Privacy Policy

Last updated: February 18, 2026

1. Introduction

Darkly Energized LLC ("Company", "we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the Darkly Energized platform ("Service").

By using the Service, you consent to the data practices described in this policy. If you do not agree with these practices, please do not use the Service.

2. Information We Collect

Account Information

When you register, we collect your full name, email address, and password (hashed). If you register via Google OAuth, we receive your name, email, and profile image from Google.

Payment Information

Payments are processed by Stripe. We do not store your credit card numbers or banking details. Stripe may collect payment information in accordance with their own privacy policy. We store only your Stripe customer ID for subscription management.

Usage Data

We collect information about how you use the Service, including saved chart configurations, indicator preferences, and API usage patterns.

Technical Data

We may collect your IP address, browser type, operating system, and referring URLs for security, rate limiting, and fraud prevention purposes.

3. How We Use Your Information

  • Providing, operating, and maintaining the Service.
  • Processing payments and managing subscriptions via Stripe.
  • Sending email verification and account-related communications.
  • Enforcing rate limits and preventing abuse.
  • Responding to support requests and contact form submissions.
  • Detecting and preventing fraud and unauthorized access.
  • Improving the Service based on usage patterns.

4. Data Storage & Security

Your data is stored in PostgreSQL databases and Redis caches. We implement industry-standard security measures including:

  • Password hashing using secure algorithms.
  • API keys are hashed before storage — we cannot retrieve your raw key.
  • HTTPS encryption for all data in transit.
  • CSRF protection on all form submissions.
  • Session-based authentication with secure, HTTP-only cookies.

While we strive to protect your personal information, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.

5. Third-Party Services

Stripe

We use Stripe for payment processing. Stripe's use of your information is governed by their privacy policy.

Google OAuth

If you sign in with Google, we receive basic profile information as permitted by your Google account settings. See Google's privacy policy for details.

Data Sources

We fetch financial data from third-party APIs (FRED, central banks, CBOE, CoinGecko) on the server side. No user data is shared with these data providers.

6. Data Retention

Your account data is retained for as long as your account is active. If you delete your account, your personal data will be removed from our systems, subject to any legal retention obligations.

Cached financial data is stored temporarily with defined time-to-live (TTL) values and is automatically purged when expired. Session data expires after a configured inactivity period.

7. Your Rights Under GDPR

If you are located in the European Economic Area (EEA), you have the following rights regarding your personal data:

  • Access — request a copy of the personal data we hold about you.
  • Rectification — request correction of inaccurate or incomplete data.
  • Erasure — request deletion of your personal data.
  • Restriction — request that we restrict processing of your data.
  • Portability — request a machine-readable copy of your data.
  • Object — object to processing of your data in certain circumstances.
  • Withdraw Consent — withdraw consent at any time where processing is based on consent.

To exercise any of these rights, please contact us at support@darklyenergized.com.

8. Your Rights Under CCPA

If you are a California resident, you have the following rights under the California Consumer Privacy Act:

  • Right to Know — request disclosure of the categories and specific pieces of personal information we collect.
  • Right to Delete — request deletion of your personal information.
  • Right to Opt-Out — we do not sell your personal information to third parties.
  • Non-Discrimination — we will not discriminate against you for exercising your privacy rights.

9. Cookies

We use the following cookies, all of which are essential for Service operation:

  • Session cookies — required for authentication and maintaining your logged-in state. Stored in Redis.
  • CSRF tokens — required for protecting against cross-site request forgery attacks.

We do not use third-party tracking cookies, analytics cookies, or advertising cookies.

10. Children's Privacy

The Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child under 18, we will take steps to delete such information promptly.

11. International Transfers

The Service is operated from the United States. If you access the Service from outside the United States, your information may be transferred to, stored, and processed in the United States. By using the Service, you consent to such transfers.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated through the Service or via email. The "Last updated" date at the top of this page indicates the most recent revision.

13. Contact

If you have any questions about this Privacy Policy or wish to exercise your data rights, please contact us at support@darklyenergized.com.