Back to Cockpit

Privacy Policy

Last updated: 23 March 2026

1. Introduction

This Privacy Policy explains how Social Hive LTD ("Company", "we", "us", or "our") collects, uses, stores, and protects your personal data when you use the Cockpit platform ("Service"). We are committed to protecting your privacy and processing your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

By using the Service, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our data practices, please do not use the Service.

2. Data Controller

The data controller responsible for your personal data is:

  • Company: Social Hive LTD
  • Company Number: 14768748
  • Registered Address: 20 Farine Avenue Flat 16, London, England, UB3 4GB
  • Email: privacy@slingshotdao.com

3. Data We Collect

3.1 Information You Provide

  • Email address — when you register via email authentication
  • Google profile information — name and email when you authenticate via Google OAuth
  • Cryptocurrency wallet address — when you authenticate via wallet connection
  • Subscription and payment identifiers — Stripe customer ID, Boomfi payment references

3.2 Information Collected Automatically

  • Usage data — features used, widgets interacted with, AI briefing requests, signal token usage
  • Device information — browser type and version, operating system, screen resolution
  • Log data — IP address, access times, pages viewed, referring URL
  • Dashboard preferences — widget layout, theme settings, watchlist selections (stored locally and synced)

3.3 Information We Do Not Collect

We do not collect or store credit card numbers, bank account details, or full payment card information. All payment processing is handled securely by our third-party payment processors (see Section 6).

4. How We Use Your Data

We use the personal data we collect for the following purposes:

  • To provide, maintain, and improve the Service
  • To authenticate your identity and manage your account
  • To process subscriptions and payments
  • To enforce usage limits and manage tier-based feature access
  • To personalise your dashboard experience (widget layout, watchlist, theme preferences)
  • To generate AI-powered analysis and briefings based on your requests
  • To communicate with you about your account, subscription, and service updates
  • To detect and prevent fraud, abuse, and technical issues
  • To comply with legal obligations
  • To analyse usage patterns and improve the Service (in aggregate, anonymised form)

5. Legal Basis for Processing

Under the UK GDPR, we process your personal data on the following legal bases:

  • Performance of a contract (Article 6(1)(b)): Processing necessary to provide the Service, manage your account, and fulfil your subscription
  • Legitimate interests (Article 6(1)(f)): Analytics and service improvement, fraud prevention, and maintaining security of the Service
  • Consent (Article 6(1)(a)): Where we rely on your consent, such as for optional marketing communications — you may withdraw consent at any time
  • Legal obligation (Article 6(1)(c)): Where we are required to process data to comply with a legal obligation

6. Payment Data

6.1 Stripe (Card Payments)

Card payments are processed by Stripe, Inc. When you make a payment by card, your payment details are sent directly to Stripe and are never transmitted to or stored on our servers. We receive only a Stripe customer ID, subscription status, and transaction confirmation. Stripe is PCI DSS Level 1 certified. For more information, see Stripe's Privacy Policy.

6.2 Boomfi (Cryptocurrency Payments)

Cryptocurrency payments are processed by Boomfi. When you pay with cryptocurrency, Boomfi processes the transaction on-chain. We receive a payment reference and confirmation status. Wallet addresses used for payment are recorded as part of the transaction record. For more information, see Boomfi's privacy policy on their website.

7. Cookies & Local Storage

We use the following client-side storage mechanisms:

7.1 Essential Cookies

  • Authentication tokens — set by Privy for session management (strictly necessary)

7.2 Local Storage

  • cockpit-settings — stores your dashboard layout, theme preferences, watchlist, and UI settings (Zustand persistence)
  • cockpit-tier — caches your subscription tier status for faster UI rendering (Zustand persistence)

Local storage data never leaves your device and is not transmitted to our servers. You can clear this data at any time through your browser settings. Clearing local storage will reset your dashboard layout and preferences to defaults.

7.3 Analytics Cookies

We use PostHog for product analytics. PostHog may set cookies or use local storage to track anonymised usage patterns. You may opt out of analytics tracking through your browser settings or by using a cookie-blocking extension.

8. Third-Party Services

We share personal data with the following third-party service providers, each acting as a data processor on our behalf or as an independent controller:

8.1 Privy (Authentication)

Privy provides authentication services including Google OAuth, email verification, and cryptocurrency wallet connections. Privy processes your login credentials and issues authentication tokens. See Privy's Privacy Policy.

