Privacy Policy

This Privacy Policy explains what personal data BangMarket ("we", "our") collects, how we use it, and your rights. We try to keep things minimal — the less data we hold, the less can leak.

1. Who we are

BangMarket is operated by an individual based outside the United States. The Service consists of bangmarket.io and a private members' feed delivered through Whop. For data-protection questions: [email protected].

2. What we collect

• Waitlist email — only when you submit the form. We forward it to the Operator for follow-up.
• Subscription data — handled by Whop and Stripe. We see only the minimum information they pass us (email, subscription status). See Whop's privacy policy and Stripe's.
• Server logs — IP, country, user-agent, timestamp. Cloudflare retains these short-term for security and abuse prevention.

We do not run analytics scripts, advertising pixels, or third-party trackers. We do not set tracking cookies.

3. Why we collect it

• To deliver the broadcast you subscribed to.
• To follow up on your waitlist signup with launch updates and pricing news.
• To handle billing through Whop / Stripe.
• To prevent abuse and rate-limit our own endpoints.
• To meet legal and accounting obligations (e.g. tax records).

4. Legal basis (UK / EU)

If you are in the UK or EU, our lawful bases under the UK GDPR / EU GDPR are:

• Consent — when you submit the waitlist form, you are consenting to email contact for service updates. You can withdraw at any time.
• Contract — for paid subscribers, processing is necessary to deliver the Service.
• Legitimate interests — for security, abuse prevention, and operational analytics.
• Legal obligation — for tax / accounting records.

5. Who we share it with

• Cloudflare — hosts the site and edge functions.
• Whop — hosts the members' feed where signals are published and manages member access.
• Stripe — processes subscription payments (via Whop).

We do not sell your personal data. We do not share it with third parties for marketing.

6. Retention

Waitlist emails are kept until you ask us to delete them or until 24 months of inactivity, whichever is sooner. Subscription records are retained for as long as required for tax and accounting purposes. Cloudflare server logs follow Cloudflare's retention policy (typically days, not months).

7. International transfers

Our hosting (Cloudflare) and our processors (Whop, Stripe) operate globally. Personal data may be processed outside your country of residence. Where required, processors rely on standard contractual clauses or equivalent transfer mechanisms.

8. Your rights

Depending on where you live (UK, EU, California, and many other jurisdictions), you may have the right to: access the personal data we hold about you; have it corrected or deleted; restrict or object to its processing; receive it in a portable format; withdraw consent. Email [email protected] from the address you signed up with — we will action verified requests within 30 days.

If you are in the UK or EU and unhappy with how we handle your request, you may complain to your local supervisory authority (e.g. the ICO in the UK).

9. Cookies

The site itself does not set tracking cookies. Cloudflare may set short-lived cookies for security (e.g. bot mitigation), and Whop/Stripe set their own cookies on their checkout pages, governed by their own policies.

10. Children

The Service is not directed to anyone under 18. We do not knowingly collect data from minors. If you believe we have, contact us and we will delete it.

11. Changes

We may update this Policy. Material changes will be communicated via the Service. The "Last updated" date above always shows the current version.

This Privacy Policy is a starting template. Have a qualified lawyer review before launch — particularly if you expect significant UK/EU traffic, since the GDPR rules around lawful basis, consent capture, and data-subject rights are detailed and your final wording must reflect what your processors actually do.