Last Updated: March 28, 2026
This Privacy Policy describes how Bertatech LLC ("Company," "we," "us," or "our") collects, uses, and shares information when you use the PolitAlpha website at politalpha.com ("Site") and the services offered through it (collectively, the "Service").
By using the Service, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with this Privacy Policy, please do not use the Service.
| Data | When Collected | Purpose |
|---|---|---|
| Email address | Account registration | Account creation, authentication, service communications |
| Password | Account registration | Authentication (stored only as a cryptographic hash; we never store or have access to your plaintext password) |
| Watchlist selections | When you add items to your watchlist | Personalized tracking of politicians, stocks, and committees |
| Email preferences | When you configure notification settings | Controlling which emails you receive |
| Payment information | Pro subscription checkout | Subscription billing (processed entirely by Stripe; we do not receive or store your credit card number — see Section 4) |
| Data | How Collected | Purpose |
|---|---|---|
| IP address | Server logs | Rate limiting, security, abuse prevention |
| User agent | HTTP headers | Compatibility, debugging |
| Session token | Authentication cookie | Maintaining your login session |
| Page views and interactions | PostHog analytics (consent required) | Understanding how users navigate the site to improve features and usability |
We use PostHog, a product analytics platform, to understand how users interact with the Service. PostHog collects page views, button clicks, and navigation patterns. PostHog analytics are only activated after you explicitly consent via our cookie consent banner. If you decline analytics cookies, no analytics data is collected.
PostHog data is used solely for improving the Service. We do not use it for advertising, profiling, or selling to third parties. For more information, see PostHog's Privacy Policy.
We use the information we collect for the following purposes:
| Purpose | Legal Basis (GDPR) | Data Used |
|---|---|---|
| Providing the Service (account management, watchlist, data display) | Contract performance | Email, password hash, watchlist, preferences |
| Processing payments | Contract performance | Email, subscription plan (via Stripe) |
| Sending transactional emails (signup confirmation, password reset) | Contract performance | |
| Sending Pro subscription emails (Watchdog alerts, weekly digests) | Contract performance | Email, watchlist, preferences |
| Security and abuse prevention (rate limiting, fraud detection) | Legitimate interest | IP address, user agent |
| Email delivery monitoring (tracking delivery status for reliability) | Legitimate interest | Email address, send status, timestamps |
| Administrative operations (account management, support) | Legitimate interest | Account data, audit logs |
| Service improvement (bug fixes, performance optimization) | Legitimate interest | Aggregated, anonymized usage patterns |
We do not use your information for:
We do not sell, rent, or trade your personal information. We share your information only with the following categories of service providers, strictly for the purposes described:
| Provider | Purpose | Data Shared | Privacy Policy |
|---|---|---|---|
| Supabase (Supabase Inc.) | Authentication, database hosting | Email, password hash, all account data | supabase.com/privacy |
| Stripe (Stripe, Inc.) | Payment processing | Email, subscription plan, payment method | stripe.com/privacy |
| Resend (Resend, Inc.) | Email delivery | Email address, email content | resend.com/legal/privacy-policy |
| Cloud hosting provider | Application hosting and content delivery | Standard HTTP logs (IP, user agent) | Infrastructure hosted on U.S.-based cloud services with industry-standard security practices |
These providers process your data as "data processors" (GDPR) or "service providers" (CCPA) on our behalf, under contractual obligations to protect your data.
We may disclose your information if required to do so by law or in the good faith belief that such action is necessary to:
If the Company is involved in a merger, acquisition, asset sale, or bankruptcy, your information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on the Site before your information becomes subject to a different privacy policy.
The congressional trade data, stock data, and legislative data displayed on the Service is aggregated from public government sources, including filings with the U.S. Senate Office of Public Records and the Office of the Clerk of the U.S. House of Representatives. This data is in the public domain and does not contain personal information of our users.
In compliance with 5 U.S.C. app. § 105(c), all raw congressional financial disclosure data is made freely available to the general public through the Service without restriction. No account or subscription is required to access this data. Our proprietary analytics and derived insights are separate products that do not restrict access to the underlying public disclosure data.
Our aggregation and display of this public data is not governed by this Privacy Policy, as it does not constitute personal information.
All payment processing is handled by Stripe. When you subscribe to a Pro plan:
For information about how Stripe processes your data, please see Stripe's Privacy Policy.
| Cookie Name | Purpose | Type | Duration |
|---|---|---|---|
sb-*-auth-token | Supabase authentication session (JWT) | Strictly necessary / Functional | Session (expires with JWT, typically 1 hour; refreshed automatically) |
If you consent to analytics cookies via our cookie consent banner, PostHog sets cookies and uses localStorage to track page views and interactions. These cookies are only set after you explicitly opt in. You can withdraw consent at any time via the "Manage Cookies" link in the website footer.