8.2 Stripe (Payment Processing)

Stripe processes card payments and manages subscription billing. Stripe is an independent data controller for payment data. See Stripe's Privacy Policy.

8.3 Anthropic / Claude (AI Analysis)

When you request AI-generated market analysis or briefings, we send aggregated market data and your query to Anthropic's Claude API for processing. We do not send your personal information (name, email, or wallet address) to Anthropic. AI queries are processed in accordance with Anthropic's Privacy Policy.

8.4 Telegram Bot API (Social Feed Data)

We use the Telegram Bot API to aggregate publicly available messages from public cryptocurrency channels. We do not access private messages or private channels. No user personal data is shared with Telegram through this integration.

8.5 PostHog (Analytics)

We use PostHog for product analytics to understand how users interact with the Service. PostHog collects anonymised usage data, page views, and feature interactions. See PostHog's Privacy Policy.

8.6 Sentry (Error Tracking)

We use Sentry for error monitoring and crash reporting. Sentry may collect technical data such as browser type, operating system, error stack traces, and anonymised user identifiers to help us diagnose and fix issues. See Sentry's Privacy Policy.

9. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected:

  • Account data: retained for the duration of your account and up to 30 days after deletion request
  • Usage and log data: retained for up to 12 months, then anonymised or deleted
  • Payment records: retained for 7 years as required by UK tax and accounting regulations
  • AI query logs: retained for up to 90 days for service improvement, then deleted
  • Analytics data: retained in anonymised form for up to 24 months

When data is no longer required, it is securely deleted or irreversibly anonymised.

10. Your Rights (UK GDPR)

Under the UK GDPR, you have the following rights regarding your personal data:

  • Right of access: request a copy of the personal data we hold about you
  • Right to rectification: request correction of inaccurate or incomplete data
  • Right to erasure: request deletion of your personal data (subject to legal retention requirements)
  • Right to data portability: request your data in a structured, commonly used, machine-readable format
  • Right to restriction: request that we restrict processing of your data in certain circumstances
  • Right to object: object to processing based on legitimate interests or for direct marketing purposes
  • Right to withdraw consent: where processing is based on consent, you may withdraw it at any time

To exercise any of these rights, please contact us at privacy@slingshotdao.com. We will respond to your request within one month. If your request is complex, we may extend this period by up to two additional months, in which case we will inform you of the extension and the reasons for it.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) if you believe your data protection rights have been violated. The ICO can be contacted at ico.org.uk.

11. Data Security

We implement appropriate technical and organisational measures to protect your personal data, including:

  • Encryption in transit (TLS/HTTPS) for all data transmission
  • Encryption at rest for database storage
  • Secure authentication via Privy with support for multi-factor authentication
  • Regular security reviews and dependency updates
  • Access controls limiting employee access to personal data on a need-to-know basis
  • Environment variable isolation for API keys and secrets (never stored in source code)

While we take reasonable precautions, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security of your data.

12. International Transfers

Some of our third-party service providers are based outside the United Kingdom (including Stripe, Anthropic, PostHog, and Sentry, which are based in the United States). When we transfer your personal data outside the UK, we ensure appropriate safeguards are in place, including:

  • Standard contractual clauses (SCCs) approved by the UK Information Commissioner
  • Transfers to countries with an adequacy decision from the UK government
  • Other lawful transfer mechanisms as permitted under UK GDPR

13. Children's Privacy

The Service is not intended for individuals under the age of 18. We do not knowingly collect personal data from children under 18. If you are a parent or guardian and believe that your child has provided us with personal data, please contact us at privacy@slingshotdao.com and we will take steps to delete such information promptly.

14. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

  • Update the "Last updated" date at the top of this page
  • Post a notice on the Service or send an email notification to registered users
  • Provide at least 30 days' notice before significant changes take effect

We encourage you to review this Privacy Policy periodically. Your continued use of the Service after changes are posted constitutes your acceptance of the updated policy.

15. Contact Information

If you have any questions about this Privacy Policy or wish to exercise your data protection rights, please contact us:

  • Company: Social Hive LTD
  • Company Number: 14768748
  • Address: 20 Farine Avenue Flat 16, London, England, UB3 4GB
  • Privacy Email: privacy@slingshotdao.com
  • General Email: legal@slingshotdao.com

For complaints regarding data protection, you may also contact the UK Information Commissioner's Office (ICO) at ico.org.uk or by calling 0303 123 1113.