Privacy Policy
Effective 2026-04-19
This Privacy Policy explains how J & M Sorce Holdings, LLC (“we”) collects, uses, and shares personal information when you use https://www.corpstacking.com and related services (the “Service”). We aim to collect the minimum data necessary to run the Service, and we never sell your personal information.
1. What we collect
Data you give us
- Account: email address, password (hashed by Supabase), display name, and optional avatar image.
- Contact for alerts: phone number (if you enable SMS), Telegram chat ID, Discord webhook URL, or webhook endpoint + signing secret (if you enable those channels).
- Billing: handled by Stripe. We store a Stripe customer ID mapped to your account; card numbers are never sent to our servers.
- Preferences: the companies you subscribe to, alert thresholds, channel configuration.
Data collected automatically
- Usage + device: IP address, user agent, referrer, pages visited, timestamps. Used for security, analytics, and fraud prevention.
- Cookies and similar: session cookies (required for login), preference cookies (e.g. “pwa_installed”), analytics (Vercel Analytics, PostHog), and — on the free tier only — ad-network cookies. See the Cookie Policy for detail.
- Push subscriptions: if you enable web push, we store the browser-issued subscription endpoint (no personal data embedded).
Data from third parties
If you sign in with Google or GitHub (OAuth), we receive the email address associated with that account, a stable user ID, and any profile picture URL the provider returns. We do not receive your OAuth password.
2. How we use it
- Run the Service: deliver alerts across your configured channels, render dashboards, process payments, honor your preferences.
- Security: detect abuse, rate-limit, prevent fraud, enforce TCPA opt-outs, protect user accounts.
- Improve the Service: understand which features are used, diagnose errors, prioritize work.
- Communicate: send transactional messages (password resets, receipts, plan changes), and — only if you opt in — the weekly digest email.
We do not use your data to train AI models, and we do not sell your personal information to advertisers or data brokers.
3. Who we share data with
We share only with the subprocessors necessary to run the Service. Each is contractually bound to use your data solely to provide their service to us.
| Processor | Purpose | Location |
|---|---|---|
| Supabase | Database, authentication, file storage | United States |
| Vercel | Hosting, edge network, analytics, build CI | United States |
| Stripe | Payment processing, subscription management | United States |
| Resend | Transactional + marketing email delivery | United States |
| Surge | SMS / MMS delivery | United States |
| CoinGecko | Cryptocurrency market data | Global CDN |
| alternative.me | Fear & Greed Index data | Global CDN |
| PostHog | Product analytics (optional, user-consented) | United States / EU |
| Coinzilla | Advertising (free tier only) | European Union |
We may also disclose information to comply with legal process (subpoenas, court orders), to enforce our Terms, or to protect our rights, property, or safety.
4. Data retention
- Active accounts: we retain account data for as long as your account is open.
- Deleted accounts: we delete personal data within 30 days of account deletion. Anonymized analytics may be retained indefinitely for aggregate reporting.
- Billing records: retained for 7 years to comply with tax and accounting rules.
- Alert history: retained while your account is active so you can audit delivery.
5. Your rights
Depending on where you live, you may have the right to access, correct, delete, or export your personal information, to object to or restrict certain processing, and to withdraw consent.
- Access / export: email jakesorce@gmail.com and we will provide a copy within 30 days.
- Correct: most fields can be updated in Settings. For anything else, email us.
- Delete: delete your account from Settings → Danger Zone, or email us. Deletion cascades through Supabase + removes billing data we’re not required to retain.
- Opt out of marketing: every marketing email has an unsubscribe link. Transactional messages (receipts, security notices) cannot be opted out of without closing your account.
- SMS STOP: reply
STOPto any SMS to opt out. We honor STOP immediately.
GDPR (European Economic Area, UK, Switzerland)
We process your data on the legal bases of (a) performance of a contract (to provide the Service), (b) legitimate interests (security, improvement), and (c) consent (for optional analytics and marketing). You have the right to lodge a complaint with your local data protection authority.
CCPA / CPRA (California)
California residents have the right to know what personal information we collect, request deletion, correct inaccurate data, and opt out of sale or sharing. We do not sell or share personal information for cross-context behavioral advertising. To exercise these rights, email jakesorce@gmail.com.
6. Security
We use industry-standard security — TLS in transit, encryption at rest for Supabase, Stripe for PCI-compliant payment handling, hashed passwords, row-level security on every user-scoped database table. No system is 100% secure; if you believe your account is compromised, contact jakesorce@gmail.com immediately.
7. International transfers
Our primary infrastructure is hosted in the United States (Supabase, Vercel, Stripe). If you are located outside the US, your data will be transferred to and processed in the US. Where applicable, we rely on Standard Contractual Clauses or equivalent safeguards for cross-border transfers.
8. Children
The Service is not directed to children under 16 and we do not knowingly collect personal information from them. If you believe a child has provided us personal information, email jakesorce@gmail.com and we will delete it.
9. Changes
We may update this Privacy Policy. The effective date at the top will reflect the latest revision. Material changes will be announced by email to registered users.
10. Contact
Privacy inquiries: jakesorce@gmail.com
Mailing address: 15046 S. Rebellion Court, Bluffdale, UT 84065