We do not use:
We display a cookie consent banner on your first visit. Strictly necessary cookies (authentication) are always active. Analytics cookies (PostHog) are only activated if you explicitly consent. You can manage your preferences at any time via the "Manage Cookies" link in our website footer.
For more information, see our Cookie Policy.
| Data Category | Retention Period | Reason |
|---|---|---|
| Account data (email, profile) | Until account deletion + 30 days | Service provision; 30-day grace period for accidental deletion |
| Watchlist data | Until account deletion | Service provision |
| Email preferences | Until account deletion | Service provision |
| Email send logs | 12 months | Deliverability monitoring and debugging |
| Subscription events | 7 years after last event | Financial record-keeping (tax/audit requirements) |
| Admin audit logs | 3 years | Security and accountability |
| Server logs (IP, user agent) | 90 days | Security, rate limiting, abuse prevention |
| Authentication sessions | Until logout or JWT expiry | Security |
| Email suppression records (bounced/complained addresses) | Indefinite | Preventing delivery to invalid or complaining addresses; required for email deliverability and CAN-SPAM compliance |
After the retention period, data is permanently deleted or anonymized. Email suppression records are retained indefinitely to prevent re-sending to addresses that have bounced or filed complaints, as required for email deliverability compliance.
You may request deletion of your account and associated data by contacting us at support@politalpha.com. Upon receiving a verified deletion request:
You may request a copy of your personal data in a structured, machine-readable format (JSON or CSV) by contacting us at support@politalpha.com. We will fulfill such requests within 30 days.
You may update your email address and preferences through your account settings at any time. For other corrections, contact us at support@politalpha.com.
Regardless of your location, you have the right to:
If you are located in the European Union or European Economic Area, you have the following additional rights under the General Data Protection Regulation (GDPR):
Legal basis for processing: We process your data under the following legal bases:
Your additional rights:
International data transfers: Your data is processed on servers located in the United States. We rely on Standard Contractual Clauses (SCCs) approved by the European Commission for transfers of personal data from the EU/EEA to the United States. Our service providers (Supabase, Stripe, Resend) maintain appropriate data transfer mechanisms.
EU Representative: Given the current scope of our EU data processing, we have not appointed an EU representative under Article 27 of the GDPR. If you have questions about our data practices, please contact us at support@politalpha.com.
If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):
Categories of personal information collected (in the preceding 12 months):
| CCPA Category | Examples | Collected? |
|---|---|---|
| Identifiers | Email address | Yes |
| Internet activity | IP address, user agent | Yes |
| Commercial information | Subscription history, payment records | Yes (via Stripe) |
| Geolocation | IP-derived approximate location | Incidentally |
| Sensitive personal information | — | No |
We do NOT:
Your rights:
To exercise these rights, contact us at support@politalpha.com. We will verify your identity using the email address associated with your account. We will respond to verified requests within 45 days.
The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children under 18. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at support@politalpha.com, and we will take steps to delete such information.
We implement reasonable administrative, technical, and physical security measures to protect your personal information, including:
However, no method of transmission over the Internet or method of electronic storage is 100% secure. We cannot guarantee absolute security of your data. In the event of a data breach involving your personal information, we will notify you and relevant authorities as required by applicable law.
PolitAlpha is operated from the United States. If you are accessing the Service from outside the United States, please be aware that your data will be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your jurisdiction.
For EU/EEA users, we rely on Standard Contractual Clauses (SCCs) for lawful international data transfers. Our key service providers maintain the following transfer mechanisms:
By using the Service, you consent to the transfer of your information to the United States and other jurisdictions where our service providers operate.
| Email Type | Recipients | Can Opt Out? |
|---|---|---|
| Account confirmation | All new users | No (required for account setup) |
| Password reset | Users who request it | No (user-initiated) |
| Service notifications | All users (e.g., subscription changes, terms updates) | No (service-critical) |
| Monthly digest | Free users with watchlist items (opt-in) | Yes |
| Watchdog alerts | Pro subscribers (opt-in) | Yes |
| Weekly digest | Pro subscribers (opt-in) | Yes |
You can opt out of non-essential emails at any time by:
We will honor your opt-out request within 10 business days (CAN-SPAM) or without undue delay (GDPR). Opting out of marketing emails does not affect transactional or service-critical communications.
We may update this Privacy Policy from time to time. If we make material changes, we will notify you by:
We encourage you to review this Privacy Policy periodically. Your continued use of the Service after any changes constitutes your acceptance of the updated Privacy Policy.
If you have questions or concerns about this Privacy Policy or our data practices, please contact us at:
Bertatech LLC 211 E. Ohio St #1422 Chicago, IL 60611 Email: support@politalpha.com
For GDPR-related inquiries, you may also contact our data protection point of contact at support@politalpha.com.
*This Privacy Policy was last updated on March 28, 2026.*