Privacy Policy

1. Personal information we collect

We may collect the following categories of personal information depending on the features you use and the providers we select.

Account and customer information

• name;
• email address;
• company or team name;
• role, title, or business contact information;
• username, handle, display name, or account identifier;
• password hash, authentication identifier, or OAuth identity if applicable;
• plan, seats, end-user allowance, subscription status, account status, and access permissions;
• API keys, API-key metadata, token hashes, key names, scopes, creation dates, last-used dates, and revocation status;
• waitlist, alpha, coupon, promotional, onboarding, or eligibility information;
• support messages, feedback, bug reports, feature requests, survey responses, and communications with us.

Billing information

If you purchase a subscription, we and our payment processor may collect information needed to process payments and administer billing, such as:

• payment processor customer ID;
• subscription status;
• invoice records;
• payment status;
• billing address;
• tax metadata;
• company billing contact;
• payment method metadata.

If we use Stripe or another payment processor, that processor processes card or payment method details. We generally do not store full card numbers.

API, product, and usage information

When you use our APIs, downloads, data products, documentation, SDKs, MCP resources, or customer dashboard, we may collect usage information such as:

• account ID or user ID;
• API key ID or token hash;
• request timestamp;
• endpoint, route, method, and status code;
• product ID, product family, release ID, schema version, or data product requested;
• venue, symbol, date range, query parameters, filters, and export options;
• response size, bytes transferred, and download size;
• export job ID, output size, signed URL creation or expiration metadata, and failed downloads;
• IP address;
• user agent;
• device, browser, operating system, and approximate location inferred from IP address;
• rate-limit counters, quota usage, metering data, abuse indicators, security events, and last activity.

Website, cookie, and analytics information

We may collect information through cookies, local storage, pixels, analytics tools, log files, or similar technologies, including:

• pages visited;
• referring pages;
• links clicked;
• checkout, signup, documentation, and product-page interactions;
• login session data;
• preferences;
• marketing attribution information;
• device and browser information.

We use necessary cookies or storage for login, security, preferences, checkout, and service operation. We may use analytics or marketing cookies only as described in this Privacy Policy and any cookie notice or preference tool we provide.

Operational and security information

We may collect operational and security information through cloud infrastructure, monitoring, audit logs, storage logs, delivery logs, error reports, cost and usage reports, security alerts, and internal notifications. This may include CloudWatch logs, CloudTrail or audit logs, S3 or CDN access logs if enabled, security events, support diagnostics, system health metrics, and internal alarm notifications.

2. Sources of personal information

We collect personal information from:

• you, when you create an account, contact us, use the Services, or submit information;
• your team or employer, if they create or administer your account;
• payment processors, authentication providers, email providers, analytics providers, support tools, hosting providers, and other service providers;
• API requests, downloads, logs, cookies, and similar technologies;
• public or business contact sources where permitted by law;
• security, fraud prevention, compliance, and abuse-prevention sources.

3. How we use personal information

We use personal information to:

• provide, operate, secure, maintain, and improve the Services;
• create and administer accounts, API keys, seats, teams, plans, and subscriptions;
• authenticate users and prevent unauthorized access;
• process payments, invoices, taxes, cancellations, credits, coupons, and promotional access;
• meter usage, enforce rate limits, administer export approvals, prevent abuse, and manage infrastructure costs;
• provide customer support, onboarding, notices, service updates, and administrative messages;
• debug errors, monitor quality, maintain reliability, investigate incidents, and protect platform integrity;
• analyze product usage, demand, and feature performance;
• send marketing communications where permitted, subject to your opt-out choices;
• comply with legal obligations, sanctions, export controls, tax rules, audit obligations, dispute resolution, and enforcement requests;
• enforce our Terms of Service and Acceptable Use Policy;
• protect our rights, users, customers, systems, and the public.

4. How we disclose personal information

We may disclose personal information to:

• service providers that help us host, store, secure, deliver, monitor, analyze, support, authenticate, bill, email, or operate the Services;
• payment processors for checkout, billing, invoices, taxes, fraud prevention, and subscription administration;
• authentication providers if you use OAuth, SSO, or similar login methods;
• analytics and marketing providers if we use them and where permitted by law;
• professional advisers, including lawyers, accountants, auditors, insurers, and security consultants;
• authorities, regulators, law enforcement, courts, or other parties when required or permitted by law;
• counterparties in connection with a merger, acquisition, financing, corporate reorganization, bankruptcy, or sale of assets;
• your organization, team owner, or account administrator if your account is part of a team or company account;
• other parties with your consent or at your direction.

We do not sell customer personal information for money. We do not knowingly include customer personal information in public market-data exports, manifests, dataset cards, setup cards, or product-library releases. If our use of analytics or advertising tools is considered a "sale" or "sharing" under applicable privacy law, we will provide required notices and opt-out choices.

