TwoCentsHustler

This policy explains how TwoCentsHustler(“we”, “us”) collects and uses personal data, and your rights over it. It is written with the EU/UK General Data Protection Regulation (GDPR) in mind, but the principles apply wherever you are. It is provided for transparency and is not legal advice.

[Operator to complete]— insert the data controller's legal name and registered address; a Data Protection Officer or EU/UK representative under GDPR Art 27 if one is required; and the primary contact for privacy requests.

What we collect

Account data — if you create a membership, your email address, your name, and (if you sign in with Google) the basic profile information that flow provides.
Newsletter data — if you subscribe, your email address plus a consent record (timestamp, IP, source, and policy version) so we can prove your double opt-in. Subscriptions are confirmed by a single-use email link.
Referral-click logs — when you use an outbound exchange link, we record a pseudonymous log entry: the partner, a timestamp, your country, a query-stripped referrer, and a salted, hashed representation of your user agent. We do not store raw user-agent strings or IP addresses against these clicks.
Strictly necessary cookies — we set only essential session cookies (for example, to keep you signed in and to protect forms against cross-site request forgery). We do not use non-essential or advertising cookies, and we use cookieless analytics, so there is no tracking-consent banner at launch.

Lawful bases

Consent (GDPR Art 6(1)(a)) — for sending you the newsletter. You can withdraw consent at any time using the unsubscribe link in any email.
Contract (Art 6(1)(b)) — to provide your account and its features once you register.
Legitimate interests (Art 6(1)(f)) — for security, fraud and abuse prevention, and aggregate, privacy-preserving analytics (including pseudonymous referral-click measurement). You may object to processing based on legitimate interests.

How long we keep it

Unconfirmed newsletter subscribers — deleted roughly 30 days after sign-up if the opt-in is never confirmed.
Referral-click logs — aggregated into daily, non-identifying counts and the underlying pseudonymous rows purged on a rolling basis of roughly 90 days.
Account data — kept while your account is active and deleted when you delete your account (see your rights below).

Your rights

Subject to applicable law, you have the right to access, rectify, erase, restrict, or object to our processing of your personal data, to data portability, and to withdraw consent. To exercise them:

Delete your account at any time from your account settings. Deletion removes your profile and anonymizes any associated referral-click logs.
Unsubscribe from the newsletter using the link in any email, which withdraws your consent.
Contact us for any other request via our contact page. We may need to verify your identity before acting. You also have the right to complain to your local data protection authority.

Processors we use

We share data only with service providers who process it on our behalf under appropriate agreements (including standard contractual clauses for international transfers where required):

Cloudflare — hosting, storage, database, edge security, and cookieless web analytics.
Google — OAuth sign-in, if you choose to sign in with Google.
Finnhub and CryptoPanic — market-data and news providers we query server-side. We do not send your personal data to them.

[Operator to complete]— confirm the final processor list, the data-transfer mechanism for each, and link to each provider's data processing terms; document a breach-notification runbook (72-hour notification under GDPR Art 33).

Children

TwoCentsHustler is not directed at children and we do not knowingly collect data from anyone under 16 (or the applicable age of digital consent in your country).

Changes

We may update this policy; we will revise the “Last updated” date above and, for material changes, take reasonable steps to notify you.