TrumpWatch

Privacy Policy

Last updated: 2026-06-05

This Privacy Policy explains how OPI Nexus Tech (opitech.ie) (the "Controller", "we", "us") collects, uses, and protects personal data when you use TrumpWatch (the "Service"). We act as the data controller for the personal data described here.

1. Data we collect

We collect only what we need to run the Service:

  • Account data — your email address, a salted hash of your password (never the plaintext), an email-verification timestamp, a per-account unsubscribe token, your email opt-out flag, and your plan tier.
  • Billing data — a Stripe customer ID, a Stripe subscription ID, and your subscription status. Card and bank details are collected and stored by Stripe, not by us — we never see your full card number.
  • Watchlist data — the stock tickers you choose to follow, used to filter your alerts.
  • Email engagement / delivery data — a record of which alert was sent to which account and when, plus the provider message ID, used to prevent duplicate sends and to power unsubscribe.
  • Server logs — when you connect, our hosting provider records standard request metadata (including your IP address, timestamp, path, and status code). These logs are used for security and reliability and are retained for about 30 days. We do not store your IP address against your account profile.
  • Usage analytics — we use Vercel Web Analytics, a privacy-friendly and cookieless measurement tool, to count page views and aggregate usage events. It does not set cookies, does not fingerprint your device, and does not collect data that identifies you personally; the metrics are aggregated and are not linked to your account.

We do not sell your personal data, we do not share it with advertisers, and we do not use it to train AI models.

2. Why we use it, and our lawful bases (GDPR Article 6)

  • To provide the Service — deliver alerts, run your account and watchlist, and send transactional emails (verification, receipts). Lawful basis: performance of a contract (Art. 6(1)(b)).
  • To take payment — process your subscription via Stripe. Lawful basis: contract (Art. 6(1)(b)).
  • To secure and improve the Service — diagnose outages, prevent abuse and fraud. Lawful basis: legitimate interests (Art. 6(1)(f)) in operating a safe, reliable service, balanced against your rights.
  • To send alert emails after you opt in / verify — where we rely on it, your consent (Art. 6(1)(a)), which you can withdraw at any time via the unsubscribe link or Settings.
  • To meet legal obligations — e.g. tax and accounting. Lawful basis: legal obligation (Art. 6(1)(c)).

3. Service providers we share data with

We use a small number of vetted providers. Except where noted below, they act as our processors, handling data only on our instructions:

  • Stripe — payment processing. For your card and billing details Stripe acts as an independent controller under its own privacy policy (for fraud prevention, regulatory, and PCI compliance), not solely on our instructions. stripe.com/privacy
  • Resend — transactional and alert email delivery. resend.com/legal/privacy-policy
  • Neon — managed PostgreSQL database hosting (account, subscription, watchlist, and delivery data). neon.tech/privacy-policy
  • Vercel — application hosting, server logs, and cookieless Web Analytics. vercel.com/legal/privacy-policy

4. International transfers

Some of our processors are based in, or process data in, the United States and other countries outside the EEA/UK. Where personal data is transferred outside the EEA/UK, we rely on appropriate safeguards, principally the European Commission's Standard Contractual Clauses (SCCs) (and the UK Addendum where relevant), together with each provider's technical and organisational measures.

5. How long we keep it (retention)

  • Account, subscription, watchlist, and delivery data — for as long as your account is active, and then deleted within about 30 days of account closure, except where we must keep limited records longer to meet legal obligations (e.g. billing records for tax).
  • Server logs — about 30 days.

6. Your rights

Subject to applicable law (notably the EU/UK GDPR, and the CCPA for California residents), you have the right to:

  • Access — obtain a copy of the personal data we hold about you;
  • Rectification — have inaccurate data corrected;
  • Erasure — ask us to delete your data ("right to be forgotten");
  • Restriction — ask us to limit processing in certain cases;
  • Portability — receive your data in a structured, commonly used, machine-readable format;
  • Objection — object to processing based on legitimate interests, and opt out of alert emails at any time;
  • Withdraw consent — where we rely on consent, withdraw it at any time without affecting prior processing.

California residents additionally have the right to know, delete, and opt out of any "sale" or "sharing" of personal information — we do not sell or share personal information as those terms are defined under the CCPA — and not to be discriminated against for exercising their rights.

7. How to exercise your rights

Email legal@trumpstockwatch.com from the address on your account. We will respond within one month (30 days), extendable where the law allows for complex requests. We may need to verify your identity first.

8. Complaints

If you believe we have mishandled your data, you may lodge a complaint with your local supervisory authority. Our lead EU authority is the Irish Data Protection Commission (DPC), dataprotection.ie. EU/EEA and UK residents may also complain to the authority in their own country. We'd appreciate the chance to resolve your concern first — please contact us.

9. Security

We use HTTPS for all traffic, store passwords only as salted hashes, restrict production access on a least-privilege basis, and rely on managed providers with their own security programmes. No system is perfectly secure; if a breach affects your data we will notify you and the relevant authority as required by law.

10. Children

The Service is for adults. It is not directed at, and we do not knowingly collect personal data from, anyone under 18. If you believe a minor has provided us data, contact us and we will delete it.

11. Cookies

We set only strictly-necessary cookies to keep you logged in. We set no analytics or advertising cookies. See our Cookie Policy for the full list.

12. Changes

We will post material changes here with an updated date and, where appropriate, notify you by email. The "Last updated" date above reflects the latest revision.

13. Contact

Privacy questions: legal@trumpstockwatch.com.