Privacy Policy

This policy explains what personal data RJ Market Intelligence(the "service", "we") collects when you use it, how we use that data, what sub-processors we share it with, and your rights.

1. Who we are

RJ Market Intelligence is a personal research project operated under the pseudonym Regular Joe. There is no company behind the service. Contact for any privacy-related question: info@regularjoe.io.

2. What we collect

Account data. When you sign up, we store the email address you provide. Authentication is handled by Better Auth, which sets a session cookie so we recognise you on subsequent visits. We do not require your real name, physical address, phone number, government identifier, or date of birth.

Subscription data. When you subscribe, we store your subscription tier (Monthly, Yearly, Lifetime), status (active, cancelled, expired), start/end dates, and the NOWPayments subscription/invoice ID. The actual crypto-payment details (wallet addresses, transaction hashes, payment-network fees) are handled by NOWPayments — we do not store your private keys and do not see your wallet's full transaction history.

Usage data. Our hosting provider (Vercel) logs standard HTTP request metadata for operational monitoring: IP address, user agent, request path, response time. These logs rotate automatically and are used for abuse prevention and performance debugging, not analytics or profiling.

Error data. We use Sentry to capture application errors so we can fix bugs. Error reports include the URL you were on and the error stack trace. We have configured Sentry to not capture form inputs, message bodies, or other content you typed.

3. What we deliberately do not collect

• your real name
• your physical address
• your phone number
• any government identifier (passport, ID card, tax ID)
• your wallet's private keys or seed phrase
• financial information beyond what NOWPayments needs to process the payment
• ad-targeting cookies, profiling cookies, or third-party tracking pixels

4. Sub-processors

We use the following sub-processors to operate the service. Each one is contractually bound by its own privacy policy and security posture, which you can review on their sites.

• Vercel — web hosting (United States)

  Serves the dashboard and stores HTTP logs.

• Supabase — database (EU region: eu-central-1)

  Stores account email, subscription status, signal history, and alert events.

• NOWPayments — payment processing (international)

  Handles crypto invoices, subscriptions, refunds. They receive your wallet address and payment-network data.

• Sentry — error tracking (EU region)

  Captures application errors. Form inputs and message content are excluded from error reports by configuration.

• OpenRouter — AI report generation (United States)

  Generates daily asset reports. Receives asset data and signal snapshots only — no user-identifying data.

• Pinecone — similar-period retrieval (United States)

  Stores anonymised numeric signal vectors used by the daily report generator. No user data.

5. How we use your data

• Provide the service: sign-in, subscription gating, alert delivery
• Send transactional notifications where applicable (sign-up confirmation, subscription renewals, billing notifications). The email delivery provider used for these notifications is documented in the sub-processors list above and may change over time; current email-sending integration is rolling out alongside Slice 1.6 of the product.
• Operational monitoring: detect errors, fix bugs, prevent abuse
• Improve the service over time based on aggregated, non- identifying usage signals

We do not sell personal data. We do not rent it. We do not use it for ad targeting.

5a. Legal bases for processing (GDPR Article 6)

• Performance of a contract — for account creation, subscription gating, billing, and the core service you signed up for.
• Legal obligation — for retention of subscription / payment metadata where tax or accounting law requires it.
• Legitimate interests — for security, error monitoring, abuse prevention, and non-intrusive aggregate usage analysis. You can object to this processing at any time (see Your rights, below); we will balance your objection against operational necessity.
• Consent — for any optional communications outside the transactional notifications listed above. Consent can be withdrawn at any time.

6. Data retention

• Account data: kept while your account is active. Deleted on account-deletion request, except where retention is required by law (see Subscription).
• Subscription / payment metadata: kept for up to 7 years after the subscription ends for tax and accounting purposes, where applicable.
• Vercel access logs: rotated after approximately 30 days.
• Sentry error reports: rotated after 90 days.
• Alert events in the database: kept for the lifetime of your account so you can review historical alerts.

7. Your rights

If you are an EU/EEA resident, GDPR gives you the right to:

• access the personal data we hold about you
• correct inaccurate or incomplete data
• delete your data (subject to tax/accounting retention for paid subscribers)
• object to processing or restrict it
• receive a portable copy of your data
• complain to your local data-protection authority (Croatia: AZOP)

To exercise any of these rights, email info@regularjoe.io with your account email in the subject line. We aim to respond within 30 days.

8. Cookies

We use the minimum cookies required to operate the service:

• Authentication session (Better Auth) — required to keep you signed in.
• UI preferences — asset filter, selected tab, theme. Stored client-side.

We do not use third-party advertising cookies, retargeting pixels, or social-sharing trackers.

9. International transfers

Some sub-processors (Vercel, NOWPayments, OpenRouter, Pinecone) host services outside the EEA, typically in the United States. Where those providers process EU-resident data, we rely on the providers' published transfer mechanisms — Standard Contractual Clauses, EU-U.S. Data Privacy Framework participation where applicable, or equivalent safeguards — to maintain GDPR-equivalent protection. Supabase and Sentry processing for this service happens in the EU.

10. Children

This service is not directed at children under 18. We do not knowingly collect personal data from minors. If you are a parent and discover that a minor has signed up, email us and we will delete the account.

11. Security

We take reasonable technical and organisational measures to protect personal data: HTTPS everywhere, encrypted database connections, restricted database access via service-role keys, environment-secret hygiene, error scrubbing for sensitive fields. No internet service is perfectly secure; if a breach affects your data, we will notify affected users without undue delay.

12. Changes to this policy

We may update this policy from time to time. The "Last updated" date at the top reflects the most recent revision. Material changes will be highlighted on the site.

13. Contact

Any privacy-related question or rights request: info@regularjoe.io or use the contact form.

This policy is written in plain English by a non-lawyer operator and is provided as a best-effort statement of practice. It does not constitute legal advice. If any provision conflicts with the law that applies to you, the law takes precedence.