Privacy

In short: we collect the little we need to run your account, bill you, and keep the API secure. We sign you in through GitHub or Google, so we never hold a password. We do not sell your data, and you can export or delete it at any time.

Who this covers

This policy applies to dino.markets, the API, and the account dashboard, which are operated by Nusantara Venture, LLC, a Delaware company and the controller of your data. It does not cover Kalshi, Polymarket, or any other site you reach from ours. Those services have their own privacy policies, and you should read them before you connect an account there.

What we collect

Account data

When you sign in with GitHub or Google we receive your email address, a provider account id, and your name and avatar if the provider shares them. We do not receive or store a password, since sign-in happens at the provider.

Billing data

Paid plans are handled by Stripe. Stripe processes your card and stores it on their systems. We receive a customer id, your plan, and the status of your subscription and invoices. We never see or store your full card number.

Usage and technical data

To run and protect the service we log API requests, the key used, response status, timestamps, and the IP address a request came from. We use a single essential cookie to keep you signed in. We do not run non-essential or advertising cookies at launch.

How we use your data

• Provide the API, the live feed, and the dashboard.
• Authenticate you and protect accounts and keys from abuse.
• Bill your plan and send the billing email that Stripe handles.
• Diagnose problems, measure reliability, and improve the service.
• Meet legal, tax, and accounting obligations.

Our legal bases

Where the GDPR applies, we rely on performance of our contract with you (to provide the service and bill it), our legitimate interests (to keep the service secure and working), your consent where we ask for it, and compliance with the law. You can object to processing based on legitimate interests at any time.

Who we share it with

We share data only with the providers that run the service on our behalf, under contracts that limit them to our instructions. These include Supabase (accounts and database), Stripe (billing), Vercel (the website and dashboard), Fly.io (the API), and Cloudflare (network and email routing). We may also disclose data when the law requires it. We do not sell your data or share it for advertising.

International transfers

Our providers operate in several countries, so your data may be processed outside the place you live. Where that happens we rely on the safeguards those providers offer, such as standard contractual clauses, to protect it.

How long we keep it

We keep account and usage data while your account is open and for as long as we need it to run the service and meet legal and accounting duties. When you delete your account we remove or anonymize your personal data, except for records we are required to retain, such as invoices.

Your rights

Depending on where you live, you can ask to see the data we hold, correct it, export it, or have it deleted, and you can object to or restrict certain processing or withdraw consent. The dashboard lets you export your data and delete your account directly. To make any other request, email us. If you are in the EU or UK you may also complain to your local data protection authority.

Security

We encrypt data in transit, store API keys only as hashes and show each key once, and limit who can reach production systems. No service can promise perfect security, so please keep your keys secret and tell us if you suspect a problem.

Children

dino.markets is for adults and is not directed at anyone under 18. We do not knowingly collect data from children. If you believe a child has used the service, contact us and we will remove the data.

Changes and contact

We will update this page when our practices change and move the date at the top. Questions or requests go to support@dino.markets. See also our Terms and Disclaimer.