union / United Kingdom (GDPR / UK GDPR) — the rights of access, rectification, erasure, restriction of processing, portability, and objection, and the right to lodge a complaint with your national supervisory authority (e.g. CNIL, ICO).
• California (CCPA / CPRA) — the right to know what we collect, to delete it, to correct it, to limit the use of sensitive data, and the right against sale or sharing for cross-context behavioral advertising. We do not sell or share your data, and we do not engage in cross-context behavioral advertising.

Email support@polisnap.app with the subject line PRIVACY and tell us which right you wish to exercise. We respond within 30 days. You may also delete your account directly inside the app at Profile → Delete account; that flow runs an Edge Function that cascades the deletion across our backend, and is irreversible.

Polisnap is intended for users aged 17 or older. We do not knowingly collect personal information from children under 13 (or under 16 for EU residents, depending on the local digital-consent age). If you believe a child has provided us personal information, contact support@polisnap.app and we will delete it promptly.

The website uses only first-party local storage to remember your theme and language preference. We do not currently use cookies, advertising trackers, or analytics services on the website or in the app. If we ever add any analytics or cookies, we will update this Privacy Policy in advance and ask for your consent where the law requires it.

If a security incident affects your personal information, we will notify the relevant supervisory authority (for example, the CAI in Quebec or your EU/UK supervisory authority) and we will notify you, without undue delay and within 72 hours of becoming aware of the incident, where required by law.

We may update this Privacy Policy as the product or the legal framework evolves. Material changes will be announced by email or via an in-app banner. This policy is interpreted under the laws of the Province of Quebec, Canada.

Polisnap · Province of Quebec, Canada · support@polisnap.app (subject line PRIVACY for any privacy-related request).