Finder collects the minimum personal data needed to operate a paid Telegram channel access. This page explains what we collect, why, who it's shared with, and your rights under GDPR and similar regulations.
From signup: email address, Telegram username (so we can grant channel access), display name (optional), avatar (optional, only if you sign in via Google OAuth and choose to share it).
From payments: last 4 digits of payment card, payment method type, billing country, transaction history. Full card details are handled by our PCI-compliant payment processor and never reach our servers.
From usage: basic dashboard analytics (pages visited, features used, error logs) for service improvement. We do not record keystrokes, mouse movements, or screen contents.
What we never collect: exchange API keys, wallet seeds or private keys, on-chain wallet addresses you don't explicitly link, your trading history outside Finder, your other Telegram chats.
We use the data above to: deliver the service (grant channel access, send signals, render the dashboard), process payments via our payment processor, communicate transactional messages (billing receipts, account changes, security alerts), improve the product (aggregated usage analytics), and meet legal obligations (tax records, fraud prevention).
We do not sell, rent, or share your data with marketing or advertising partners.
Finder uses these processors. Each operates under their own privacy policy:
For payment processing we use a PCI-compliant third-party provider — names disclosed on request via hello@finder.example.
The marketing landing (/, /pricing, /arbitrage/*, /blog/*) does not set tracking cookies. The app at /app uses a single first-party session cookie (HttpOnly, Secure, SameSite=Lax) to keep you signed in. No third-party advertising cookies, no cross-site trackers, no fingerprinting.
We use a self-hosted privacy-preserving analytics tool (Umami, AGPL-licensed, running on the same EU servers as the app). It records aggregate page views, referrer, country, and device class (mobile / desktop). No personal data, no cookies, no cross-site tracking. The tracking script loads same-origin from finder.example/u/script.js — your browser never contacts a third-party analytics service.
Active accounts: data is retained for as long as your subscription is active.
Cancelled accounts: account metadata (email, TG username, billing history) is retained for 24 months for tax-record and fraud-prevention purposes, then deleted. You can request earlier deletion (see Your Rights below) — we will comply unless legally required to retain specific records.
If you are in the EU, UK, or another jurisdiction with similar regulations, you have the right to: access your data (export), rectify inaccuracies, request erasure, restrict processing, object to processing, and data portability. To exercise any of these, email hello@finder.example from the address on your account.
We aim to respond within 14 days. If we cannot fulfil a request (e.g. legal retention requirements), we will explain why.
Finder is not intended for users under 18. We do not knowingly collect data from minors. If you believe a child has registered an account, email us and we will delete the account immediately.
Our servers are hosted in the EU. When you sign in via Google OAuth or pay via our payment processor, those providers may transfer data outside the EU under their respective standard contractual clauses (SCCs). We do not transfer data to third countries beyond what these processors require.
Sessions use HttpOnly cookies over HTTPS. Passwords (when password login is added) will be stored as bcrypt hashes — we will never see your plain password. Our server access is restricted to the founders and uses SSH key authentication.
No system is perfectly secure. If you discover a vulnerability, please report it to hello@finder.example — we will investigate, fix, and credit responsible disclosures.
We may update this policy periodically. Material changes will be announced via email and the in-app notification at least 14 days before they take effect.