This Privacy Policy describes how Mitchell Magid (“we,” “us,” or “our”) collects, uses, and protects information when you use Footnote (“Service”). We collect only what is necessary to operate the Service.
2. Information We Collect
Account information: Your email address and authentication method (email/password or Google OAuth), collected via Clerk.
Watchlist data: The ticker symbols you add to your watchlist, your alert threshold settings, and email digest preferences.
Payment information: Billing is handled entirely by Stripe. We store only your Stripe customer ID and subscription status. We never see or store your card details.
Usage data: Standard server logs (IP address, browser type, pages visited) for security and debugging purposes.
3. How We Use Your Information
To provide and operate the Service
To send you filing alert emails based on your watchlist and threshold settings
To process payments and manage your subscription
To respond to support requests
To detect and prevent fraud or abuse
We do not sell your personal information. We do not use your data for advertising.
4. Third-Party Services
We use the following third-party services to operate Footnote. Each has its own privacy policy governing how they handle your data:
Railway: backend server infrastructure that processes filing fetch and analysis requests. Privacy policy →
Google (Gemini): AI model used to generate novelty scores and summaries for SEC filing text. Only filing text (public domain content from SEC EDGAR) is sent to Google, with no personal data included in these requests. Privacy policy →
5. Cookies
Footnote uses session cookies set by Clerk solely to maintain your authenticated session. We do not use advertising cookies, tracking pixels, or any third-party analytics that identify you across other websites. Stripe may set cookies during the checkout flow for fraud prevention purposes.
6. Data Retention
We retain your account data for as long as your account is active. If you delete your account, we will delete your personal data within 30 days, except where retention is required by law (e.g., payment records).
7. Your Rights
You may at any time:
Access the personal data we hold about you
Request correction or deletion of your data
Cancel your subscription and close your account
Opt out of email alerts by removing tickers from your watchlist
To exercise any of these rights, .
8. Security
We use industry-standard security practices including HTTPS encryption, secure authentication via Clerk, and access-controlled database storage via Supabase. No method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.
9. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated by email. Continued use of the Service after changes constitutes acceptance of the updated policy.