MarketSnipe is the registered business name of Jonathan Palacio trading as MarketSnipe (ABN 75 692 080 724), an individual/sole trader registered in Australia. We handle personal information in line with Australian privacy law and the Australian Privacy Principles where they apply. This policy explains, in plain English, what data we collect, why, and what we do with it.
What we collect
We only collect what's needed to run the service:
Account info: your email address, full name, and a hashed password.
Device notification data: if you enable device notifications, we store a browser push subscription endpoint, public keys, user-agent metadata, and delivery status so alerts can reach that device.
Legacy Telegram identifier: if you previously connected Telegram, we may retain the numerical Telegram ID temporarily for migration, support, rollback, or account history. It is not required for customer alerts after the app-native cutover.
Alert configuration: the alert criteria you set up. This is information you provide voluntarily.
Scanner activity: records of which listings we scanned for you, our AI's score, and whether we sent you an alert. We generally retain scan logs for up to 90 days unless we need them longer for security, billing, legal, abuse-prevention, or troubleshooting reasons.
Billing info: handled entirely by Stripe. We never see or store your card numbers — Stripe gives us a customer ID, that's it.
Technical logs: standard server logs (IP address, request timestamps, user-agent) retained for up to 30 days for security purposes.
What we don't collect
We don't ask for or store your Facebook account credentials.
We don't track you across other websites.
We don't use third-party analytics that build behavioural profiles (no Google Analytics, no Facebook Pixel).
We don't sell your data. Ever.
Why we collect it
Strictly to provide the service:
Your email and password let you log in.
Your push subscription lets us send optional device notifications.
Your alerts drive our scanner.
Scan logs let you see your dashboard and let us debug issues.
Server logs let us catch abuse and stop attackers.
Who we share with
We use a small set of trusted service providers ("processors") to operate. Each handles a narrow piece of your data and is bound by privacy obligations:
Supabase (cloud database): stores your account, alert configuration, scanner state, and scan history. Depending on project configuration, Supabase may process or store data outside Australia.
Stripe (US, PCI-compliant): handles all payment information.
Anthropic (US): receives limited listing-related content when needed to support automated matching. We do not intentionally send your account identifiers.
Google AI Studio (US): receives listing images and listing-related content for automated matching. We do not intentionally send your account identifiers.
Browser and platform push services (for example Apple, Google, Microsoft, or Mozilla, depending on your browser/device): receive encrypted push notification payloads when you enable device notifications.
We do not share your data with anyone else, for any reason, including marketing.
International data transfers
Some of our processors may process or store data outside Australia, including in the United States, European Union, Singapore, or other cloud regions used by those providers. Where APP 8 applies, we take reasonable steps to use reputable providers and to ensure they handle personal information consistently with Australian privacy expectations.
How we secure your data
All data in transit is encrypted with TLS 1.2+.
Passwords are hashed with bcrypt — even we can't read them.
API keys for AI services are server-side only, never exposed to your browser.
We use rate limiting, signed webhooks, and a Content Security Policy to prevent common attacks.
Access to production systems is restricted to authorised administrator/operator accounts.
How long we keep it
Active accounts: indefinitely while you're a customer.
Scan logs: generally up to 90 days, unless needed longer for security, billing, legal, abuse-prevention, or troubleshooting reasons.
Server logs: 30 days.
Cancelled accounts: we delete or de-identify personal information within a reasonable period after cancellation or verified deletion request, except where we need to retain records for legal, billing, tax, security, dispute, or fraud-prevention reasons. Billing records may need to be retained for up to 7 years.
Your rights
You can ask us to:
Access the personal information we hold about you
Correct it if it's inaccurate
Delete your account and have us erase your personal data
Complain to us about how we handle your personal information
We use one piece of browser storage: a JSON Web Token in localStorage that keeps you signed in. There are no third-party cookies, no advertising trackers, no analytics scripts. You can clear this at any time by signing out.
Children
MarketSnipe is not directed at users under 18. If we discover we've collected information from someone under 18, we delete it.
Changes to this policy
We'll email you and post a notice on this page if we make material changes. Minor edits get a version-number bump and the "Last updated" date.