← Back to ShadowInsider

Privacy Policy

Last updated: April 2026

1. Controller

The controller responsible for data processing on this website within the meaning of the GDPR is:
Lukas Nachtigall
Willy-Brandt-Straße 4
51469 Bergisch Gladbach
Email: support@shadowinsider.com

2. Data We Collect

When you register and use ShadowInsider, the following personal data is collected and processed:

  • Username
  • Email address
  • Password (stored exclusively as a bcrypt hash — never in plain text)
  • Account creation date
  • Watchlists and tickers you add to them
  • Notification preferences

The insider trading data displayed on the dashboard is sourced exclusively from publicly available SEC EDGAR filings. No trading data belonging to users is stored.

3. Purpose of Processing

  • Providing your account and personalised features (watchlists, notifications)
  • Sending email notifications about insider trades at your request
  • Sending password reset emails upon explicit request
  • Security and abuse prevention

The legal basis is Art. 6(1)(b) GDPR (performance of a contract) for all features necessary to provide the service, and Art. 6(1)(a) GDPR (consent) for optional email notifications.

4. Cookies and Local Storage

ShadowInsider uses only technically necessary cookies:

  • access_token — HTTP-only authentication cookie (lifetime: 15 minutes)
  • refresh_token — HTTP-only token renewal cookie (lifetime: 7 days)

In addition, certain UI preferences (e.g. expanded sections) are stored in your browser's localStorage. This data never leaves your device.

5. Third-Party Service Providers

Your data is shared only with the following service providers acting as data processors:

  • Railway (railway.app) — backend and database hosting (USA; Standard Contractual Clauses)
  • Vercel (vercel.com) — frontend hosting (USA; Standard Contractual Clauses)
  • Resend (resend.com) — email delivery (only your email address and the content of the relevant notification; USA; Standard Contractual Clauses)

No further disclosure to third parties takes place.

6. Retention Period

Your data is stored for as long as your account exists. Upon account deletion, all personal data is immediately and permanently erased, including watchlists and notifications. Password reset tokens are automatically deleted after 1 hour.

7. Your Rights

Under the GDPR you have the following rights:

  • Access (Art. 15 GDPR) — request information about the data stored about you
  • Rectification (Art. 16 GDPR) — correct inaccurate data (available directly in your profile settings)
  • Erasure (Art. 17 GDPR) — delete your account directly in your profile settings under "Danger Zone"
  • Restriction (Art. 18 GDPR) — restrict the processing of your data
  • Objection (Art. 21 GDPR) — object to the processing of your data
  • Complaint — lodge a complaint with the competent supervisory authority

To exercise your rights, please contact: support@shadowinsider.com

8. No Investment Advice

ShadowInsider is a purely informational service. The data presented does not constitute investment advice, investment recommendations, or an invitation to buy or sell securities. All decisions based on this information are the sole responsibility of the user.

Legal NoticePrivacy Policy