Privacy Policy

1. Introduction

Welcome to PRUF (“we,” “our,” or “us”). PRUF operates the website located at https://getpruf.app (the “Service”), a trading signals platform that aggregates and analyzes publicly available trading information from social media influencers.

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website or use our Service. By accessing or using our Service, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy.

2. Information We Collect

2.1 Information You Provide Directly

• Account Information: Email address, password (encrypted), display name (optional), referral codes
• Communication Preferences: Email alert preferences for followed traders
• User-Generated Content: List of traders you follow

2.2 Information We Collect Automatically

• Usage Data: Pages visited, time spent, click patterns, device type, browser information, IP address (anonymized)
• Cookies: Authentication session cookies, demo access cookies, essential functionality cookies

2.3 Information from Third-Party Sources

We collect publicly available information from Twitter/X about trading influencers, including public usernames, profile information, publicly posted tweets containing trading signals, and engagement metrics. We do not collect private social media data.

3. How We Use Your Information

3.1 Service Provision

• To create and manage your account
• To authenticate your identity and maintain session security
• To provide access to trading signals and leaderboards
• To send email alerts about traders you follow
• To process beta access and waitlist management

3.2 Service Improvement

• To analyze usage patterns and optimize user experience
• To develop new features and functionality
• To monitor and improve Service performance

3.3 Security and Legal Compliance

• To detect and prevent fraud and abuse
• To enforce our Terms of Service
• To comply with legal obligations

4. Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA), United Kingdom, and Switzerland, we process your personal data under the following legal bases:

• Contractual Necessity: Account creation, service provision, processing your subscriptions
• Legitimate Interests: Improving our Service, ensuring security, analyzing usage, preventing fraud
• Consent: Marketing communications, email alerts for followed traders
• Legal Obligation: Responding to lawful requests, tax and accounting obligations

5. Your Rights Under GDPR (EU Users)

If you are in the European Economic Area, you have the following rights:

• Right of Access: Request a copy of your personal data
• Right to Rectification: Request correction of inaccurate data
• Right to Erasure: Request deletion of your data (“Right to Be Forgotten”)
• Right to Restrict Processing: Request restriction of processing
• Right to Data Portability: Receive your data in a machine-readable format
• Right to Object: Object to processing based on legitimate interests
• Right to Withdraw Consent: Withdraw consent at any time
• Right to Lodge a Complaint: File a complaint with a supervisory authority

To exercise these rights, contact us at: privacy@getpruf.app

6. Your Rights Under CCPA (California Users)

If you are a California resident, you have the following rights:

• Right to Know: Request disclosure of categories and specific pieces of personal information collected
• Right to Delete: Request deletion of personal information
• Right to Opt-Out of Sale: We do not sell your personal information
• Right to Non-Discrimination: You will not be discriminated against for exercising your rights

Categories of Personal Information We Collect

To exercise your rights, email privacy@getpruf.app with subject line “CCPA Request”.

7. Cookies and Tracking Technologies

7.1 Types of Cookies We Use

• Essential Cookies (Required): Authentication cookies, security cookies, demo access cookies
• Analytics Cookies (Optional): Vercel Speed Insights for performance monitoring

7.2 Cookie Management

You can control cookies through your browser settings. Disabling essential cookies may prevent you from using certain features.

7.3 Do Not Track Signals

Our Service currently does not respond to DNT signals. You can opt out through browser settings or by contacting us.

8. Third-Party Services

We use the following third-party service providers:

9. Data Retention

• Account Data: Retained while account is active; deleted/anonymized within 30 days of deletion
• Usage Data: Retained for 24 months, then aggregated or deleted
• Email Communications: Retained for 12 months
• Trading Signal Data: Retained indefinitely (publicly sourced data)
• Backups: May be retained up to 90 days for disaster recovery

10. Data Security

10.1 Technical Measures

• All data transmitted via HTTPS/TLS 1.3
• Passwords hashed using industry-standard algorithms
• Role-based access controls
• Enterprise-grade hosting on Vercel
• Row-level security and encryption at rest via Supabase

10.2 Security Headers

• X-Frame-Options: DENY
• X-Content-Type-Options: nosniff
• Referrer-Policy: strict-origin-when-cross-origin

11. Data Breach Notification

In the event of a data breach affecting your personal data, we will:

• Notify affected users via email within 72 hours of discovery
• Provide details of the breach, data affected, and remediation steps
• Notify relevant supervisory authorities as required by law

To report security vulnerabilities: security@getpruf.app

12. International Data Transfers

Your data may be transferred to and processed in the United States. For EU/EEA/UK users, we ensure appropriate safeguards through Standard Contractual Clauses (SCCs) and Data Processing Agreements with all third-party processors.

13. Email Marketing and Communications

Types of Communications

• Transactional Emails (Required): Account verification, password reset, security alerts
• Service Notifications (Required): Terms changes, critical announcements
• Trading Alert Emails (Opt-In): Alerts for traders you follow

Opting Out

• Click “Unsubscribe” in any marketing email
• Manage preferences at https://getpruf.app/settings
• Contact privacy@getpruf.app

14. Children's Privacy (COPPA)

Our Service is not intended for children under 13 years of age (or 16 in the EEA). We do not knowingly collect personal information from children under these age limits.

If you believe your child has provided us with personal information, please contact us immediately at privacy@getpruf.app.

15. Data Sharing and Disclosure

We may share data with:

• Service Providers: Third parties who assist in operating our Service (see Section 8)
• Legal Requirements: To comply with legal process or government requests
• With Your Consent: For other purposes with your explicit consent
• Aggregated Data: Anonymized data that cannot identify you

16. Your Account and Data Management

• Accessing Data: Log into your account at https://getpruf.app
• Updating Information: Update email, password, and preferences in account settings
• Data Export: Email privacy@getpruf.app with subject “Data Export Request”
• Data Deletion: Email privacy@getpruf.app with subject “Account Deletion Request”

17. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy, updating the “Last Updated” date, and sending email notification for significant changes.

Your continued use of the Service after changes constitutes acceptance of the updated Privacy Policy.

18. Contact Information

Additional State-Specific Disclosures

• Virginia (VCDPA): Virginia residents have rights similar to CCPA
• Colorado (CPA): Colorado residents have access, correct, delete, and opt-out rights
• Connecticut (CTDPA): Connecticut residents have similar privacy rights

Contact us to exercise these rights.