Privacy Policy
Last updated: 2026-04-18
The Black Ledger (“we,” “us,” “our”) respects your privacy. This Privacy Policy explains what personal information we collect, how we use it, and the rights you have over it. The Service is operated by Caden K, a sole proprietor based in British Columbia, Canada, and this Policy is governed by British Columbia's Personal Information Protection Act (PIPA) and Canada's Personal Information Protection and Electronic Documents Act (PIPEDA). Users outside Canada may have additional rights under local law (including the GDPR for EU/UK residents); we aim to provide equivalent protections to all users.
1. What We Collect
We collect only what we need to deliver the Service.
Account information
- Email address (required)
- Telegram handle (optional — used to deliver alerts)
- Trading style selection (optional — for product research)
- Text response to waitlist question (optional — for product research)
- Account creation timestamp
Payment information
- Billing details are collected and stored by our payment processor (currently Stripe). We receive a record of payment status but do not store full payment card numbers, CVCs, or expiration dates.
- Cryptocurrency payments are processed via NOWPayments (when enabled). We store the transaction hash and the wallet address from which payment was received.
Usage information
- Basic analytics on which pages are visited (via Vercel Analytics, aggregated and anonymized)
- IP address hashes for rate limiting and abuse prevention (we store SHA-256 hashes, not raw IP addresses)
- User agent string at time of signup (for debugging browser-specific issues)
Communications
- Emails you send to our support address
- Messages you send to our Telegram channel or bot
2. What We Do NOT Collect
We want to be explicit about what we don't do. The Black Ledger does NOT:
- Sell your data to third parties. Ever. We do not now and will never have data-brokerage as a revenue stream.
- Use advertising tracking pixels or third-party ad networks
- Share your data with marketing partners, data brokers, or affiliate networks
- Collect your browsing history outside of our own site
- Track you across other websites
- Store raw IP addresses
- Require real name, address, or phone number
- Require KYC documents, government ID, or financial account information
- Collect or store Polymarket wallet addresses, private keys, or API credentials from users
If you see a category of data collection you're worried about and it's not listed in “What We Collect,” we don't collect it.
3. How We Use What We Collect
We use your personal information to:
- Deliver the Service (alerts, emails, account access)
- Process subscription payments and issue receipts
- Respond to support requests
- Improve the Service (in aggregate form — we don't stalk individual users)
- Detect and prevent fraud, abuse, and service misuse
- Comply with legal obligations (tax records, court orders, etc.)
We do not use your data for any other purpose without your explicit consent.
4. Who We Share With
We share data only with the service providers we need to operate the Service. These include:
| Provider | Purpose | Data Shared |
|---|---|---|
| Supabase | Database and authentication | Account data |
| Resend | Transactional email | Email address, email content |
| Telegram | Alert delivery | Telegram handle (if provided) |
| Stripe | Payment processing | Email, payment method, billing details |
| NOWPayments (if enabled) | Crypto payment processing | Email, wallet address, transaction hash |
| Vercel | Hosting and analytics | Request metadata, anonymized analytics |
| Cloudflare | DNS and security | Request metadata |
Each provider has its own privacy policy and security practices. We only share the minimum data necessary for each provider to fulfill its function.
We may also disclose data if required by law (court order, subpoena, regulatory request from Canadian authorities). We will notify affected users of legal disclosure requests to the extent permitted by law.
5. Data Retention
We retain personal information only as long as necessary:
- Active account data: kept while your account is active
- Cancelled account data: deleted within 30 days of account closure upon request (or automatically after 12 months of inactivity)
- Payment records: retained for 7 years to comply with Canadian tax and accounting obligations (legally required)
- Aggregated analytics: retained indefinitely (cannot identify individual users)
- Support emails: retained for 24 months, then deleted
6. Your Rights
Under BC PIPA, PIPEDA, and applicable international privacy law, you have the right to:
- Access the personal information we hold about you
- Correct inaccurate or incomplete data
- Delete your data (subject to legal retention requirements noted above)
- Export your data in a portable format
- Withdraw consent for non-essential processing
- Complain to the BC Office of the Information and Privacy Commissioner (OIPC) or the federal Office of the Privacy Commissioner (OPC) if you believe your rights have been violated
To exercise any of these rights, email support@theblackledger.org. We will respond within 30 days.
7. Security
We use reasonable technical and organizational measures to protect your data:
- HTTPS/TLS encryption for all data in transit
- Encrypted storage at rest for databases (Supabase's standard infrastructure)
- Environment-based secrets management (no credentials in code)
- Access controls limiting data access to authorized operations only
- Regular security updates to our dependencies
No system is 100% secure. If we become aware of a data breach affecting your personal information, we will notify you within 72 hours of discovery, consistent with PIPA and GDPR requirements.
8. Children
The Service is not intended for users under 18. We do not knowingly collect data from children. If you believe a child has provided personal information to us, email support@theblackledger.org and we will delete it promptly.
9. International Users
The Service is operated from Canada. If you are located outside Canada, your data will be transferred to and processed in Canada (and possibly in the countries where our service providers operate, including the United States and European Union). By using the Service, you consent to this transfer.
We provide equivalent privacy protections regardless of your location. EU/UK users have specific rights under GDPR that we honor in full, including the right to data portability and the right to lodge a complaint with your national data protection authority.
10. Cookies and Similar Technologies
The Service uses minimal cookies:
- Essential cookies for session management (required for login)
- Anonymous analytics (via Vercel Analytics — no cross-site tracking)
We do not use advertising cookies, third-party tracking pixels, or social media widgets that track users.
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will post the revised version with an updated “Last updated” date. Material changes affecting how we use your data will be communicated by email to active subscribers at least 30 days before taking effect.
12. Privacy Officer and Contact
Under BC PIPA, we are required to designate a privacy officer. That's Caden K.
For privacy questions, data access requests, deletion requests, or complaints:
Email: support@theblackledger.org
For complaints that we cannot resolve:
BC Office of the Information and Privacy Commissioner (OIPC)
https://www.oipc.bc.ca/
Office of the Privacy Commissioner of Canada (OPC)
https://www.priv.gc.ca/
See also our Terms of Service and Refund Policy.