← Back to Canarist

Privacy Policy

Last updated: March 12, 2026

1. Who We Are

Canarist ("we," "us," "our") is an AI-powered early warning system for small and medium-sized businesses. This policy explains how we collect, use, and protect your personal data when you use our website at canarist.com and our services.

2. Data We Collect

Account Data

When you sign up, we collect: email address, company name, industry, and geographic regions relevant to your business.

Profile Data

To personalize alerts, we collect: supplier countries, export markets, product categories, and alert delivery preferences. You provide this during onboarding and can update it at any time.

Usage Data

We collect anonymized analytics: pages visited, features used, alert interactions (opened, dismissed, marked as useful). We use Vercel Analytics for this purpose. No cookies are used for tracking.

Waitlist Data

If you join our waitlist, we collect your email address to notify you when access is available.

3. How We Use Your Data

  • To provide and personalize our service (generating relevant alerts for your business profile)
  • To communicate with you about your account, alerts, and service updates
  • To improve our product based on aggregated, anonymized usage patterns
  • To send waitlist notifications (email only, opt-out available)

We do not sell, rent, or share your personal data with third parties for marketing purposes.

4. Third-Party Services

We use the following services to operate Canarist:

  • Supabase — Database and authentication (EU region, SOC 2 compliant)
  • Vercel — Hosting and analytics
  • Resend — Transactional email delivery
  • OpenAI / Anthropic — AI processing of public news data (your personal data is not sent to these services; only public event data is processed)
  • Stripe — Payment processing (when applicable)

Each provider has their own privacy policy and data processing agreements.

5. Data Storage and Security

Your data is stored in Supabase (EU-West-1 region). We implement:

  • Encryption in transit (TLS 1.3) and at rest
  • Row Level Security (RLS) — each user can only access their own data
  • bcrypt password hashing
  • JWT-based authentication with automatic token expiration

6. Your Rights (GDPR)

If you are in the EU/EEA, you have the right to:

  • Access — Request a copy of the personal data we hold about you
  • Rectification — Correct inaccurate data
  • Erasure — Request deletion of your data ("right to be forgotten")
  • Portability — Receive your data in a machine-readable format
  • Objection — Object to processing of your data
  • Restriction — Request restricted processing

To exercise any of these rights, email us at privacy@canarist.com. We will respond within 30 days.

7. Cookies

We use only essential cookies required for authentication (session cookies). We do not use advertising or tracking cookies. Vercel Analytics operates without cookies.

8. Data Retention

We retain your account data for as long as your account is active. If you delete your account, we will delete your personal data within 30 days. Anonymized, aggregated data may be retained for product improvement purposes.

9. Children

Canarist is a business tool not intended for use by individuals under 18. We do not knowingly collect data from minors.

10. Changes

We may update this policy from time to time. We will notify registered users of material changes via email. The "last updated" date at the top reflects the most recent revision.

11. Contact

For privacy-related questions or requests: privacy@canarist.com

built by
Alexander