Privacy Notice

Updated November 22, 2024

This privacy policy explains the type, scope, and purpose of processing personal data (hereinafter referred to as "data") in connection with the provision of our services, as well as within our online offering and its related websites, functions, and content, including external online presences such as our social media profiles (collectively referred to as the "Online Offering"). The terminology used, such as "processing" or "controller," is based on the definitions in Article 4 of the General Data Protection Regulation (GDPR).

Controller

Robinson Guerra (for DREAVERR Digital Solutions LLP)
Email: [email protected]

Types of Data Processed

  • Inventory Data: e.g., names, addresses.
  • Contact Data: e.g., email addresses, phone numbers.
  • Content Data: e.g., text entries, API queries.
  • Usage Data: e.g., API endpoints accessed, access times, request volumes.
  • Meta/Communication Data: e.g., device information, IP addresses.
  • Payment Data: e.g., credit card details, billing address, transaction details.

Categories of Data Subjects

Visitors and users of the Online Offering, including API subscribers and email newsletter subscribers (hereinafter collectively referred to as "users").

Purpose of Processing

  • To provide the Online Offering, API endpoints, and content.
  • To process payments and deliver services related to subscriptions.
  • To deliver email newsletter content (AI-generated earnings call analysis) to newsletter subscribers.
  • To respond to contact inquiries and communicate with users.
  • To implement security measures and enforce rate limits.
  • To monitor API usage and prevent abuse.
  • For reach measurement and service improvement purposes.

Email Newsletter Data

When you subscribe to our email newsletter service, we collect your email address and optional name. This data is used exclusively for delivering earnings call analysis emails to you. We do not:

  • Sell, rent, or share your email address with third parties for marketing purposes.
  • Use your email for any purpose other than delivering the newsletter service you subscribed to.
  • Share subscriber lists with advertisers, partners, or any external parties.

Your email data is stored securely and deleted upon cancellation of your subscription or upon request. You can unsubscribe at any time via the unsubscribe link in every email.

Legal Bases

The processing of personal data is based on the GDPR:

  • Consent under Article 6(1)(a) GDPR.
  • Fulfillment of contractual obligations under Article 6(1)(b) GDPR (e.g., API access, payment processing).
  • Compliance with legal obligations under Article 6(1)(c) GDPR.
  • Protection of legitimate interests under Article 6(1)(f) GDPR (e.g., fraud prevention, rate limit enforcement).

Security Measures

We implement technical and organizational measures to ensure an appropriate level of security, taking into account the risks to the rights and freedoms of natural persons. These include:

  • Encrypted data transmission (TLS/HTTPS)
  • Hashed password storage (bcrypt)
  • Secure API key generation and authentication
  • Access controls, logging, and monitoring
  • Regular security reviews

Data Sharing

Personal data is shared with third parties only to the extent necessary:

  • Infrastructure providers: Hosting and database services necessary to operate the Service.
  • RapidAPI (API Subscriptions): API subscription payments are processed through RapidAPI. RapidAPI collects and processes your payment data for API plans. See RapidAPI's Privacy Policy.
  • Paddle.com (Newsletter Subscriptions): Email newsletter subscription payments are processed by Paddle.com as the authorized merchant of record. Paddle collects and processes your payment data, billing information, and transaction details for newsletter subscriptions. For details, see Paddle's Privacy Policy. For data subject requests related to payment data, contact Paddle at preferences.paddle.com or [email protected].
  • Email service providers: To deliver newsletter and analysis emails to subscribers.
  • Legal authorities: When required by law, court order, or governmental regulation.

Further sharing occurs only when legally required or necessary for fulfilling contractual obligations.

Data Transfers to Third Countries

Data may be transferred to third countries (outside the EU, EEA, or Switzerland) as part of service delivery and payment processing. We ensure that all data transfers comply with GDPR, for example, through Standard Contractual Clauses.

Data Subject Rights

Under applicable data protection laws, you have the following rights:

  • Access your processed data and obtain copies.
  • Rectify inaccurate data.
  • Request deletion of your data.
  • Restrict the processing of your data.
  • Transfer your data to another controller (data portability).
  • Withdraw your consent at any time with future effect.
  • Object to data processing for direct marketing or based on legitimate interests.
  • File a complaint with a supervisory authority.

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

Cookies

Cookies are used to enable functionality such as session management and authentication. These are essential cookies strictly necessary for the Service to function and do not require consent under applicable cookie laws. Users can disable cookies in their browser settings, which may limit the functionality of the Online Offering.

Self-Hosted Analytics

In addition to Google Analytics (described below), we operate a self-hosted analytics system to understand how visitors find and use the site. This system is activated only after you give explicit consent via the cookie banner. If you decline, no analytics cookies are set and no data is recorded.

Data Collected (with consent)

  • IP address
  • Pages visited (URL path and query parameters) and timestamps
  • Referring URL (the page you came from)
  • Browser and operating system information (user-agent string)
  • Country (derived from request headers - no GeoIP database is used)
  • Click events on certain buttons and links (e.g., Subscribe CTAs, scroll milestones)
  • UTM campaign parameters (utm_source, utm_medium, utm_campaign, utm_term, utm_content)
  • A first-party visitor identifier cookie (tr_vid, valid for 2 years) and a session cookie (tr_sid, expires when the browser closes)

Legal Basis

Consent under Art. 6(1)(a) GDPR. You can withdraw your consent at any time without giving reasons (see "Withdraw Consent" below).

Storage Location

The analytics database is hosted on Postgres infrastructure located in the European Union.

Retention Period

Analytics raw data (visitors, sessions, pageviews, click events) is retained indefinitely until you request its erasure. Aggregated daily statistics (totals per day) are also retained indefinitely. Conversion records associated with paid subscriptions are retained for 10 years to satisfy tax record-keeping obligations; upon erasure request, personally identifying fields on conversion records are pseudonymised but the financial transaction data itself is preserved.

Recipients

None. The analytics database is internal and not shared with any third party. (Google Analytics, where consent is also given, is a separate processor - see the relevant section above.)

Your Rights

You retain all rights described in the "Data Subject Rights" section above, including access, rectification, and erasure. To request erasure of your analytics data, contact us at [email protected].

Withdraw Consent

You can withdraw your consent at any time. This will delete the analytics cookies in your browser and stop further tracking. Existing data can be deleted on request via the email above.

Data Retention

Data is deleted in accordance with legal requirements when it is no longer necessary for the purposes for which it was collected. Account data is retained for as long as the account is active. API request logs are retained for up to 90 days for operational and security purposes. Upon account deletion, personal data will be removed within 30 days, except where retention is required by law.

Changes to This Privacy Policy

We reserve the right to update this privacy policy to reflect changes in legal requirements or our data practices. Users will be notified of significant changes.

Contact Information

For questions or concerns regarding this Privacy Notice, please contact us:

DREAVERR Digital Solutions LLP
Email: [email protected]
Address: 1103 - 11871 Horseshoe Way, Richmond, British Columbia, Canada V7A 5H5

Terms of Service · Refund Policy · Privacy Notice