InsiderFlow
Open Live Dashboard

Privacy Policy

Last updated: June 2026

1. Overview

InsiderFlow ("we", "our", "us") is committed to protecting your privacy. This Privacy Policy explains what information we collect, how we use it, the legal basis for processing, and your rights regarding that information.

InsiderFlow operates as an independent monitoring service for SEC EDGAR, U.S. Congressional and executive-branch financial disclosures, serving a global audience. Our correspondence address is:

InsiderFlow
1207 Delaware Ave #1746
Wilmington, DE 19806
United States

For privacy-related inquiries, contact [email protected].

2. Information We Collect

To access the live dashboard you sign in with your X (formerly Twitter) account. We collect:

  • X account identifier — your X user ID and username (handle), received via X's OAuth sign-in, used to authenticate you and to verify that you follow our account.
  • Email address — which you provide once after signing in, used to keep you signed in across devices and to send you product updates.
  • Authentication cookies — strictly-necessary cookies that keep you signed in (see section 7).

We never receive your X password. We do not collect payment information and do not track personal browsing behaviour beyond standard infrastructure logging described below.

3. Legal Basis for Processing

Under the EU General Data Protection Regulation (GDPR), we process your personal data on the following legal bases:

  • Performance of a contract (Art. 6(1)(b) GDPR) — for authenticating you, verifying your X follower status, and providing access to the dashboard.
  • Consent (Art. 6(1)(a) GDPR) — for sending you InsiderFlow product updates. You may withdraw consent at any time by unsubscribing.
  • Legitimate interest (Art. 6(1)(f) GDPR) — for operating, securing, and protecting the Service against abuse via standard infrastructure logs.

4. Sign in with X

The dashboard is accessed by signing in with your X (formerly Twitter) account via X's official OAuth flow. Through this flow we receive your X user ID and username and check whether you follow our account; we never receive or store your X password. The authentication is processed by X Corp. in accordance with the X Privacy Policy.

5. Email Delivery — Resend

Sign-in links and product-update emails are sent through Resend (resend.com). Your email address is transmitted to and stored by Resend for the purpose of email delivery, in accordance with their Privacy Policy.

By providing your email you consent to it being processed by Resend to keep you signed in and to send you InsiderFlow product updates. You can unsubscribe from product updates at any time using the unsubscribe link in any such email — see our Unsubscribe page.

6. Hosting, Database & Infrastructure — Cloudflare

The InsiderFlow website and dashboard are hosted on Cloudflare Pages and served through Cloudflare's global network. Cloudflare may collect standard server logs including IP addresses, request timestamps, and browser information as part of their infrastructure and DDoS protection services.

Your account record — X user ID, username, email address and session tokens — is stored in a Cloudflare D1 database to provide and secure dashboard access. This data is processed by Cloudflare in accordance with their Privacy Policy. We do not have access to individual-level Cloudflare infrastructure logs.

7. International Data Transfers

X, Resend and Cloudflare are based in the United States. When you sign in, subscribe or visit our site, your data may be transferred to and processed in the US. These transfers are protected by appropriate safeguards including the EU-US Data Privacy Framework and Standard Contractual Clauses (SCCs) approved by the European Commission, where applicable.

8. Cookies & Tracking

When you sign in to the dashboard, InsiderFlow sets strictly-necessary authentication cookies (a session cookie and a trusted-device cookie). They are HttpOnly, are used solely to keep you signed in, and do not require consent under the ePrivacy Directive. We do not use any tracking pixels, advertising, or analytics cookies. Cloudflare may set technical cookies strictly necessary for security and performance purposes.

9. Data Sharing

We do not sell, trade, or rent your personal information to third parties. Your data is shared only with the processors described above: X (authentication), Resend (email delivery), and Cloudflare (hosting and database).

10. Data Retention & Deletion

Your account record (X identifier and email) is retained for as long as you keep using the dashboard. Expired session tokens are purged automatically. If you stop using the Service or request deletion, your account record and your email in Resend are deleted or anonymised within 30 days. You may request immediate deletion at any time by contacting us.

11. Your Rights

Under the GDPR and similar privacy laws, you have the right to:

  • Access — request a copy of the personal data we hold about you.
  • Rectification — ask us to correct inaccurate data.
  • Erasure ("right to be forgotten") — request deletion of your data.
  • Restriction — ask us to limit processing of your data.
  • Portability — receive your data in a machine-readable format.
  • Objection — object to processing based on legitimate interest.
  • Withdraw consent — at any time, without affecting prior lawful processing.

To exercise any of these rights, email [email protected]. We respond to verified requests within 30 days as required by GDPR.

If you reside in the European Union or United Kingdom, you also have the right to lodge a complaint with your local data protection authority — typically the supervisory authority in your country of residence.

12. Children's Privacy

We do not knowingly collect data from individuals under 16 (see our Terms of Service for eligibility requirements). If you believe a child has provided us their email, contact [email protected] and we will delete the data promptly.

13. Changes to This Policy

We may update this Privacy Policy from time to time. The "last updated" date at the top of this page reflects the most recent revision. Material changes will be communicated via email where appropriate.

14. Contact

For privacy inquiries, data subject requests, or general questions, email [email protected].