Privacy Policy

We collect what
we need. Nothing more.

Last updated: June 1, 2026. This policy describes what StarCalls collects, why, and how you can remove it.

What we collect

  • โ€”Your email address, submitted when you sign up via the /subscribe page.
  • โ€”A one-time 6-digit verification code, which expires in 10 minutes and is deleted once used.
  • โ€”A session record linking your email to a random token, stored in our database for up to 30 days.
  • โ€”Two cookies set in your browser: auth-token (admin sessions, 7-day expiry) and user-session (subscriber sessions, 30-day expiry). Both are HttpOnly and Secure โ€” inaccessible to JavaScript and transmitted only over HTTPS.

What we do not collect

  • โ€”No passwords. Authentication is email-only via one-time codes.
  • โ€”No payment information. The service is free.
  • โ€”No analytics tracking scripts (Google Analytics, Mixpanel, etc.).
  • โ€”No advertising identifiers or third-party tracking pixels.
  • โ€”No device fingerprinting.

How we use your email

  • โ€”To send you a verification code when you sign up or log in.
  • โ€”To deliver the StarCalls Daily Brief โ€” a morning newsletter containing trade signals. We send one email per trading day, only when the engine produces a report.
  • โ€”We do not sell, share, or license your email address to any third party.
  • โ€”We do not send promotional emails, sponsored content, or affiliate offers.

Data processors

  • โ€”Resend (resend.com) โ€” our email delivery provider. All outbound emails pass through Resend's infrastructure. Resend acts as a data processor under our direction and does not use your data for its own purposes. See resend.com/privacy for their policy.
  • โ€”Our server โ€” all subscriber data (email, session tokens, OTP codes) is stored in a SQLite database on our own infrastructure. No cloud database providers are used.

Unsubscribe & data deletion

  • โ€”Every newsletter email contains an unsubscribe link. Clicking it immediately marks your address as unsubscribed โ€” you will receive no further emails.
  • โ€”To request full deletion of your data (email, session records, OTP history), email admin@starcalls.in with the subject "Data Deletion Request." We will process it within 30 days.
  • โ€”You can also unsubscribe by logging in and contacting us directly.

Cookies

  • โ€”user-session: A random UUID identifying your subscriber session. HttpOnly, Secure, SameSite=Lax. Expires after 30 days or on logout.
  • โ€”auth-token: Used only for administrator access. HttpOnly, Secure, SameSite=Lax. Expires after 7 days or on logout.
  • โ€”No analytics cookies. No advertising cookies. No persistent tracking cookies.

Changes to this policy

  • โ€”We may update this policy if our practices change. If we make material changes affecting how your email is used, we will notify active subscribers via email before the change takes effect.
  • โ€”The date below reflects when this policy was last revised.

Questions about this policy?

admin@starcalls.in