Privacy Policy

Last updated: March 8, 2026

1. Introduction

Darkly Energized LLC ("Company", "we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the Darkly Energized platform ("Service").

By using the Service, you consent to the data practices described in this policy. If you do not agree with these practices, please do not use the Service.

2. Information We Collect

Account Information

When you register, we collect your full name, email address, and password (hashed). If you register via Google OAuth, we receive your name, email, and profile image from Google.

Payment Information

Payments are processed by Stripe. We do not store your credit card numbers or banking details. Stripe may collect payment information in accordance with their own privacy policy. We store only your Stripe customer ID for subscription management.

x402 Cryptocurrency Payments

When you access the API via x402 pay-per-call, we record your blockchain wallet address, transaction hash, IP address, and series accessed for audit and compliance purposes. Blockchain transactions are publicly visible on the Base network; we do not collect personal identity information beyond what is inherent in blockchain data.

Usage Data

We collect information about how you use the Service, including saved chart configurations, indicator preferences, and API usage patterns.

Technical Data

We may collect your IP address, browser type, operating system, and referring URLs for security, rate limiting, and fraud prevention purposes.

3. How We Use Your Information

  • Providing, operating, and maintaining the Service.
  • Processing payments and managing subscriptions via Stripe.
  • Sending email verification and account-related communications.
  • Enforcing rate limits and preventing abuse.
  • Responding to support requests and contact form submissions.
  • Detecting and preventing fraud and unauthorized access.
  • Improving the Service based on usage patterns.

4. Data Storage & Security

Your data is stored in PostgreSQL databases and Redis caches. We implement industry-standard security measures including:

  • Password hashing using secure algorithms.
  • API keys are hashed before storage — we cannot retrieve your raw key.
  • HTTPS encryption for all data in transit.
  • CSRF protection on all form submissions.
  • Session-based authentication with secure, HTTP-only cookies.

While we strive to protect your personal information, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.

5. Third-Party Services

Stripe

We use Stripe for payment processing. Stripe's use of your information is governed by their privacy policy.

Google OAuth

If you sign in with Google, we receive basic profile information as permitted by your Google account settings. See Google's privacy policy for details.

x402 Protocol / Coinbase

x402 cryptocurrency payments are facilitated through infrastructure operated by Coinbase via the x402.org protocol. See Coinbase's privacy policy for details on their data practices.

Data Sources

We fetch financial data from third-party APIs (FRED, central banks, CBOE, CoinGecko) on the server side. No user data is shared with these data providers.

6. Data Retention

Your account data is retained for as long as your account is active. If you delete your account, your personal data will be removed from our systems, subject to any legal retention obligations.

Cached financial data is stored temporarily with defined time-to-live (TTL) values and is automatically purged when expired. Session data expires after a configured inactivity period.

7. Your Rights Under GDPR

If you are located in the European Economic Area (EEA), you have the following rights regarding your personal data:

  • Access — request a copy of the personal data we hold about you.
  • Rectification — request correction of inaccurate or incomplete data.
  • Erasure — request deletion of your personal data.
  • Restriction — request that we restrict processing of your data.
  • Portability — request a machine-readable copy of your data.
  • Object — object to processing of your data in certain circumstances.
  • Withdraw Consent — withdraw consent at any time where processing is based on consent.

To exercise any of these rights, please contact us at support@darklyenergized.com.

8. Your Rights Under CCPA

If you are a California resident, you have the following rights under the California Consumer Privacy Act:

  • Right to Know — request disclosure of the categories and specific pieces of personal information we collect.
  • Right to Delete — request deletion of your personal information.
  • Right to Opt-Out — we do not sell your personal information to third parties.
  • Non-Discrimination — we will not discriminate against you for exercising your privacy rights.

9. Cookies

We use the following cookies, all of which are essential for Service operation:

  • Session cookies — required for authentication and maintaining your logged-in state. Stored in Redis.
  • CSRF tokens — required for protecting against cross-site request forgery attacks.

We do not use third-party tracking cookies, analytics cookies, or advertising cookies.

10. Children's Privacy

The Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child under 18, we will take steps to delete such information promptly.

11. International Transfers

The Service is operated from the United States. If you access the Service from outside the United States, your information may be transferred to, stored, and processed in the United States. By using the Service, you consent to such transfers.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated through the Service or via email. The "Last updated" date at the top of this page indicates the most recent revision.

13. ProactiveAgent (iOS App)

ProactiveAgent is a separate iOS application published by Darkly Energized LLC. It is designed so that your financial information stays on your device. Specifically:

  • No account on our servers. The app does not create an account with Darkly Energized. We have no database of ProactiveAgent users.
  • No bank linking. The app does not integrate with bank-linking services. Statements you import (CSV, PDF) are parsed on-device.
  • No analytics SDKs. The app contains no third-party analytics, advertising, or tracking SDKs.
  • On-device AI. The in-app advisor uses Apple Intelligence on supported devices and runs locally. Prompts and responses are not sent to Darkly Energized.
  • One outbound request. The app fetches daily currency exchange rates from the European Central Bank via the public Frankfurter API (api.frankfurter.dev). The request contains no personal data; as with any web request, your IP address may be logged by the rate provider.
  • Purchases handled by Apple. The optional Pro Unlock and Tip Jar are processed by Apple via the App Store using your Apple ID. Apple's privacy policy governs these transactions.
  • Deletion. Removing the app from your device removes the data. There is no server-side copy to delete.

If you contact us via the ProactiveAgent support form, your name, email, and message are stored on Darkly Energized servers so we can reply. This data is treated under the same terms as the rest of this policy.

14. Contact

If you have any questions about this Privacy Policy or wish to exercise your data rights, please contact us at support@darklyenergized.com.