Privacy Policy

Last updated: March 2026

1. Who We Are

StoozeMax ("we", "us", "our") operates the stoozemax.com website and associated services. We are committed to protecting your personal data and your right to privacy.

2. What Data We Collect

Account data

When you create an account, we collect your email address and an authentication token. We use Supabase Auth for authentication.

Financial tracking data

Data you voluntarily enter: bank switches, 0% credit card details, regular saver accounts, direct debit records, and tasks. This data is stored securely and only accessible to you.

Preferences

Your notification preferences, experience tier, tax band, earnings goal, and other settings you configure.

Analytics

We use PostHog to understand how the platform is used. This includes page views, feature usage, and anonymised interaction data. We do not sell analytics data to third parties.

3. How We Use Your Data

  • To provide and maintain the Service
  • To send you deadline reminders and notifications (with your consent)
  • To personalise your experience (e.g. beginner vs power user mode)
  • To improve the platform based on usage patterns
  • To prevent abuse and maintain security

4. Data Storage & Security

Your data is stored in Supabase (hosted on AWS in the EU region) with Row Level Security (RLS) policies ensuring only you can access your own data. Passwords are handled by Supabase Auth and are never stored in plaintext. Open Banking tokens (if used) are encrypted at rest using pgcrypto.

5. Data Sharing

We do not sell your personal data. We share data only with:

  • Supabase — database and authentication hosting
  • Vercel — application hosting
  • Resend — transactional email delivery
  • Stripe — payment processing (Pro subscriptions only)
  • PostHog — anonymised product analytics

6. Cookies

We use essential cookies for authentication. PostHog may set analytics cookies. We do not use advertising cookies.

7. Your Rights (UK GDPR)

Under UK data protection law, you have the right to:

  • Access your personal data
  • Rectify inaccurate data
  • Delete your account and all associated data (via Settings)
  • Export your data
  • Object to processing
  • Withdraw consent for marketing emails at any time

8. Data Retention

We retain your data for as long as your account is active. When you delete your account, all your personal data is permanently deleted via cascading database deletions. Analytics data is retained in anonymised form.

9. Children

StoozeMax is not intended for users under 18. We do not knowingly collect data from minors.

10. Changes to This Policy

We may update this policy from time to time. We will notify registered users of significant changes by email.

11. Contact

For privacy-related enquiries, email us at privacy@stoozemax.co.uk.