Privacy Policy

1. Introduction

GoldTrack ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website goldtrack.io (the "Site").

2. Information We Collect

2.1 Automatically Collected Information

When you visit the Site, we automatically collect certain information about your device, including:

• IP address
• Browser type and version
• Operating system
• Pages visited and time spent on pages
• Referring website addresses
• Device information (mobile vs desktop)

2.2 Local Storage

We use browser local storage to save your preferences, including:

• Theme preference (light/dark mode)
• Price alert settings
• Selected currency and metal preferences

This data is stored locally on your device and is not transmitted to our servers.

2.3 Account Information

Core features like viewing real-time precious metals prices and charts are available without an account. However, some features require registration:

• Price Alerts: Requires account to create and manage alerts
• Portfolio Tracking: Requires account to track your holdings
• Newsletter: Requires email subscription (no account needed)

When you create an account, we collect your email address and authentication information through our identity provider (Clerk). We do not store passwords directly.

2.4 Activity Information

When you use certain features, we log activity information for security and service improvement purposes:

• Account actions (sign up, login, logout)
• Portfolio changes (adding, updating, or removing holdings)
• Alert creation and triggers
• Poll votes and newsletter subscriptions
• IP address and user agent (browser/device information)
• Timestamp of the activity

This information helps us detect unauthorized access, improve our services, and maintain security.

3. How We Use Your Information and Legal Basis

We use the collected information to:

• Provide and maintain our Site
• Create and manage your account
• Send you price alert notifications (if you opt in)
• Track your portfolio holdings (if you use portfolio features)
• Improve and personalize user experience
• Analyze Site usage and trends
• Detect and prevent technical issues
• Comply with legal obligations

Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA), UK, and Switzerland, we process your information based on the following legal grounds:

• Contract: We process your email and account information to provide account services you have requested, including price alerts and portfolio tracking.
• Legitimate Interest: We process analytics data and technical information to improve our Site, fix errors, and understand user behavior. This processing is necessary for our legitimate interests in operating and improving our service.
• Consent: We obtain your consent before placing non-essential cookies. You can withdraw consent at any time through your browser settings.
• Legal Obligation: We process data when required to comply with applicable laws and regulations.

4. Third-Party Services

4.1 Google Analytics

We use Google Analytics 4 ("GA4") to understand how users interact with our Site. GA4 is a web analytics service provided by Google LLC that tracks and reports website traffic.

Data Collected by Google Analytics:

• Pages visited and time spent on pages
• How you arrived at our Site (referrer URL)
• Browser type, operating system, and device information
• Approximate geographic location (country, city) based on IP address
• Anonymized IP addresses (full IP addresses are not stored)

Google Analytics uses cookies to collect this information. The information generated by the cookie about your use of the Site is transmitted to and stored by Google on servers in the United States.

How to Opt-Out:

• Install the Google Analytics Opt-out Browser Add-on
• Disable cookies in your browser settings
• Use browser privacy modes (Incognito, Private Browsing)

For more information about how Google uses data, visit Google's Privacy Policy and How Google uses data when you use our partners' sites or apps.

4.2 Advertising (Google AdSense)

We may display advertisements on the Site through Google AdSense. Google AdSense uses cookies and web beacons to serve ads based on your prior visits to our Site or other websites.

Data Collected by Google AdSense:

• Information about your visits to this and other websites
• Device and browser information
• IP address (may be used to estimate general location)
• Ad interactions (impressions, clicks)

How to Opt-Out:

• Visit Google Ads Settings to manage your ad personalization preferences
• Visit aboutads.info to opt out of interest-based advertising
• Use browser privacy settings or ad-blocking extensions

For more information, see How Google uses information from sites that use our services.

4.3 Email Delivery (Resend)

We use Resend to deliver transactional emails including price alert notifications, welcome emails, and newsletters:

• Your email address is shared with Resend for email delivery
• Email content includes your alert details or newsletter content
• Delivery status and engagement data (opens, clicks) may be tracked
• You can unsubscribe from marketing emails at any time via the link in each email

For more information, see Resend's Privacy Policy.

4.4 Error Tracking

We may use third party providers for error monitoring to improve Site reliability. These providers may collect technical information about errors, including browser type, operating system, and the page where the error occurred.

4.5 Authentication (Clerk)

We use Clerk for user authentication and account management. You can create an account using email or Google sign-in:

Email Sign-Up:

• Your email address is collected and verified
• Passwords are hashed by Clerk and never stored in plain text
• Authentication tokens are stored securely

Google Sign-In:

• We receive your email address and basic profile information (name, profile picture) from Google
• We do not receive or store your Google password
• You can revoke GoldTrack's access to your Google account at any time via your Google Account settings

For more information, see Clerk's Privacy Policy.

5. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to improve your experience on our Site. By continuing to use our Site, you consent to our use of cookies as described below. You can control cookies through your browser settings. However, disabling cookies may limit some Site functionality.

Types of cookies we use:

• Essential cookies: Required for Site functionality (these cannot be disabled)
• Analytics cookies (Google Analytics): Help us understand Site usage and improve user experience. These cookies have a 2-year expiration by default but can be deleted at any time through your browser settings.

Google Analytics Cookies:

• _ga - Distinguishes unique users (expires after 2 years)
• _ga_* - Persists session state (expires after 2 years)

Your Cookie Choices

You can control and manage cookies in several ways:

• Browser Settings: Most browsers allow you to refuse or accept cookies. Instructions are usually found in the "Help," "Tools," or "Edit" menu.
• Third-Party Opt-Out: Visit aboutads.info or youronlinechoices.eu (for EU users)

6. Data Security

We implement appropriate technical and organizational security measures to protect your information. However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee absolute security.

7. Data Retention

We retain information for the following periods:

• Account Data: Retained until you delete your account. Upon account deletion, your email, profile information, price alerts, and portfolio data are permanently removed within 30 days.
• Billing History: Retained for 6 years after account deletion for tax and legal compliance. Your user ID is removed from these records, so they cannot be linked back to you.
• Activity Logs: Automatically deleted after 30 days. We do not store email addresses in activity logs - only anonymized user IDs are used for analytics. Newsletter subscribe/unsubscribe events use a one-way hash of your email for counting unique subscribers, which cannot be reversed to identify you.
• Google Analytics Data: Automatically deleted after 14 months (GA4 default setting). User-level and event-level data is retained for this period, after which it is automatically deleted.
• Analytics Cookies: Stored in your browser for up to 2 years (can be deleted at any time via browser settings)
• Error Logs: Retained for up to 90 days
• Database Backups: Encrypted backups are retained for a maximum of 90 days, after which they are automatically deleted
• Local Storage Data: Retained on your device until you clear your browser cache or local storage

8. Your Privacy Rights

For All Users

Local preferences (theme, currency) are stored on your device and can be deleted by clearing your browser data. If you have a GoldTrack account, you can export or delete your account data from your account settings or by contacting privacy@goldtrack.io.

GDPR Rights (EEA, UK, Switzerland)

If you are located in the European Economic Area, United Kingdom, or Switzerland, you have the following rights:

• Right to Access: Request a copy of information we hold about you
• Right to Rectification: Request correction of inaccurate information
• Right to Erasure: Request deletion of your information
• Right to Restrict Processing: Request that we limit how we use your information
• Right to Data Portability: Request a copy of your data in a portable format
• Right to Object: Object to our processing of your information
• Right to Withdraw Consent: Withdraw consent for cookie placement at any time
• Right to Lodge a Complaint: File a complaint with your local data protection authority

California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act:

• Right to Know: Request disclosure of personal information collected, used, or shared
• Right to Delete: Request deletion of personal information we have collected
• Right to Opt-Out: Opt out of the "sale" or "sharing" of personal information
• Right to Non-Discrimination: Exercise your rights without discriminatory treatment

Notice: We do NOT sell or share personal information as defined by CCPA.

To exercise your California privacy rights, contact us at privacy@goldtrack.io with "California Privacy Request" in the subject line.

9. Children's Privacy

Our Site is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected such information, please contact us immediately.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that differ from your jurisdiction. By using our Site, you consent to such transfers.

11. Disclosure of Information

We are committed to your privacy and will only disclose your information in limited circumstances. We want to be transparent about when and what we may be required to share:

11.1 Legal Requirements

We may disclose your information if required to do so by law or in response to valid requests by public authorities. This includes:

• Court orders, subpoenas, or other legal processes
• Requests from law enforcement agencies with proper legal authority
• Government investigations or regulatory inquiries
• To protect our legal rights or defend against legal claims

11.2 What We May Be Required to Disclose

If legally compelled, we may be required to provide the following information:

• Account Information: Email address, account creation date, subscription tier
• Activity Logs: IP addresses, timestamps, and user agent information associated with account actions
• Portfolio Data: Holdings and transaction history
• Alert History: Price alerts you have created
• Billing Records: Transaction history and payment status (credit card details are held by Stripe, not us)

11.3 Our Commitment

We will:

• Only disclose information when legally required to do so
• Narrow the scope of disclosure to what is specifically requested
• Notify you of any legal request for your information unless prohibited by law from doing so
• Challenge overly broad or inappropriate requests where legally permissible

11.4 We Do NOT Sell Your Data

We do not sell, rent, or trade your personal information to third parties for marketing purposes. We do not share your data with data brokers or advertising networks beyond the analytics services described in this policy.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. You are advised to review this Privacy Policy periodically for any changes.

13. Contact Us

If you have any questions about this Privacy Policy, please contact us: