privacy policy
Last updated: May 2026
n0brains operates from the State of Illinois, United States, and acts as the data controller for the personal data described below. For privacy questions or to exercise your rights, contact [email protected].
1. information we collect
When you register for n0brains Signals, we collect your email address and a password hash. If you subscribe to the Pro tier, we also collect payment information processed by Stripe — we never see or store your credit card number.
When you use the API, we log request timestamps, endpoints accessed, and response status codes for rate limiting and abuse prevention. We do not log the content of your requests or responses.
2. how we use your information
Your email is used for account verification, billing notifications, and — if you opt in — occasional product updates. We do not sell, rent, or share your email with third parties.
API usage logs are used solely to enforce rate limits, detect abuse, and improve service reliability. We retain these logs for 90 days, after which they are automatically deleted.
3. data storage
All data is stored in encrypted PostgreSQL databases. Connections are encrypted via TLS. Passwords are stored as bcrypt hashes — we cannot read them.
4. third-party services
Stripe processes all payments. We receive a customer ID and subscription status from Stripe — never your card details. Stripe's privacy policy applies to payment data.
5. cookies
The n0brains.com website uses no tracking cookies. The API uses bearer tokens (JWT) for authentication — these are not cookies and are not sent to third parties.
6. data deletion
You can request full account deletion by emailing [email protected]. We will delete your account, API key, and all associated data within 30 days. Stripe customer records are managed by Stripe and subject to their retention policy.
7. security
We use industry-standard practices: TLS for all connections, bcrypt for passwords, JWT for API auth, and row-level security in our database. We do not share infrastructure with other services.
8. your rights (GDPR & CCPA)
Depending on where you live, you have rights over your personal data. We honor these requests regardless of your location:
- Access — request a copy of the personal data we hold about you
- Rectification — correct inaccurate or incomplete data
- Erasure — request deletion of your account and associated data ("right to be forgotten")
- Portability — receive your data in a machine-readable format
- Restriction & objection — limit or object to how we process your data
- Withdraw consent — opt out of optional product communications at any time
EU/EEA/UK residents (GDPR): our legal bases for processing are contract performance (operating your account and the Service), legitimate interest (abuse prevention and service reliability), and consent (optional product updates). You may lodge a complaint with your local data protection authority.
California residents (CCPA/CPRA): we do not sell or share your personal information, and we will not discriminate against you for exercising your privacy rights.
To exercise any right, email [email protected]. We respond within 30 days. We will verify your identity before acting on a request.
9. changes
We may update this policy periodically. Changes will be posted on this page with an updated "Last updated" date. Continued use of the service after changes constitutes acceptance.
// questions? [email protected]