Privacy Policy

Last updated: [counsel: set effective date on launch]

The Macro Sentinel ("we," "us," "our") is operated by [counsel: insert LLC legal name and jurisdiction of formation] (the "Company"). This policy describes what personal information we collect through macrosentinel.co, how we use it, who we share it with, and the choices you have.

This policy applies to visitors to the public site and, where applicable, to people granted access to the gated operator area. It does not cover the Regime Letter newsletter on Substack — that subscription is governed by Substack's privacy policy, since Substack hosts and delivers the Letter directly. See "Regime Letter on Substack" below for detail.

Information we collect

We deliberately collect as little as the product requires to operate. The public dashboard is open and does not require an account.

Information you provide:

• Correspondence — if you email us at contact@macrosentinel.co or institutional@macrosentinel.co, we retain the thread for support, dispute, and reference purposes.
• Operator-area requests — if you contact us to request operator access, we retain the email exchange for as long as access is active and for a reasonable archival window after.

Information collected automatically:

• Server and analytics data — our hosting provider (Cloudflare) logs IP address, user-agent string, request path, and timestamp for every request, as is standard for any hosted website. Cloudflare also provides aggregate Web Analytics, which we use to understand traffic patterns. These analytics are privacy-friendly, do not use cookies for tracking purposes, and do not identify individual users.
• Cloudflare security cookies — Cloudflare may set its own cookies (for example, __cf_bm) to distinguish humans from automated traffic. These are controlled by Cloudflare, not by us.
• Operator-gate localStorage flag — if you have been granted operator access, your browser stores a small local flag (ms-gate-operator) that remembers your access. It is not a personal identifier and contains no information about you.

We do not run third-party advertising networks, behavioral trackers, session-replay tools, or browser-fingerprinting scripts on this site.

Regime Letter on Substack

The bi-weekly Regime Letter is hosted, delivered, and stored by Substack. When you click any "Subscribe" link on this site, you are taken off-site to Substack, where you provide your email and complete the signup directly with them. From that point on:

• Your email address, subscription state, open/click data, and unsubscribe events are held by Substack, not by us.
• Substack is the data controller for newsletter-related processing; we are an author/publisher on Substack's platform.
• Substack's privacy policy (substack.com/privacy) governs that relationship.

We can see aggregate statistics about Letter performance through Substack's author dashboard (subscriber count, opens, clicks). We do not export, sell, or rehost Substack-held subscriber data on our own infrastructure.

How we use the information we collect

The limited information we collect is used to:

• Operate, secure, and improve the website.
• Respond to email inquiries.
• Manage operator-area access, where applicable.
• Detect and prevent fraud, abuse, and technical problems.
• Comply with legal obligations.

We do not sell your personal information. We do not share it with advertising networks. We do not use your information to train machine-learning models.

Who we share it with

We share personal information only with service providers that are necessary to operate the product, and only to the extent they need it to perform their function:

Each provider is bound by its own privacy and security terms. We do not control their independent practices and encourage you to read their policies.

We may also disclose information if compelled by valid legal process, to enforce our Terms of Service, or to protect the rights, property, or safety of the Company, our readers, or the public.

Cookies and similar technologies

The public dashboard does not require cookies to function. The cookies and local browser storage in use are:

• Cloudflare security cookies (e.g., __cf_bm) — set by our hosting provider to distinguish humans from bots.
• Operator-gate localStorage flag (ms-gate-operator) — set in your browser only if you have been granted operator access.

We do not use advertising or cross-site tracking cookies.

Your choices and rights

Depending on where you live, you may have the right to:

• Access a copy of the personal information we hold about you.
• Correct information that is inaccurate.
• Delete information we hold about you, subject to legal retention requirements.
• Export your information in a machine-readable format.
• Object to or restrict certain processing.
• Withdraw consent where processing is based on consent.

To exercise any of these rights with respect to information we hold (correspondence, operator-area records), email contact@macrosentinel.co from the email address on file. We will respond within [counsel: 30 days / statutory period for your jurisdiction].

For information held by Substack (your newsletter subscription, email address as a Substack subscriber), please contact Substack directly or use the controls in your Substack account.

California residents have specific rights under the CCPA/CPRA. EU/UK residents have rights under GDPR/UK GDPR. [counsel: add specific CCPA "shine the light" / GDPR legal-basis statements and EU/UK representative as required.]

Retention

• Email correspondence — retained for as long as is reasonably useful for support and reference, and longer where required for legal or accounting purposes.
• Operator-area records — retained while access is active and for a reasonable archival window after access is revoked.
• Server logs and analytics — retained by Cloudflare per their default policy (see Cloudflare's documentation for current terms).
• Newsletter subscription data — retained by Substack under their retention policy, not ours.

Security

We use TLS encryption in transit for all traffic. We keep the surface area small: the public dashboard is a static site with no user accounts, no user-generated content, and no payment processing. Operator access is gated by a stub control while infrastructure is built out, and is granted only at the Company's discretion.

No system is perfectly secure. If we become aware of a security incident affecting personal information we hold, we will notify affected individuals as required by applicable law.

International transfers

The Company is based in [counsel: LLC state of formation]. Cloudflare and Substack operate globally and may process data in countries outside your country of residence. Where required, transfers rely on standard contractual clauses or equivalent safeguards published by those providers.

Children

The Macro Sentinel is an institutional macro-research product. It is not intended for, and is not directed to, anyone under the age of 18. We do not knowingly collect personal information from children.

Changes to this policy

We may update this policy from time to time. The "Last updated" date at the top will change. For material changes, we will post a notice on the Service [counsel: 14 / 30] days before the change takes effect, and where reasonably practicable, mention the change in the next Regime Letter.

Contact

Questions, requests, or complaints about this policy should be sent to contact@macrosentinel.co.

[counsel: add EU/UK representative contact if required, and state attorney-general complaint path for California residents.]