Privacy Policy

FilingRadar is operated by JustShootMe, a sole proprietorship based in the Netherlands. We are the data controller as defined under the EU General Data Protection Regulation (GDPR).

Contact for privacy-related questions: contact@filingradar.app

We deliberately collect as little personal data as possible.

When you visit our website (no account)

• An anonymous session cookie (named fr_anon) to enforce daily download limits and prevent abuse.
• A SHA-256 hash of your IP address stored against your daily download count. The original IP is never stored.
• Standard server logs (browser type, page accessed, timestamp) automatically deleted after 7 days.

When you join the waitlist

• Your email address.
• The timestamp of your signup.
• Nothing else: no name, no phone, no address, no profile.

When you create an account (future feature)

• Your email address (used for magic-link login — no password stored).
• Your ticker watchlist.
• Your preferences (alert frequency, delivery channel).

• We do not store the SEC filings you download. They stream through our server in memory and are gone.
• We do not store your payment card details. Payments are processed by Lemon Squeezy (when subscriptions launch); we only receive a customer ID.
• We do not use tracking pixels, third-party analytics that fingerprint you, or behavioral advertising cookies.
• We do not sell your data to anyone. Ever.

• Contract (GDPR Art. 6(1)(b)): to deliver the service you signed up for (waitlist confirmation, filing alerts).
• Legitimate interest (GDPR Art. 6(1)(f)): rate limiting and abuse prevention.
• Consent (GDPR Art. 6(1)(a)): only for non-essential cookies if and when we introduce them. You can withdraw consent at any time.

• Database: Supabase, hosted in the EU.
• Application server: Railway (US-based infrastructure). Some processing happens in the United States.
• DNS & CDN: Cloudflare (global edge network).
• Email delivery: Resend (US-based, Standard Contractual Clauses signed).

For data transfers outside the EU, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission.

• Waitlist emails: until you unsubscribe, or until the service is decommissioned.
• Rate limit records: automatically deleted after 7 days.
• Server logs: automatically deleted after 7 days.
• Account data: for as long as you have an active account, plus 30 days after deletion for backup safety.

If you are in the EU/EEA (or anywhere we operate), you have the right to:

• Access the personal data we hold about you.
• Rectify inaccurate data.
• Delete ("right to be forgotten") your data.
• Restrict or object to certain processing.
• Data portability — export your data in a machine-readable format.
• Withdraw consent for any consent-based processing.
• Lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens): autoriteitpersoonsgegevens.nl

To exercise any of these rights, email contact@filingradar.app. We will respond within 30 days (typically much faster).

We use exactly one cookie:

• fr_anon — HttpOnly, Secure, SameSite=Lax. Lifespan: 30 days. Purpose: rate-limiting anonymous downloads. Not used for tracking.

We do not use Google Analytics, Facebook Pixel, or any third-party advertising/tracking cookies.

Reasonable technical and organizational measures protect your data: encryption in transit (HTTPS everywhere), encryption at rest (Supabase), Row-Level Security on database tables, minimal data collection, regular security audits. No system is 100% secure, but we follow industry best practices and will notify affected users within 72 hours of a confirmed breach as required by GDPR.

If we make material changes, we will post the revised policy here with an updated "Last updated" date. For substantial changes affecting your rights, we will email registered users at least 30 days before the changes take effect.

For any privacy-related question, request, or complaint:
contact@filingradar.app

JustShootMe
The Netherlands