We are committed to data minimization. We only collect information strictly necessary to provide and improve our services.
Technical Data: IP address, browser type, device identifiers, and operating system attributes.
Usage Data: Interaction metrics, pages visited, dwell time on price charts, and search queries within our site.
Account Data: If you explicitly register, we store your email address, profile name, and related authentication tokens via Supabase Auth.
Regional Preferences: Local storage data used to remember your preferred currency (e.g., USD/INR) and default city selections.
To guarantee your privacy and security, there are strict hardware and software boundaries on what we process.
Financial Details: We never ask for, collect, or store credit card numbers, bank accounts, or financial portfolios.
Government IDs: We do not process KYC documentation, Aadhaar, PAN, or any physical identifiers.
Highly Sensitive Data: We do not track political affiliations, religious beliefs, or health data.
Off-Site Tracking: We do not track your browsing history outside of the Metal Trend ecosystem.
We transparently utilize the information we gather exclusively for legitimate business purposes.
Service Optimization: Analyzing traffic patterns to distribute load across our edge networks and ensure real-time price feeds load instantly.
Personalization: Tailoring dashboard layouts and applying your saved city/metal preferences automatically.
Security Enforcement: Detecting, preventing, and mitigating fraudulent activity, DDOS attacks, or unauthorized API scraping.
Essential Communication: Sending administrative notifications, security alerts, and critical account updates (NO spam marketing).
To provide enterprise-grade reliability, we utilize vetted industry-leading third-party services.
Vercel (USA/Global): Cloud hosting, edge network deployment, and serverless functions.
Supabase (AWS Hosted): Secure PostgreSQL database operations, role-based access, and real-time synchronization.
Data Providers: External metal and oil pricing feeds. (Strictly one-way pulls; no user PII is ever transmitted to these entities).
Prisma: Internal ORM layer strictly mediating secure database communications without exposing user queries.
Our infrastructure architecture employs defense-in-depth methodologies to protect your digital footprint.
Encryption Protocol: All network transit is fortified via end-to-end TLS 1.3 encryption.
Zero-Knowledge Auth: We never log or visualize your plain-text passwords. All authentication utilizes heavily salted bcrypt hashes managed by Supabase.
Algorithmic Audits: Continuous, automated monitoring of our API edge layer to detect anomalous traffic anomalies.
Database Shielding: Utilizing Row-Level Security (RLS) policies within PostgreSQL guarantees users can solely interact with their proprietary data rows.
Under global privacy frameworks, you are empowered with complete control over your personal data footprint on our platform.
Right to Access: Request a comprehensive export of all personal analytics and account metadata currently retained by us.
Right to Rectification: Autonomously modify or correct any inaccuracies within your profile dashboard.
Right to Erasure ('Right to be Forgotten'): Instigate a permanent, irreversible deletion of your account and all associated telemetry.
Data Portability: Procure your operational data in a structured, standardized, and machine-readable JSON format.
We implement strict lifecycle policies ensuring data is purged intuitively when no longer necessary.
| Data Topology | Lifecycle Duration |
|---|---|
| Volatile Authentication Tokens | 24 Hours to 30 Days (Rolling) |
| Price History Aggregates | Permanent (Fully Anonymized) |
| Identifiable User Profiles | Retained merely until manual Account Deletion |
| Security & Diagnostic Audit Logs | Purged automatically after 1 Year |
Our sophisticated financial tracking services are strictly prohibited for adolescent users.
Age Gate: Our operations are not engineered for or directed toward individuals under the age of 18.
Preventative Measures: We do not knowingly solicit, harvest, or retain demographic data from minors.
Immediate Rectification: Upon discovering an underage account, our automated compliance system immediately isolates and expunges the associated dataset.
Guardian Inquiries: Authorized parents or guardians can contact our legal team for swift intervention.
We reserve the right to iteratively update this Privacy Policy to mirror technological advancements or legal mandate shifts.
Active Notification: Material modifications will be prominently broadcasted via our primary interfaces or direct email correspondence.
Passive Acceptance: Your persistent engagement with our services following an update constitutes definitive acknowledgment and consent to the revised terms.
For extensive data protection inquiries, audit requests, or to exercise your GDPR/CCPA rights, interface directly with our primary Privacy Officer.
Our Global Data Protection Officer is standing by to resolve regulatory complexities.
bharatmetalsmarkets@gmail.comStatutory Integrity Certified by Metal Trend.