Privacy Policy

FirmBase ("we," "us," or "our") operates firmbase.io, a comparison tool for futures prop trading firms. This policy explains what data we collect, why, and how we protect it.

Account Data

When you create an account, we collect your email address and an optional display name. Accounts are managed through Supabase Auth. We do not store passwords directly — authentication is handled securely by Supabase.

Email Subscriptions

When you subscribe to rule change alerts, we store your email address, subscription preferences (selected firms), and a verification status. Unverified subscriptions do not receive emails. You can unsubscribe at any time via the link in every email.

User-Generated Content

Reviews you submit include your rating, title, and body text. Reviews are associated with your account and displayed publicly with your display name (or "A Trader" if no name is set).

Usage Data

We use Vercel Analytics for page view tracking and Core Web Vitals monitoring. If you consent to cookies, we also use Google Analytics 4 (GA4) for behavior analysis. GA4 is only loaded after you grant cookie consent.

Saved Preferences

Saved comparisons, watched firms, and theme preference are stored to provide a personalized experience. Comparison history is stored in your browser's localStorage.

• To provide and improve the comparison tool and related features
• To send weekly rule change digest emails to verified subscribers
• To display your reviews alongside firm data
• To track affiliate link clicks for revenue reporting
• To monitor site performance and fix bugs

Essential cookies: Theme preference is stored in localStorage (not a cookie). Supabase Auth uses secure, HttpOnly cookies for session management. These are strictly necessary and do not require consent.

Analytics cookies: Google Analytics 4 sets cookies for behavior analysis. These are only loaded after you provide consent via the cookie banner. You can withdraw consent at any time by clearing your browser cookies.

Vercel Analytics: Collects anonymous page view data and Web Vitals without setting cookies.

• Supabase — Database, authentication, and storage
• Vercel — Hosting, analytics, and edge functions
• Google Analytics — Behavior analysis (consent-gated)
• Resend — Transactional email delivery
• Sentry — Error monitoring (when configured)

Each service processes data according to their own privacy policies. We do not sell your data to any third party.

FirmBase contains affiliate links to prop trading firms. When you click an affiliate link, we record the click (firm, timestamp, referrer) for revenue reporting. These clicks are anonymous — they are not tied to your user account.

Account data is retained until you delete your account. You can delete your account at any time from the dashboard settings page. Account deletion permanently removes your profile, reviews, saved comparisons, watchlist, and email subscriptions.

Email subscriptions can be removed independently by clicking the unsubscribe link in any digest email.

You have the right to:

• Access the data we hold about you (your profile and reviews are visible in the dashboard)
• Correct your data (edit your display name or reviews)
• Delete your data (delete your account or individual reviews)
• Withdraw cookie consent (clear cookies to reset)
• Unsubscribe from emails at any time

We use HTTPS everywhere, secure HttpOnly cookies, rate limiting on all API endpoints, Row Level Security (RLS) in our database, and Content Security Policy headers. Admin access uses HMAC-based authentication with timing-safe comparison.

We may update this policy from time to time. Changes will be reflected by the "last updated" date at the top of this page.

For privacy-related questions, contact us at privacy@firmbase.io.