Legal

GDPR Compliance

Last updated: January 1, 2026

1. Data Controller

EdgeScan (“we”, “us”) acts as the data controller for personal data processed through our platform at edgescan.io. We are committed to protecting your privacy in accordance with the General Data Protection Regulation (EU) 2016/679 (“GDPR”).

2. Legal Basis for Processing

We process your personal data under the following legal bases:

Contractual necessity (Art. 6(1)(b)): Processing necessary to provide our prediction market intelligence services, including account management, subscription billing, and market data delivery.

Legitimate interests (Art. 6(1)(f)): Platform security, fraud prevention, service improvement, and analytics. We conduct balancing tests to ensure our interests do not override your rights.

Consent (Art. 6(1)(a)): Marketing communications, optional cookies, and third-party integrations. You may withdraw consent at any time.

Legal obligation (Art. 6(1)(c)): Tax records, financial reporting, and regulatory compliance.

3. Data We Collect

Account data: Name, email address, authentication credentials (managed by Clerk), timezone, language preference.

Financial data: Stripe customer ID, subscription plan, payment history. We do not store credit card numbers — Stripe handles all payment processing as a PCI-DSS Level 1 certified processor.

Platform data: Public wallet addresses (Polymarket), read-only API keys for connected platforms, paper trading positions, bot configurations, alert rules.

Usage data: Pages visited, features used, scan frequency, signal interactions. Collected via Vercel Analytics (privacy-focused, no cookies).

Security data: IP addresses (hashed after 30 days), login timestamps, audit trail events.

4. Your Rights Under GDPR

You have the following rights, exercisable at any time by contacting privacy@edgescan.io:

Right of access (Art. 15): Request a copy of all personal data we hold about you. We will respond within 30 days.

Right to rectification (Art. 16): Correct inaccurate data via your Settings page or by contacting us.

Right to erasure (Art. 17): Request deletion of your account and all associated data. We will process within 30 days, retaining only data required by law (e.g., tax records for 7 years).

Right to restriction (Art. 18): Request that we limit processing while a dispute is resolved.

Right to data portability (Art. 20): Export your data in machine-readable JSON format from your dashboard Settings.

Right to object (Art. 21): Object to processing based on legitimate interests. We will cease processing unless we demonstrate compelling legitimate grounds.

5. Data Retention

Active accounts: Data retained for the duration of your subscription plus 90 days after cancellation.

Deleted accounts: Personal data erased within 30 days of deletion request. Anonymized analytics data may be retained indefinitely.

Financial records: 7 years as required by tax law.

Security logs: IP addresses hashed after 30 days, audit logs retained for 1 year.

6. International Transfers

Your data may be processed in the United States (Vercel, Clerk, Stripe) and European Union (Supabase). All transfers are protected by Standard Contractual Clauses (SCCs) as approved by the European Commission.

7. Sub-processors

We use the following sub-processors: Clerk (authentication, US), Stripe (payments, US/EU), Supabase (database, EU), Vercel (hosting, US), Upstash (caching, EU). Each sub-processor maintains GDPR-compliant data processing agreements.

8. Data Protection Officer

For GDPR inquiries, contact our Data Protection Officer at dpo@edgescan.io. You also have the right to lodge a complaint with your local supervisory authority.

9. Changes

We will notify you of material changes to this policy at least 30 days in advance via email. Continued use after notification constitutes acceptance.

← Back to EdgeScan© 2026 EdgeScan