Privacy Policy

Overview

BigShort, Inc. ("BigShort", "we", "us", "our") respects your privacy. This Privacy Policy explains what we collect, why we collect it, and the choices you have. It applies to bigshort.com, app.bigshort.com, and the BigShort web platform (collectively, the "Service").

Information we collect

Information you give us

• Account info — email, name, password hash, country
• Billing info — handled by our payment processor (Stripe). We store the last 4 digits and card brand for receipts; we never see the full number
• Phone number (optional) — used to deliver Spodin SMS alerts. Providing a phone number is opt-in. By doing so you consent to receive transactional SMS from BigShort related to alerts and account security; standard message and data rates may apply. Reply STOP to any message to unsubscribe and HELP for help. Disabling Spodin SMS in your account settings removes your number from active SMS lists.
• Communications — emails, support tickets, Discord messages you send to us
• Profile preferences — chart layouts, watchlists, notification settings

Information collected automatically

• Usage data — pages visited, features used, session duration
• Device data — browser, OS, screen size, IP address (used for fraud and concurrent-session detection)
• Cookies and similar — see Cookies below

Information from third parties

We receive limited account info from Stripe when you pay, and from Discord when you link an account. We do not buy mailing lists or enrich your profile from data brokers.

How we use your information

We use the data we collect to:

• Operate the Service — log you in, render your charts, sync watchlists across devices
• Bill your subscription and send receipts
• Provide support and respond to your messages
• Send service emails (security alerts, billing changes, important platform announcements)
• Send product emails you've opted into (e.g., feature updates, optional announcements) — opt out any time
• Improve the platform — debug errors, analyze which features people use
• Detect abuse, fraud, account sharing, and security threats
• Comply with legal obligations

How we share information

We do not sell your personal information. We share it only with:

• Service providers who process data on our behalf — payment processors (e.g., Stripe), transactional email and notification providers, hosting and infrastructure providers, error and performance monitoring providers, analytics providers, and customer support tooling. A current list of subprocessors is available on request from [email protected].
• Affiliates within the BigShort corporate family
• Legal authorities when required by law or valid legal process
• An acquirer in the event of a merger, acquisition, or asset sale, with notice to you and continued protection under this Policy
• Market data providers and exchanges — to grant access to live market data, we are required to share certain account information (your full legal name, residential address, employer if applicable, job title, and your declared trader status — Non-Professional or Professional) with our data providers and the exchanges they represent (including the consolidated tape provider, NYSE, Nasdaq, OPRA, and FINRA). They use this information solely to verify your eligibility for the data feeds you access and to comply with their own regulatory requirements. If you decline to provide it, we cannot grant access to live market data.

Each service provider is contractually limited to the data we send them, and they may not use it for their own purposes.

Discord integration

BigShort uses Discord, Inc. as a third-party community platform for member chat, signals, and announcements. When you link your BigShort account to Discord:

• We send your Discord user ID and a flag for your subscription tier to Discord's API so we can grant or revoke access to subscriber-only channels.
• We store the link between your Discord account and your BigShort billing account so we can automatically add or remove you from those channels when your subscription starts, ends, changes tier, or lapses.
• Anything you post inside Discord — messages, voice, profile data — is collected and stored by Discord under Discord's own Privacy Policy.
• Disconnecting Discord in your BigShort settings removes the link on our side. Deleting data stored on Discord is governed by Discord.
• BigShort may capture and republish content posted in our Discord — for example, screenshots used in marketing, social media, or educational content. By posting in our Discord, you understand that staff and other members can see your messages and that BigShort may republish them. If you want to opt out of having your Discord username or messages used in BigShort marketing, contact [email protected].

Cookies & tracking

We use cookies and similar storage for three things:

• Essential — keeping you logged in, remembering your chart layout, fraud prevention. These can't be turned off.
• Analytics — privacy-respecting analytics, IP-anonymized, help us understand which features get used. You can opt out in your account settings.
• Conversion measurement — Google Tag Manager fires only on the marketing site (not in the app) and is opt-in via the cookie banner.

We respect "Do Not Track" and Global Privacy Control signals, treating both as a request to disable non-essential cookies.

Data retention

We keep your account data while your account is active and for up to 90 days after deletion, then we permanently remove it from production systems. Backup retention is up to 12 months.

Billing records (invoices and tax receipts) are retained for 7 years to satisfy U.S. tax law.

Your rights

Depending on where you live, you may have rights to:

• Access the personal data we hold about you
• Correct inaccurate data
• Delete your data ("right to be forgotten")
• Export your data in a portable format
• Restrict or object to certain processing
• Withdraw consent for marketing emails (any time, no penalty)

We honor these rights for everyone, regardless of jurisdiction. Email [email protected] with your request and we'll respond within 30 days.

To delete your account and data, email [email protected] from the address tied to your BigShort account. We will confirm receipt, verify the request, and complete deletion within 30 days, subject to the retention schedule above. Some records — billing invoices, audit logs required for fraud or legal compliance — are retained per applicable law.

For California residents (CCPA / CPRA)

In addition to the rights above, California law requires us to disclose:

• Categories of PI collected: identifiers; commercial information; internet or network activity; approximate geolocation (from IP); professional or employment information; inferences.
• Sources: you; automatic collection from your use of the Service; payment processors; Discord (when linked); market-data providers (when verifying trader status).
• Business and commercial purposes: operating the Service, billing, fraud and security, legal compliance, communications, and platform improvement.
• Sensitive PI: we do not collect or process sensitive personal information to infer characteristics about you.
• Sale or sharing: we have not sold or shared personal information for cross-context behavioral advertising in the past 12 months and do not do so now.
• Authorized agent: you may designate one to make a request on your behalf with reasonable proof of authorization.
• Non-discrimination: we will not deny service, charge different prices, or provide a different level of service for exercising your privacy rights.

For residents of other US states with privacy laws

If you reside in Colorado, Connecticut, Virginia, Utah, Texas, Oregon, Montana, or another US state with a comprehensive consumer privacy law, you may have rights similar to those described above — to access, correct, delete, port, and limit the processing of your personal data, and in some states to opt out of targeted advertising, profiling, and the sale of personal data. We honor these rights for all US residents regardless of state of residence. To exercise them, email [email protected].

For EEA / UK residents (GDPR)

Our legal bases for processing are: contract (running the Service you signed up for), legitimate interests (preventing fraud, improving the platform), and consent (marketing emails, optional analytics). You may also lodge a complaint with your local supervisory authority.

Security

We use industry-standard security practices: TLS in transit, AES-256 at rest, bcrypt/argon2 for passwords, MFA for staff accounts, least-privilege access, audit logging, and regular external security reviews.

No system is perfectly secure. If you suspect your account is compromised, change your password immediately and email [email protected].

Children's privacy

BigShort is not directed at children under 18. We don't knowingly collect personal information from children under 18. If you believe we have, contact us and we'll delete it.

International data transfers

BigShort is based in the United States. If you access the Service from outside the U.S., your data will be transferred to and processed in the U.S. and other countries where our service providers operate. We rely on appropriate safeguards where required, including the European Commission's Standard Contractual Clauses (SCCs) for transfers from the EEA, the UK International Data Transfer Addendum to the SCCs for transfers from the United Kingdom, and the relevant FDPIC-recognized mechanisms for transfers from Switzerland.

Changes to this policy

We may update this Policy from time to time. Material changes will be announced by email and on the Service at least 14 days before they take effect. The "Last updated" date at the top of this page reflects the most recent revision.

Contact us

For privacy questions, requests, or complaints:

BigShort, Inc.
Vancouver, WA · USA
[email protected]