Privacy Policy

1. Information We Collect

When you access or interact with Benchmark, we collect both personal and usage data:

• Account Profile Data: Email addresses, secure hashed passwords, creation timestamps, profile avatars, and onboarding selections such as investment focus and risk tolerances.
• OAuth Integration Info: If you authenticate via Google, we receive your email address, verification status, and name/avatar where available.
• Financial & Transaction History: Funding balances, subscription records, buy/sell executions, active crowdfund commitments, and bonding-curve holdings.
• Compliance / KYC Details: Government ID copies, addresses, tax numbers, and proof of residence when entering active dollar-backed tiers.
• Technical Telemetry: Anonymized IP addresses, browser types, session timings, and usage logs via our analytics suite (e.g. PostHog) to improve platform performance.

2. How We Use Your Information

• Service Provision: To create your account, secure sessions, calculate live portfolios, and execute dynamic pricing transactions.
• Compliance Safeguards: To satisfy global AML/KYC checks, prevent structural circular recycling of funds, and monitor fraudulent activity.
• Platform Updates: To send critical notifications about active savings products, crowdfunding milestones, and important legal changes.
• Product Optimization: Using anonymous telemetry to resolve build lags, improve chart rendering speed, and design better interfaces.

3. Information Sharing and Disclosure

We do not sell, trade, or rent user data. Information is shared with trusted third parties only in these scenarios:

• Infrastructure Providers: Supabase for database hosting, session auth, and secure file storage.
• Payment Gateways: To process card/bank payments and execute crowdfunding contributions (e.g. Dodo Payments).
• Compliance / KYC Vendors: Verifying your regulatory documents under strict legal frameworks.
• Legal Requirements: If compelled by regulatory bodies, law enforcement, or subpoena linked to anti-money laundering investigations.

4. Data Security & Storage

• All network traffic is encrypted via Transport Layer Security (TLS / HTTPS).
• Databases are managed under Row-Level Security (RLS) policies within Supabase to prevent unauthenticated access.
• Critical data such as OAuth profiles and transaction ledgers are isolated and fully auditable.

While we employ state-of-the-art security measures, no electronic storage system is 100% immune to vulnerabilities. Users are solely responsible for securing their passwords, OAuth credentials, and local browser cookies.

5. User Rights & Data Retention

Depending on your location (EU GDPR or California CCPA), you are entitled to:

• Access & Portability: You may request a structured export of all account and balance data.
• Rectification: You have the right to request corrections to inaccurate compliance documents or profile details.
• Erasure (Deletion): You may request account deletion. Certain transactional, audit, and AML records must be retained by law for 5–7 years.

6. Changes to this Privacy Policy

We reserve the right to modify this Privacy Policy at any time. Significant revisions will be reflected in an updated version date, a platform dashboard notification, or a consent checkpoint at your next sign-in.