Privacy Notice

1. Who We Are

Sensei Prop is operated by Dejan Vuzevski, an individual based in North Macedonia ("we", "us"). For the purposes of data-protection law, we act as the data controller for personal data processed through the Service. Contact: dejanvuzevski@gmail.com.

2. Data We Collect

• Account data: name, email, password hash, OAuth identifiers.
• Profile data: display name, trader rank, streak, discipline score, avatar.
• Content you provide: trade journal entries, screenshots, notes, habits.
• Usage & telemetry: pages visited, features used, device & browser info, IP address.
• Support data: messages and attachments you send us.
• Payment data: handled directly by Paddle (we receive only subscription status, plan, and customer ID — not card details).

3. Why We Process It

• Provide and operate the Service (legal basis: performance of contract);
• Generate AI coaching feedback on your trades (contract);
• Authenticate users and prevent fraud or abuse (legitimate interests);
• Provide customer support (contract);
• Improve product quality and analytics (legitimate interests);
• Comply with legal obligations such as tax and accounting (legal obligation);
• Send service-related and (with consent) marketing emails.

4. Who We Share Data With

• Hosting & infrastructure: Supabase (database, auth, storage), Cloudflare (edge hosting).
• AI providers: Google (Gemini), OpenAI — for processing AI requests.
• Merchant of Record: Paddle.com — for sales, subscription management, payments, tax compliance, and invoicing.
• Professional advisers: legal, accounting where required.
• Authorities: when required by law or to protect rights and safety.

We do not sell your personal data.

5. International Transfers

Some recipients (e.g. Paddle, AI providers, hosting) may be located outside North Macedonia or the EEA. Where applicable, we rely on Standard Contractual Clauses or adequacy decisions to safeguard those transfers.

6. Retention

We keep account and content data for as long as your account is active. After deletion, we retain minimal records for legal, tax, and dispute-resolution purposes (typically up to 7 years for billing records), then delete or anonymise.

7. Your Rights

You have the right to:

• Access the personal data we hold about you;
• Request correction of inaccurate data;
• Request deletion ("right to be forgotten");
• Object to or restrict certain processing;
• Request data portability;
• Withdraw consent at any time;
• Lodge a complaint with the Personal Data Protection Agency of North Macedonia (or your local supervisory authority in the EEA).

To exercise any of these rights, email dejanvuzevski@gmail.com. We respond within one month.

8. Security

We use industry-standard technical and organisational measures: TLS encryption in transit, encryption at rest, scoped database access via row-level security, hashed credentials, and limited admin access. No system is 100% secure; we cannot guarantee absolute security.

9. Cookies

We use essential cookies for authentication and session management, and limited analytics cookies to understand product usage. You can clear cookies in your browser at any time; doing so may sign you out.

10. Changes

We may update this Privacy Notice. Material changes will be announced in-app or by email.

11. Contact

dejanvuzevski@gmail.com