Privacy Policy
We built BuyThe200 to be lean and respectful of your data. This policy explains what we collect, what we don’t, where it lives, and what rights you have over it — in plain language, with the legal references where they matter.
01 Summary at a glance
If you only read this section, here’s the deal:
No accounts
We don’t require you to register. Browsing the Site doesn’t create an account or profile.
Local-first watchlist
Your watchlist lives in your browser’s localStorage by default. If you save alert settings, we also store the selected symbols on our server so alerts can evaluate them.
Alerts are opt-in
Email and SMS alert details go to our server only when you choose to configure them.
No ad tracking
No Facebook Pixel, no Google Ads tag, no third-party retargeting trackers.
Minimal data
We collect what we need to serve charts, deliver alerts, and keep the Site online — nothing more.
02 Who is responsible
BuyThe200.com is operated by Kernel Media, a company in the Province of British Columbia, Canada. Kernel Media is the “data controller” for purposes of Canadian PIPEDA, the EU/UK GDPR, and the California Consumer Privacy Act (CCPA/CPRA), where those laws apply.
03 Scope of this policy
This policy applies to information collected through buythe200.com, including any articles, the live scanner, charts, the deep-dive modal, the alert configuration form, and any email or SMS alerts we send you. It does not cover third-party sites we link to — those are governed by their own policies (see Section 9).
04 What we collect
Information you provide directly
- Email address — only if you fill in the alert configuration form to receive email signal alerts.
- Phone number — only if you fill in the alert configuration form and opt in to SMS alerts.
- Alert preferences — threshold percentage, selected channels (email / SMS / weekly digest).
Information collected automatically
- Standard server logs from our hosting provider: IP address, user-agent, request URL, timestamp, response status, and referrer. These are retained for short periods to debug, protect against abuse, and meet hosting requirements.
- Performance & error data: when our JavaScript catches an exception, it may log the error message and stack trace to the browser console; this stays on your device unless our server-side proxy logs an upstream API failure (no PII is recorded in those logs).
Information stored on your device
- localStorage: your watchlist symbols and a couple of UI preferences (e.g., last-selected ticker for the chart). If you only browse the site, this data stays on your device. If you subscribe to alerts and save your settings, we also store the symbols you chose on our server so we can evaluate and deliver those alerts.
- WordPress functional cookies may be set by the underlying CMS for things like anti-CSRF nonces. We do not set advertising or cross-site tracking cookies.
05 What we don’t collect
For clarity, we do not collect or use:
- − Your real name (we don’t ask for it)
- − Postal address
- − Date of birth
- − Brokerage account info, holdings, or balances
- − Payment information (the Site is free)
- − Social-media identifiers
- − Cross-site behavioral / advertising profiles
06 How we use information
| Information | Purpose |
|---|---|
| Email address | Send signal alerts and the optional weekly digest you opted in to. |
| Phone number | Send opt-in SMS signal alerts via Twilio. |
| Threshold, channel preferences, and saved symbols | Decide whether and how to alert you for a given signal on the stocks you selected. |
| Server logs | Operate the Site, debug errors, prevent abuse, enforce rate limits. |
| localStorage data | Restore your watchlist and UI state on subsequent visits. |
We do not sell, rent, or trade your personal information. We do not use your data to train models, build advertising profiles, or share with data brokers.
07 Legal bases for processing (GDPR / UK GDPR)
If you are located in the EU, EEA, UK, or Switzerland, our legal bases under Article 6 of the GDPR are:
- Consent — for sending you signal alerts to the email/phone you submit (Art. 6(1)(a)). You may withdraw consent at any time.
- Legitimate interests — operating, securing, and improving the Site, including standard server logs and abuse prevention (Art. 6(1)(f)).
- Legal obligation — if and when we must respond to a lawful request from a regulator or court (Art. 6(1)(c)).
08 Cookies & local storage
BuyThe200 is intentionally light on cookies. Here’s the inventory:
| Storage | What it does |
|---|---|
localStorage — watchlist + UI prefs | Restore your scanner symbols, last selected chart symbol, and deep-dive state on this device. |
| Subscriber database | If you save alert settings, we store your selected symbols alongside your email preferences so the alert engine can evaluate them. |
| WordPress nonce cookie | CSRF protection for form submissions; expires automatically. |
| Hosting / CDN cookies | If your edge provider sets them for caching or routing — functional only, no PII. |
You can clear localStorage at any time via your browser’s settings (or DevTools → Application → Storage). Doing so will reset your watchlist; nothing else is affected.
09 Third-party services
We rely on a small number of third-party services to make the Site work. Each receives only the minimum information required to perform its role.
| Service | Role | Data exposed |
|---|---|---|
| Yahoo Finance | Quote & chart data (via our server-side proxy) | None of your personal data — only ticker symbols are queried. |
| Google Fonts | Web font delivery | Your IP address may be logged by Google when fonts load. |
| Twilio | SMS alert delivery (only if you opt in) | The phone number you submitted and the alert message text. |
| WordPress / hosting provider | Site delivery, server logs | Standard request metadata (IP, UA). |
Each provider has its own privacy policy; we encourage you to review them. We do not control their practices, and they are independent data controllers for the data they receive.
10 Data-flow diagram
What happens when you use the Site, top to bottom:
The only path your personal data takes is the alert form → our server → (optionally) Twilio for SMS, or our outgoing mail provider for email.
11 Retention
- Alert preferences: kept until you clear them via the Site or request deletion.
- Server logs: typically rotated within 30–90 days by our hosting provider.
- Email delivery records: kept by our outgoing mail provider per their retention policy (typically 30–180 days).
- localStorage: persists in your browser indefinitely until you clear it.
12 Security
We use HTTPS site-wide, keep our software stack patched, and limit access to alert preferences to a minimal set of administrators. No system is perfectly secure, and we cannot guarantee that information transmitted over the internet is immune to interception. Use the Service at your own risk, and never submit information to any web form — ours included — that you wouldn’t want others to see.
13 Your rights
Subject to applicable law, you have the right to:
- Access the personal data we hold about you;
- Correct inaccurate data;
- Delete your data (right to erasure / right to be forgotten);
- Restrict or object to certain processing;
- Receive a portable copy of your data in a machine-readable format;
- Withdraw consent for alerts at any time, without affecting prior lawful processing;
- File a complaint with a supervisory authority (see Section 19).
To exercise any of these rights, contact us at the address in Section 19. We will respond within thirty (30) days, or sooner if required by law.
14 California residents (CCPA / CPRA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act, as amended by the California Privacy Rights Act:
- The right to know what personal information we collect, use, and disclose;
- The right to delete personal information we hold about you;
- The right to correct inaccurate personal information;
- The right to opt out of the “sale” or “sharing” of personal information — which is moot here, as we do not sell or share personal information within the meaning of the CCPA;
- The right to non-discrimination for exercising your CCPA rights.
15 Canadian residents (PIPEDA)
We comply with the federal Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial privacy laws including British Columbia’s Personal Information Protection Act (PIPA). You may file a complaint with the Office of the Privacy Commissioner of Canada if you believe we have not handled your personal information in accordance with PIPEDA.
16 International transfers
Our hosting infrastructure and some third-party services (e.g., Twilio, Google Fonts) are located outside Canada, including in the United States. By using the Site, you consent to the transfer of information described in this policy to those jurisdictions. Where required, we rely on standard contractual clauses or other lawful transfer mechanisms.
17 Children’s privacy
BuyThe200 is not directed at children under 16, and we do not knowingly collect personal information from children. If you believe a child has submitted personal information to us, contact us using Section 19 and we will delete it promptly.
18 Changes to this policy
We may update this policy from time to time. The “Last revised” date at the top of this page reflects the most recent change. Material changes will be highlighted on the Site for a reasonable period.
19 Contact & complaints
Privacy questions or requests can be directed to:
If you are in the EU/EEA or UK and believe we have mishandled your data, you have the right to lodge a complaint with your local supervisory authority. In Canada, you may contact the Office of the Privacy Commissioner of Canada.