§ Money Mark · Privacy

Privacy.

Last updated · May 20, 2026

I’m Mark. I run Money Mark on my own. This page covers what information the site collects from you, why I collect it, who else touches it, and what you can do about it. It applies to anyone who visits moneymark.io, signs in, or subscribes to the Saturday note — the free weekly email.

If anything in here doesn’t line up with what you see on the site, the site is wrong — email me at mark@moneymark.ioand I’ll fix it.

What this site collects

The site collects as little as I can get away with. The full list:

  • Your email address. Collected when you sign in (the site uses a one-time magic link instead of a password) and when you sign up for the Saturday note.
  • Session cookies.Set by Supabase, the service that handles sign-in. They tell the site you’re logged in so it doesn’t ask every page load.
  • A preference cookie called bp_privacy_mode. Remembers whether you have the dollar-masking toggle on or off. Local to your browser; no account needed.
  • Payment information, once the paid tier is open. Cards are handled by Stripe; I never see or store the card number itself.
  • Newsletter subscription data, once the Saturday note moves to Beehiiv. That includes your email, the date you subscribed, and whether you open or click the emails.
  • Basic page-view analytics.Anonymous data about which pages get visited, where you arrived from (the referring site or search term), and the broad type of device and browser you’re on. No personal identifiers, no cross-site tracking, no advertising profile.

The site does not run advertising trackers, ad-network pixels, or any third-party profiling. The analytics mentioned above are the full extent of what gets tracked.

The site does not ask for your name, address, phone number, or date of birth.

Why it’s collected

  • Email— so I can sign you in, send you the Saturday note if you asked for it, and reach you about your account if I need to.
  • Session cookies— so the site remembers you’re logged in.
  • Preference cookie— so the site renders the way you left it.
  • Payment data— to process a paid subscription and handle refunds if you ask for one.
  • Newsletter engagement— so I can see whether the Saturday note is landing and whether to keep you on the list.
  • Page-view analytics— so I can tell which posts are getting read, which aren’t, and where readers are arriving from. The signal helps me decide what to write next.

Who else touches it

I use a handful of services to run the site. Each one sees only the data it needs to do its job, and each one has its own privacy practices. The current list:

  • Supabase— handles sign-in and stores account data. (privacy policy)
  • Resend— sends the magic-link emails for sign-in. (privacy policy)
  • Beehiiv— will host the Saturday note and the paid tier. (privacy policy)
  • Stripe— will process payments for the paid tier. (privacy policy)
  • Vercel— hosts the site and serves pages. (privacy policy)
  • Vercel Web Analytics— collects the page-view data described above. Cookieless by default; no cross-site tracking. (privacy policy)

I do not sell your data. I do not share it with advertisers. I do not pass it to any third party other than the processors listed above, except where the law requires it.

Where it’s stored

The processors above are based in the United States, and your information is stored there. Canadian privacy law allows cross-border storage so long as the company doing it tells you, which is what this section is for. Once your data crosses the border, it may be subject to US law, including lawful access requests by US authorities.

How long it’s kept

  • Account email— kept until you ask me to delete the account.
  • Saturday-note subscription— kept until you unsubscribe or ask me to delete it.
  • Payment records— kept as long as Canadian tax law requires (currently six years from the end of the fiscal year the payment was made in), even after you cancel.
  • Cookies— cleared on sign-out (session cookies) or whenever you clear your browser (preference cookie).
  • Page-view analytics— kept by the analytics provider for the period named in their own policy. Vercel Web Analytics retains aggregated data indefinitely and individual visitor data for a rolling window measured in days, not months.

Security

Sign-in uses a one-time link instead of a password, so there’s no password to leak. Data sits behind the access controls Supabase provides — row-level security, encrypted connections, encrypted at rest. I am the only person with administrative access to the database. No system is perfect; if a breach happens that puts your data at risk, I will tell you, and I will tell the Office of the Privacy Commissioner of Canada, as the law requires.

Your rights

Under Canadian privacy law (PIPEDA), you can:

  • Ask me what I have on you.
  • Ask me to correct anything that’s wrong.
  • Ask me to delete it.
  • Withdraw your consent at any time.
  • Complain to the Office of the Privacy Commissioner of Canada if you don’t like how I handled a request. (priv.gc.ca)

To exercise any of these rights, email me at mark@moneymark.io. I aim to respond within thirty days. Where I need to confirm you’re the account-holder before acting, I’ll ask you to send the request from the email address on the account.

Cookies

The site sets the two cookies described above — Supabase session cookies (functional, expire on sign-out) and the bp_privacy_modepreference cookie (functional, local to your browser). The page-view analytics tool runs cookieless — it does not add a third cookie or set any cross-site identifier. No advertising cookies, no third-party tracking cookies.

You can clear either cookie from your browser settings at any time. Clearing the session cookie signs you out; clearing the preference cookie resets the dollar-masking toggle to its default.

The first time you visit, a small banner at the bottom of the page tells you what cookies are set and links back to this page. Dismissing the banner stores a flag in your browser’s localStorage so it doesn’t reappear. That flag isn’t a cookie and isn’t sent anywhere — it lives entirely in your browser.

Children

The site is meant for adults investing their own money. If you’re under 18, please don’t sign up. If I find out an account belongs to someone under 18, I’ll close it.

Changes to this page

If I change anything material about how the site handles your data — a new processor, a new category of collection, a new use — I will update this page and change the “last updated” date at the top. If the change affects subscribers, I will also email the list before the change takes effect.

Contact

For anything in this policy — questions, corrections, deletion requests, or a complaint — email me directly at mark@moneymark.io.