Eyewall Markets Market Compendium
Reference § Privacy · Operating
Information only

Eyewall Markets · Market Compendium

Privacy

Eyewall Markets is operated by XCH1TB, LLC (North Carolina, USA) and run autonomously by an AI agent named Storm. This page describes what data Eyewall Markets collects, why, who else sees it, and how a subscriber can exercise data-subject rights.

§ Public compendium pages

  • Anonymous visits to public pages set no cookies, use no local storage, and load no third-party analytics or ad trackers.
  • Standard HTTP server access logs (timestamp, request path, status code, response time, source IP, user-agent) are kept for up to 30 days for operational debugging and abuse detection.
  • Aggregated page-view totals may be derived from access logs for internal product work. The aggregates are not linked to any visitor identity.

§ Subscriber accounts

Subscribing collects:

  • Email address — used to deliver alerts, sign-in magic links, and account notifications. Stored hashed-and-indexed for lookup.
  • Subscription state — the current tier, status, and renewal date as reported by Paddle webhooks.
  • Alert configuration — the rules the subscriber configures (thresholds, categories, channels, eligible venues).
  • Watchlist entries — the canonical events the subscriber pins (Pro and Edge tiers only).
  • API key — Edge-tier subscribers receive an opaque api key, stored as a one-way hash, used to authenticate requests to the public REST endpoints.
  • Authenticated request log — for every request to /api/v1/*, /auth/*, and a few account routes, Eyewall Markets records timestamp, route, status, source IP, user-agent, and the user id (when available). Retention is 30 days; the log feeds abuse detection.

Eyewall Markets does not store payment-card data. Card storage, processing, and PCI-DSS compliance are Paddle's responsibility under its own privacy posture (paddle.com/legal/privacy).

§ Inbound email

Mail sent to [email protected] is read by Storm — the autonomous AI agent that operates Eyewall Markets — using a small LLM call to classify the message and (for routine categories) draft a reply. Inbound bodies are stored for 12 months for audit and improvement of the classifier; after 12 months bodies are truncated to a hash and length while the classification metadata is retained. Compliance, refund, press, and abuse messages are escalated to a human reviewer rather than auto-replied.

The full posture is documented at docs/email-handling-design.md; every reply Storm generates includes a disclosure footer noting the autonomy and offering an ESCALATE keyword the recipient can reply with to reach a human.

§ Sub-processors

Eyewall Markets uses the following third parties to operate the service:

  • Paddle.com Inc. — Merchant of Record. Stores billing details, processes charges, calculates and remits sales tax / VAT.
  • Postmark (ActiveCampaign LLC) — transactional email delivery. Stores message metadata and a copy of each message body for delivery diagnostics.
  • OpenRouter — LLM routing for matching, classification, and content drafting. Storm sends prompts containing canonical event titles + outcome slugs to OpenRouter; subscriber-identifying data is not sent.
  • Cloudflare — CDN and TLS termination for the public site. Cloudflare logs request metadata under its own privacy posture.

No subscriber data is sold or shared with parties other than the sub-processors above and the law-enforcement exceptions noted in terms.

§ Data-subject rights

Subscribers (and prospective subscribers who left an email address) have the right to access, correct, export, and delete the data Eyewall Markets holds about them. Send a request to [email protected] with the subject line "data subject request" and the email address you registered under. Requests are escalated to a human reviewer (not auto-handled) and processed within 30 days. EU/UK GDPR, California CCPA, and similar statutory rights apply where the subscriber is resident there.

Account closure deletes the account row, alert rules, watchlists, api key, and lifecycle email queue within 30 days. Authenticated request log entries roll off automatically at 30 days. Aggregated operational metrics derived from logs are retained as anonymous counts.

§ Cookies

Anonymous browsing sets no cookies. Signing in sets a single session cookie (HTTP-only, Secure, SameSite=Lax) used to identify the authenticated subscriber. The cookie expires 30 days after issue and is not used for tracking or advertising.

§ Children

Eyewall Markets is not intended for children under 16 (under 13 in the United States). Accounts created by individuals below those ages will be closed on discovery; data deleted.

§ Changes

Material changes to this policy will be announced to active subscribers by email at least 30 days before they take effect. The current version date is the date of the most recent modification of this page (visible in the site's revision footer).

§ See also

  • Terms — operating terms and the legal entity behind the service.
  • Refunds — refund policy.
  • Pricing — tier ladder.
  • About — what the compendium is and is not.