Legal

Privacy Policy

We collect the minimum data necessary to operate the platform. We do not sell your data. Ever.

Last updated: 1 June 2026

1. Data We Collect

Account & Payment Data

When you subscribe, PayPal shares your email address and subscription ID with us. We store this to verify your access rights. We never receive, process, or store your card number, bank account details, or full PayPal credentials — all payment processing is handled entirely by PayPal.

Usage Data

We collect anonymised usage data — which panels are viewed, feature usage frequency — through server-side logs on Netlify. This data cannot be linked to individual users and is used solely to improve the platform.

Data You Provide

If you contact us via email, we retain your email address and message content to respond to your inquiry. We do not add you to any marketing list without your explicit consent.

2. How We Use Your Data

We do not use your data for advertising, profiling, or any form of data brokering.

3. Data Storage & Security

Subscription records are stored in Netlify Blobs — an encrypted key-value store — and are HMAC-SHA256 signed to detect any tampering. We implement rate limiting, server-side authentication, and HTTPS enforcement (HSTS with 2-year max-age) across all platform endpoints.

No sensitive payment data is stored on our infrastructure. All payment credentials remain with PayPal under their PCI DSS compliance framework.

4. Third-Party Services

The platform integrates the following third-party services, each operating under their own privacy policies:

5. Your Rights

Subject to applicable law, you have the right to access, correct, or request deletion of your personal data. To exercise any of these rights, email support@marketthrob.com with the subject line Data Request. We will respond within 30 days.

If your subscription is cancelled and you request account deletion, we will permanently delete your subscription record from our systems within 30 days.

6. Sessions, Cookies & Local Storage

MarketThrob™ does not use tracking cookies or third-party advertising cookies.

Session Tokens

After logging in via magic link, a session token (a random UUID) is stored in your browser's sessionStorage. This is automatically and permanently cleared when you close your browser tab. It is never shared with third parties and is only transmitted to our own Netlify functions to verify your access.

Remember This Device (Optional)

If you opt in to "Remember this device" on a personal computer, a 30-day refresh token (a random UUID) is stored in localStorage. This token allows your session to auto-renew without a new magic link email on your personal device only. It is invalidated server-side if you cancel your subscription or log in on a new device.

Login Cookies

A short-lived same-site cookie (mt_remember, 15-minute expiry) is set when you check "Remember this device" and is used only to pass that preference to the login verification page. It contains no personal data.

Security reminder: Always close your browser completely after every session, especially on shared or public devices.

7. Single-Device Session Policy

MarketThrob™ enforces a strict single-device session policy: only one active login session is permitted per subscriber at any time. When you log in on a new device, your previous session is immediately invalidated server-side. This is a deliberate security control designed to protect subscribers from unauthorised access to their account.

Session records are stored in Netlify Blobs with HMAC-SHA256 signatures. Session tokens are random UUIDs with no embedded user information — they are meaningless without the corresponding server-side record.

8. Contact

Data controller: The Software Suite™ · support@marketthrob.com

Data controller: The Software Suite™ · privacy@marketthrob.com