5. Legal bases for processing, where applicable

If GDPR, UK GDPR, or similar laws apply, our legal bases may include:

• performance of a contract, to provide the Services and administer accounts;
• legitimate interests, such as securing, improving, and operating the Services, preventing abuse, and communicating with business users;
• consent, such as for certain marketing, cookies, or optional features;
• legal obligations, such as tax, accounting, sanctions, compliance, and lawful requests;
• protection of rights and safety, such as investigating fraud, abuse, or security incidents.

6. Cookies and analytics

We may use cookies, local storage, pixels, and similar technologies for:

• login and authentication;
• session management;
• account security;
• checkout and billing flows;
• preferences;
• documentation and product-page functionality;
• analytics;
• marketing attribution, if enabled.

You can control cookies through your browser settings. Some cookies are necessary for the Services and cannot be disabled without affecting functionality. If we use non-essential analytics or marketing cookies in jurisdictions requiring consent, we will provide a cookie banner or preference center as required.

7. Security

We use administrative, technical, and organizational safeguards designed to protect personal information, such as access controls, encryption where appropriate, private cloud storage, audit logging, secrets management, monitoring, and least-privilege practices. No system is completely secure, and we cannot guarantee absolute security.

You are responsible for protecting your account credentials, API keys, access tokens, and devices. Do not send us private exchange account credentials or customer exchange API keys unless a future product expressly supports that and provides separate terms.

8. Retention

We retain personal information for as long as reasonably necessary for the purposes described in this Privacy Policy, including to provide the Services, administer accounts, comply with legal obligations, resolve disputes, enforce agreements, prevent abuse, maintain security, and keep appropriate business records.

Recommended retention schedule for counsel review:

When retention periods expire, we will delete, de-identify, or aggregate personal information unless we need to retain it for legal, security, compliance, or dispute purposes.

9. International transfers

We may process and store personal information in the United States and other countries where we or our service providers operate. These countries may have privacy laws different from those in your jurisdiction. Where required, we use appropriate safeguards for international transfers, such as standard contractual clauses, data processing agreements, or other lawful transfer mechanisms.

10. Your choices and rights

Depending on where you live and the laws that apply, you may have rights to:

• access or know what personal information we process about you;
• request correction of inaccurate personal information;
• request deletion of personal information;
• request portability of personal information;
• object to or restrict certain processing;
• opt out of certain marketing communications;
• opt out of certain sales, sharing, targeted advertising, or profiling where applicable;
• limit certain uses of sensitive personal information where applicable;
• appeal a privacy-rights decision where applicable;
• withdraw consent where processing is based on consent.

To exercise rights, contact us at info@loremoney.com. We may need to verify your identity and request information needed to process your request. We will not discriminate against you for exercising privacy rights. Some rights may be subject to exceptions, such as security, legal, billing, tax, fraud prevention, and contractual obligations.

You can opt out of marketing emails by using the unsubscribe link or contacting us. You will still receive service, billing, security, legal, and administrative messages.

11. California privacy notice

If the California Consumer Privacy Act, as amended, applies to us and to your personal information, this section provides additional California disclosures.

Categories of personal information we may collect include:

• identifiers, such as name, email address, account ID, IP address, and payment processor customer ID;
• commercial information, such as subscription plan, invoices, payment status, and product usage;
• internet or other electronic network activity information, such as API requests, logs, pages visited, user agent, and rate-limit activity;
• geolocation information, such as approximate location inferred from IP address;
• professional or employment-related information, such as company, team, role, or business contact information;
• inferences, such as product interests, support needs, or usage patterns;
• sensitive personal information if needed for account access, login credentials, payment processing, or security, subject to applicable limits.

We collect and use these categories for the purposes described in this Privacy Policy. We disclose them to the categories of recipients described above. We do not use sensitive personal information to infer characteristics about you.

We do not sell personal information for money. If we use advertising or analytics technology that is considered a sale or sharing under California law, we will provide a "Do Not Sell or Share My Personal Information" mechanism and honor applicable opt-out preference signals where required.

California residents may have the right to know, access, delete, correct, opt out of sale or sharing, limit certain sensitive-personal-information uses, and not be discriminated against for exercising their rights. To exercise these rights, contact info@loremoney.com.

12. GDPR, UK, and EEA rights

If GDPR, UK GDPR, or similar laws apply, you may have rights to access, rectification, erasure, restriction, objection, portability, and withdrawal of consent. You may also have the right to complain to a data protection authority. To exercise rights, contact info@loremoney.com.

We do not currently maintain an EU/UK representative or data protection officer. If you are an EU or UK data subject and need to exercise a right or raise a concern, contact info@loremoney.com and we will respond.

13. Children

The Services are not intended for children under 18. We do not knowingly collect personal information from children. If you believe a child provided personal information to us, contact info@loremoney.com.

14. Third-party links and services

The Services may link to third-party websites, exchanges, documentation, code repositories, payment processors, authentication providers, or other services. Their privacy practices are governed by their own policies, not this Privacy Policy.

15. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. If changes are material, we will provide notice through the Services, by email, or by another reasonable method. The updated Privacy Policy will be effective when posted or as stated in the notice.

16. Contact

Star Forge LLC
Email: info@loremoney.com
Website: loremoney.com