PricedinGold

Privacy Policy

Last updated: 28 April 2026

Who is the controller

Priced in Gold (pricedingold.org) is the data controller for personal data collected through this site. Contact: pricedingold@gmail.com.

What we collect and why

  • Account data — your email address, and (for Google sign-in) the basic profile fields Google shares. Used to authenticate you.
  • Subscription data — your Stripe customer ID, subscription status and billing period. Used to grant you Pro access.
  • Payment data — handled entirely by Stripe; we never see your full card number. We store only the last 4 digits and brand if Stripe shares them.
  • Usage logs — IP address, user agent and approximate request data, kept for up to 30 days for security and abuse prevention.
  • Cookies — a single first-party session cookie is required to keep you signed in. We use Google AdSense on free pages; AdSense may set its own cookies (see Google's policy).

Legal basis (UK GDPR / GDPR)

Account and subscription data: contract performance. Logs and security: legitimate interests. Advertising cookies on free pages: consent (managed via the consent prompt where required).

Who we share data with

  • Stripe (payments) — Stripe is a separate controller for card data.
  • Supabase / Lovable Cloud (hosting and authentication).
  • Google (Sign-in, AdSense on free pages).
  • Yahoo Finance (data source — we send only the symbol, no personal data).

We do not sell your personal data.

International transfers

Some of the providers above are based outside the UK / EEA. Where that is the case, transfers are protected by Standard Contractual Clauses or equivalent safeguards.

How long we keep it

Account and subscription data: as long as your account is active, plus up to 7 years for tax/accounting records relating to payments. Logs: 30 days. You can delete your account from the Account page at any time.

Your rights

You have the right to access, correct, delete or export your data, and to object to or restrict processing. Email pricedingold@gmail.com to exercise any of these. You can also complain to your local data protection authority (in the UK, the ICO at ico.org.uk).

Security

Passwords are hashed; data is encrypted in transit (TLS) and at rest. Payment details are tokenised by Stripe and never touch our servers.

Children

The service is not intended for anyone under 18.

Changes

Material changes to this policy will be announced on the site or by email.