Privacy Policy
Last updated: 2026-05-14This policy explains what we collect, why we collect it, and how we protect it. It applies to sunshinehawk.com and the Sunshine Hawk service.
What we collect
- Account information: email address, display name (optional), hashed password, account creation date, last-login timestamp.
- Watchlist content: the entities, keywords, and streams you choose to monitor.
- Usage logs: request paths, timestamps, IP address, response codes. Retained for 30 days for abuse detection and capacity planning.
- Billing: if you subscribe to a paid plan, Stripe (our payment processor) collects your card details and billing address. We do not store your card number. We do store the Stripe customer ID and subscription state.
What we do NOT collect
- We do not run third-party analytics, advertising trackers, or cross-site cookies.
- We do not sell or rent your personal information to anyone, ever.
- We do not maintain mailing lists or send marketing emails without an unsubscribe link.
How we use it
- To run the Service: authenticate you, render the pages you request, deliver the alerts you ask for.
- To bill you: charge your subscription via Stripe, send receipts.
- To improve the Service: aggregate usage patterns inform what we build next. Individual user behavior is never shared.
- To comply with law: we will respond to valid legal process and notify you unless the order prohibits notification.
Where it lives
Account data lives in a PostgreSQL database on a server we control in the United States. Backups are encrypted in transit and at rest. Payment data lives on Stripe’s PCI-compliant infrastructure; we never see card numbers.
Your rights
- Access: email hello@sunshinehawk.com and we will send you a copy of the personal data we hold about you.
- Correction: you can update your email and display name from the Account page.
- Deletion: email us and we will delete your account, watchlists, and associated personal data within 30 days. Stripe records are retained as long as legally required for financial recordkeeping.
- Portability: on request we will export your watchlist content as JSON.
Cookies
We set one cookie, sh.sid, which holds your signed session ID. It expires after 30 days of inactivity. We do not set any third-party cookies. Stripe Checkout (when you upgrade) sets its own cookies governed by Stripe’s privacy policy.
Children
The Service is not directed at children under 13. We do not knowingly collect personal data from anyone under 13. If you believe a child has signed up, email us and we will delete the account.
Changes to this policy
If we make material changes we will email you at the address on file at least 7 days before they take effect.