BESS ArbitrageBESS Arbitrage
← Back to Home

Privacy Policy

Last updated: June 2026

1. Introduction

BESS Arbitrage ("we", "us", "our") is committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, and protect your information when you use bessarbitrage.com, in compliance with the EU General Data Protection Regulation (GDPR).

2. Data We Collect

  • Account data: name and email obtained via Google sign-in
  • Payment data: transaction records processed via Stripe. We never store card details
  • Usage data: simulation parameters, report history, and run counts
  • Communication data: messages sent to our support email
  • Technical data: IP address, browser type, and cookies for basic analytics

3. How We Use Your Data

We use your data to provide the platform, process payments and deliver reports, manage your account and run entitlements, respond to support, send transactional emails, and comply with legal obligations. We do not sell your personal data and do not use it for advertising.

4. Legal Basis for Processing (GDPR)

  • Contract performance — to deliver the service you purchased
  • Legitimate interests — to operate and improve the platform
  • Legal obligation — to comply with applicable laws
  • Consent — for optional communications such as newsletters

5. Data Retention

We retain account and transaction data while your account is active and for up to 5 years thereafter for legal and accounting purposes. You may request deletion at any time (see Section 8).

6. Third-Party Services

  • Google — authentication
  • Supabase — database, authentication, and hosting infrastructure
  • Stripe — payment processing
  • Resend — transactional email delivery
  • ENTSO-E / Ember — electricity market data

7. Cookies & Analytics

We use minimal cookies necessary for authentication and session management. We do not use advertising or tracking cookies. For website analytics we use a self-hosted, cookieless analytics tool (Umami) that measures aggregate page views, visit duration, and traffic sources without cookies and without storing your IP address or any personally identifying information — so no consent banner is required. When you arrive via a campaign link we record the originating channel (e.g. LinkedIn, Substack, Google) on your account to understand how people discover us; we never sell this data or use it for advertising.

8. Your GDPR Rights

You have the right to access, correct, delete, restrict or object to processing, and to data portability. To exercise any of these, contact support@bessarbitrage.com. We respond within 30 days.

9. Data Security

We implement appropriate technical and organisational measures to protect your data. Payment data is handled exclusively by Stripe and never stored on our servers.

10. Contact & Data Controller

Email: support@bessarbitrage.com

Privacy Policy — BESS Arbitrage