Privacy Policy

Account data — email address and username (randomly generated, can be changed).

Forecasting activity — trades, positions, comments, votes, and tips you make on markets. This is the core purpose of the platform and is visible to other users.

Contact form submissions — name, email, and message content when you use the contact form on the About page.

API tokens — if you create API tokens, we store a SHA-256 hash of each token along with its label, scopes, and last-used timestamp. We never store tokens in plain text.

Uploaded images — images you upload for comments (max 5 MB) are stored in object storage.

Server logs — our hosting infrastructure automatically logs IP addresses, request timestamps, and URLs accessed. These logs are used for security, abuse prevention, and debugging, and are not linked to your account.

We do not use analytics, tracking pixels, advertising scripts, or third-party cookies. We do not sell, rent, or share your personal data with third parties for marketing purposes.

We use only strictly necessary cookies:

• Session cookie (_antistatic_exchange_key) — authenticates your session. Signed and encrypted. Expires when you close your browser.
• Remember-me cookie (_antistatic_exchange_web_user_remember_me) — optional, set only if you choose "Keep me logged in". Expires after 14 days.

Your theme preference (light/dark/system) is stored in your browser's localStorage, not in a cookie.

Because we use only essential cookies, we do not need to show a cookie consent banner under the ePrivacy Directive or GDPR.

• To provide and operate the forecasting platform.
• To authenticate you and secure your account.
• To send you transactional emails (magic link logins, email change confirmations) and notification emails (market resolution, base rate changes, mentions).
• To display your forecasting activity (trades, comments) to other users.

You may opt out of notification emails at any time through your account settings. Transactional emails required for account security (login links, email confirmations) cannot be opted out of.

• Fly.io — application hosting and database (PostgreSQL).
• Tigris — object storage for uploaded images.
• Resend — transactional email delivery.
• YouTube — an embedded video on the About page. YouTube may set its own cookies when you play the video; see Google's privacy policy.
• RemixIcon (jsDelivr CDN) — icon font loaded from a CDN. jsDelivr may log access; see their privacy policy.

Your account data and forecasting activity are retained for as long as your account exists. If you wish to have your account and data deleted, please contact us using the form on the About page.

If you are in the UK or EU, you have the right to access, correct, or delete your personal data, and to request a portable copy. To exercise any of these rights, contact us via the About page.

All connections are encrypted via HTTPS with HSTS enforced. Passwords are hashed with bcrypt. API tokens are stored as SHA-256 hashes. Sessions are signed and encrypted.

We may update this policy from time to time. Material changes will be noted by updating the "Last updated" date at the top of this page.

Questions about this policy? Use the contact form on the About page.