Privacy Policy

1. Introduction

Fiftyone Group LLC (“Fiftyone,” “we,” “our,” or “us”) operates fiftyone.xyz and the 51 Terminal platform at terminal.fiftyone.xyz (collectively, the “Services”). This Privacy Policy explains what personal information we collect, how we use and protect it, and the rights you have over your data.

This Policy applies to visitors, newsletter subscribers, and authorized users of 51 Terminal, including institutional subscribers accessing the platform under a Master Subscription Agreement. By using the Services, you acknowledge that you have read and understood this Policy.

2. Information We Collect

We collect the following categories of information:

• Account Information: Email address, name, job title, employer, professional role, and any other details you provide during registration or onboarding.
• Authentication Data: Email one-time passwords (OTP), session tokens, and login timestamps managed through our authentication provider (Supabase).
• Billing Information: For paid subscriptions, billing details are collected and processed by our payment provider (Stripe). We do not store full payment card numbers on our servers.
• Usage and Access Logs: To protect our proprietary data and detect misuse, we log platform activity including pages viewed, data records accessed, export and download actions, search queries, timestamps, IP address, and user agent. These logs are associated with your user account.
• Consent Records: When you accept our Terms of Use or this Privacy Policy, we record the timestamp, user identifier, IP address, and the version of the document accepted. These records are retained indefinitely for legal and contractual evidence purposes.
• Device and Technical Information: Browser type and version, operating system, device identifiers, screen resolution, language preference, and referral URL.
• Cookies and Similar Technologies: See Section 8 below for details.
• Communications: Content of emails or support requests you send to us.

3. How We Use Your Information

We process personal data for the following purposes and on the following legal bases (where the EU General Data Protection Regulation applies):

• Service Delivery (Contract): To provide access to 51 Terminal, deliver newsletters and reports, manage subscriptions, and respond to support requests.
• Security and Fraud Prevention (Legitimate Interest): To authenticate users, detect unauthorized access, prevent scraping or systematic extraction of Platform Content, and investigate policy violations.
• Intellectual Property Protection (Legitimate Interest): To monitor compliance with our Terms of Use, detect unauthorized redistribution of proprietary data, and preserve evidence for enforcement of our rights. This includes the use of access logging and technical watermarking of displayed content.
• Product Analytics and Improvement (Legitimate Interest or Consent): To understand how users interact with the Services and to improve features, performance, and content.
• Legal and Compliance (Legal Obligation): To comply with applicable laws, respond to lawful requests, and enforce our agreements.

4. How We Share Information

We do not sell your personal data. We share personal data only with the following categories of recipients:

• Service Providers (Subprocessors): Third-party vendors who process data on our behalf under written agreements. Current subprocessors include:
  • Supabase — authentication and database hosting
  • Vercel — application hosting and content delivery
  • Stripe — payment processing (paid subscriptions)
  • Google (Gemini API) — AI chat and analysis features
  • Google Analytics 4 — product analytics
  • CoinMarketCap — market data enrichment
• Legal and Regulatory Authorities: Where required by law, court order, or lawful government request.
• Successors in Interest: In connection with a merger, acquisition, or sale of assets, subject to confidentiality protections.

5. Data Security

We implement reasonable administrative, technical, and physical safeguards to protect personal data. These include TLS encryption for data in transit, encryption at rest through our hosting and database providers, role-based access controls limiting staff access to user data, authentication via one-time passwords, and continuous monitoring for unauthorized access. No system is perfectly secure, and we cannot guarantee absolute security.

6. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, unless a longer retention period is required or permitted by law. Typical retention periods:

• Account Information: Retained for the duration of your subscription and for up to 24 months after account closure, unless deletion is requested.
• Billing Records: Retained for the period required by applicable tax and accounting laws (typically 7 years).
• Access and Usage Logs: Retained for up to 24 months for security, fraud prevention, and intellectual property enforcement purposes.
• Consent Records: Retained indefinitely as evidence of agreement to the Terms of Use and Privacy Policy.
• Support Communications: Retained for up to 36 months after the last interaction.

7. Your Rights

7.1 Rights Under the EU/UK GDPR

If you are located in the European Economic Area, the United Kingdom, or Switzerland, you have the following rights with respect to your personal data:

• Right of access to the personal data we hold about you
• Right to rectification of inaccurate or incomplete data
• Right to erasure (“right to be forgotten”)
• Right to restrict processing in certain circumstances
• Right to data portability in a machine-readable format
• Right to object to processing based on legitimate interest
• Right to withdraw consent where processing is based on consent
• Right to lodge a complaint with your local data protection authority

7.2 Rights Under the CCPA/CPRA

If you are a California resident, you have the following rights under the California Consumer Privacy Act, as amended by the California Privacy Rights Act:

• Right to know what personal information we collect, use, and disclose
• Right to delete personal information we have collected
• Right to correct inaccurate personal information
• Right to opt out of the sale or sharing of personal information
• Right to limit the use and disclosure of sensitive personal information
• Right to non-discrimination for exercising your rights

We do not sell personal information, and we do not share personal information for cross-context behavioral advertising.

8. Cookies and Tracking Technologies

We use cookies and similar technologies in the following categories:

• Strictly Necessary: Required for authentication, session management, and core platform functionality. These cannot be disabled.
• Analytics: Google Analytics 4 (measurement ID G-DLPZEWXZCF) to understand aggregate product usage. You may opt out via your browser settings or a cookie consent tool where available.
• Preferences: Local storage used for watchlists, read state, and user preferences. This data stays on your device.

9. International Data Transfers

Fiftyone Group LLC is based in the United States, and our subprocessors may process data in the United States and other jurisdictions. Where personal data is transferred from the European Economic Area, the United Kingdom, or Switzerland to a country that has not received an adequacy decision, we rely on appropriate safeguards such as Standard Contractual Clauses.

10. Children’s Privacy

The Services are intended for institutional and professional users and are not directed to individuals under the age of 16. We do not knowingly collect personal data from children. If you believe we have collected information from a child, please contact us so we can delete it.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the “Last Updated” date above and, where appropriate, notify you by email or through the Services. Your continued use of the Services after the changes take effect constitutes your acceptance of the revised Policy.

12. Contact Us

For questions about this Privacy Policy, to exercise any of your rights, or to submit a data protection inquiry, contact us at privacy@fiftyone.xyz.