Privacy Policy

Effective: April 2026. Last updated: April 15, 2026.

InsideREU is operated by Upfixe Lda Unipessoal, a Portuguese single-member limited company. We are the data controller for personal information collected through insidereu.com.

What we collect and why

  • Account email — to authenticate via magic link and deliver service emails (weekly digest, watchlist alerts). Lawful basis: performance of contract.
  • Subscription state — paid plan, trial expiry, billing status. We do not store payment details: those are held by Paddle (our merchant of record). Lawful basis: contract + legitimate interest in operating the service.
  • Watchlist — the insider IDs you choose to follow. Lawful basis: contract.
  • Preferences — alert frequency, euro threshold, and (Pro tier only) Slack webhook URL. Lawful basis: contract.
  • Server logs — request IP and user agent for security and rate-limiting. 90-day retention. Lawful basis: legitimate interest.
  • Waitlist email (if submitted before signup) — to notify you when coverage expands to your country of interest. Lawful basis: consent.

What we don't do

  • No analytics cookies are set without consent.
  • No tracking pixels in any of our emails.
  • No marketing data is sold or shared with third parties.
  • We do not profile you for advertising.

Processors and international transfers

We share the minimum data necessary with these sub-processors:

  • Supabase — database + authentication. Hosted in EU (eu-west-1, Ireland). No international transfer.
  • Vercel — web hosting + CDN. Global edge network; request logs retained briefly in the region closest to the user. Standard Contractual Clauses apply for non-EEA edges.
  • Paddle.com Market Ltd — merchant of record, handles all billing. Paddle controls its own data processing — see paddle.com/legal/privacy.
  • Resend — transactional email delivery. Handles message metadata only (subject, timestamp, recipient). Based in the US; SCCs in place.

Your rights under GDPR

You may at any time: access, export, correct, or delete your data. Delete directly from your account page (Account → Delete account) or email george@insidereu.com and we will respond within 30 days (usually within 48 hours).

Account deletion removes everything except what we're legally required to retain for tax and audit purposes — principally Paddle invoice records, kept for 7 years per Portuguese tax law.

You have the right to lodge a complaint with a supervisory authority. In Portugal, this is the Comissão Nacional de Proteção de Dados (CNPD).

Data retention

  • Account data: retained while the account is active and for 30 days after deletion (soft-delete grace period).
  • Paddle records: 7 years (Portuguese tax law).
  • Server logs: 90 days.
  • Email logs at Resend: 30 days.

Security

We use HTTPS everywhere, Supabase row-level-security to ensure users can only read their own records, and store no payment information ourselves. Passwordless (magic-link) authentication removes the risk of password reuse.

Contact

Upfixe Lda Unipessoal · Portugal · george@insidereu.com