Privacy Policy

We collect minimal data necessary to provide our service:

• Account Information — Your email address and password (hashed) when you create an account. We use Supabase for secure authentication.
• Profile Data — Your optional username and assigned role on the platform.
• Analysis Data — Wave counts, notes, chart images, archived outcomes, and related metadata entered by staff to provide the analysis service.
• Notification Data — If you enable browser push, we store your push subscription endpoint and related cryptographic keys so your browser can receive notifications.
• Usage & Technical Data — We use Google Analytics and server-side security tooling to collect information such as pages viewed, approximate device/browser information, and request metadata needed for abuse prevention and rate limiting.
• Public Content Metadata — When analysis pages are published publicly, the page content, chart image, timestamps, technical levels, and related metadata may be made publicly accessible.

We do not collect brokerage, exchange, or custodian account credentials, and we do not provide execution services through the site.

If you choose to support the project through the sponsor modal, transfers are completed on external payment networks such as Bitcoin or UPI. We do not process card payments through the site, but we may see recipient-side transaction details made available by those networks.

Your data is used exclusively for the following purposes:

• Authentication — To securely log you in and manage your account.
• Access Control — To determine which asset categories you have access to based on your role.
• Service Delivery — To load dashboards, public analysis pages, archived outcomes, and related platform features.
• Notifications — To display in-app notifications and, if you opt in, send browser push notifications about analysis updates.
• Platform Improvement — Analytics help us understand usage patterns and improve the experience.
• Security & Abuse Prevention — To monitor abuse, enforce rate limits, protect accounts, and maintain platform integrity.
• Publishing Workflows — Staff may use connected tools to rewrite analysis copy, publish public analysis pages, or share content to external platforms.

We will never sell, rent, or share your personal information with third parties for marketing purposes.

ewaves.live includes public analysis pages that are intentionally designed to be shareable. If an analysis is published publicly, the associated text, chart imagery, technical levels, and metadata may be accessible without logging in.

• Public analysis pages can be cached by browsers, search engines, previews, and other third-party sharing surfaces.
• If staff chooses to publish analysis summaries to services such as Telegram or X, the content becomes subject to those platforms' own terms and privacy practices.
• Once public content is copied, screenshotted, or reposted by others, we may not be able to fully control or remove it from every location.

• Core application data is stored using Supabase infrastructure, including authentication, database, and file storage services.
• Usage analytics are collected through Google Analytics when enabled on the site.
• Admin-only analysis rewriting may send staff-submitted text to OpenAI for processing before publication.
• Admin-only social publishing can send selected analysis content to Telegram and X/Twitter.
• All connections are intended to be served over HTTPS/TLS, and passwords are handled by the authentication provider rather than stored in plaintext by the app.

Depending on the infrastructure and providers involved, data may be processed in the jurisdictions where those providers operate. No internet or cloud-based system can be guaranteed to be perfectly secure.

We use minimal browser storage:

• Authentication & Session State — Used to keep you signed in and operate secure account flows.
• Theme Preference — Your light/dark mode choice is saved in localStorage.
• Dashboard Preferences — Selected sections, filters, scanner state, cached stats snapshots, and similar UI preferences may be stored locally or in session storage.
• Notification State — Read/unread markers, recent notification history, and related push state may be stored locally.
• Performance & Offline Caching — Because the site uses a service worker/PWA setup, your browser may cache static assets and certain pages for speed and resilience.
• Google Analytics Cookies/Storage — Used for usage analytics, subject to your browser settings and Google's own practices.

Browser push notifications are optional. If you grant permission, your browser or device creates a push subscription that we store so notifications can be delivered to that browser profile.

• You can revoke notification permission in your browser or device settings at any time.
• Removing a subscription from one browser or device does not automatically remove subscriptions created on other browsers or devices.
• Notification delivery depends on your browser, device, operating system, and network environment and may be delayed or unavailable.

Subject to applicable law, you may have rights to:

• Access your personal data stored on the platform.
• Correct any inaccurate personal information.
• Delete your account and associated personal data, subject to legitimate security, legal, or recordkeeping needs.
• Manage permissions for browser storage, analytics, and push notifications through your browser or device settings.

To make a privacy request, use an official support or contact channel that we make available through the platform.