Menu
X GitHub YouTube

Privacy Policy

1. Data Controller

Antoine Mecker, operating as Mecker Capital.
Contact: privacy@meckercapital.com

2. Data We Collect

  • Email address — when you sign up for the free guide, join a course waitlist, or create an account.
  • Authentication data — session tokens stored in secure, httpOnly cookies when you log in via magic link.
  • Payment data — processed by Stripe. We store your Stripe customer ID and subscription status. We never store card numbers.
  • Analytics data — anonymous page views and performance metrics collected by Vercel Analytics, only if you consent via the cookie banner.
  • API key and tier information — when you subscribe to the Signal API. We store your API key hash, subscription tier, and usage metadata (request count, rate limit status).
  • API request logs — IP address, endpoint called, timestamp, and response status code. We do not log request payloads or response data.
  • Blockchain transaction data — for x402 pay-per-call payments, your wallet address and transaction hash on Base (Ethereum L2) are recorded on-chain. We do not control or store private keys.

3. Legal Basis for Processing

Under Article 6 of the GDPR:

  • Consent — analytics cookies, email collection for the free guide and course waitlist.
  • Contract performance — authentication (login), payment processing, delivery of paid content.
  • Legitimate interest — site security and fraud prevention.

4. How We Use Your Data

  • Deliver content you requested (guides, paid articles).
  • Process payments and manage your subscription.
  • Notify you when courses launch (waitlist only).
  • Understand site performance and content reach (analytics, with consent).
  • Authenticate API requests, enforce rate limits, and manage subscription tiers.
  • Process x402 micropayments for pay-per-call API usage.

5. Data Processors

  • Supabase — authentication and database hosting.
  • Stripe — payment processing and subscription management.
  • Vercel — website hosting and analytics.
  • Base (Coinbase L2) — on-chain settlement for x402 pay-per-call payments.
  • Hostinger — VPS hosting for the Signal API.

6. International Data Transfers

Supabase, Stripe, and Vercel are US-based companies. Transfers are governed by Standard Contractual Clauses (SCCs) and, where applicable, the EU-US Data Privacy Framework.

Hostinger is based in Lithuania (EU), so Signal API hosting does not involve a third-country transfer.

7. Data Retention

  • Email addresses collected via guide or waitlist forms are retained until you request deletion.
  • Authentication session data expires according to Supabase defaults.
  • Payment and subscription data is retained by Stripe per their data retention policy.
  • Analytics data is aggregated and anonymized by Vercel.
  • API request logs are retained for 30 days, then deleted.
  • API keys are retained for the duration of your subscription and deleted upon account closure.
  • Blockchain transactions are permanent and publicly visible on Base.

8. Your Rights

Under Articles 15 to 22 of the GDPR, you have the right to:

  • Access your personal data.
  • Rectify inaccurate data.
  • Request erasure of your data.
  • Restrict processing.
  • Data portability.
  • Object to processing.
  • Withdraw consent at any time (for analytics, via the cookie banner).

To exercise any of these rights, email privacy@meckercapital.com. You also have the right to lodge a complaint with your local data protection authority.

9. Cookies

This site uses strictly necessary cookies for authentication and a consent cookie to remember your preference. Analytics cookies are only set with your consent. For full details, see our Cookie Policy.

10. External Links

Links to Substack, X, YouTube, and other third-party platforms are governed by their own privacy policies.

11. Changes to This Policy

Updates will be posted on this page with an updated effective date.

Effective date: April 18, 2026.