Privacy policy

We collect the information you give us — your email, your name, your application responses, your mailing address (only after acceptance, for the welcome letter), and your billing details (handled by Stripe, never stored on our servers). For aggregate page-view counts on public pages we use Vercel Analytics, which is cookieless and does not store IP addresses or fingerprint visitors.

We do not run third-party error trackers, advertising pixels, or cross-site cookies. We do not enrich your record with data from data brokers. We do not sell or rent your information to anyone, ever.

• Vercel — hosting, edge runtime, and cookieless aggregate page-view analytics.
• Neon (Postgres) — application database.
• Cloudflare R2 — image and document storage.
• Stripe — payments and subscription billing.
• Resend — transactional email delivery.
• Tiingo — market price data (no personal data sent).
• WhatsApp Business — member group communication (you control join).

Each is contractually bound to use your data only to provide the service we use them for.

Applications: kept for as long as you remain a member, plus 12 months after departure for regulatory recordkeeping. Declined applications: 24 months, then deleted. Billing records: retained per applicable tax law (typically 7 years). Session and magic-link tokens expire automatically.

You can request a copy of your data or its deletion at any time by emailing dpo@standpointhq.com. We respond within 30 days. If you are in the EU, the UK, or California you have additional rights under GDPR, UK GDPR, and CCPA respectively.

Material changes will be announced by email at least 14 days before they take effect. The effective date at the top of this page reflects the most recent change.

Questions: dpo@standpointhq.com.