Privacy Policy - Mineral Watch

Mineral Watch LLC ("we," "us," or "our") recognizes that the privacy and security of your mineral portfolio data is critical. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website or use our monitoring services.

Key Commitment: We do not sell, trade, or rent your property lists, API numbers, or portfolio data to third parties, hedge funds, land brokers, or mineral buyers. Your data is used strictly to provide monitoring alerts. Period.

1. Information We Collect

We collect information that you provide directly to us when you register for an account, subscribe to a plan, or upload portfolio data:

Account Information: Name, email address, and account credentials.
Portfolio Data: Legal descriptions (Section-Township-Range), API numbers, and well identifiers you wish to monitor.
Payment Information: We do not store credit card details. All financial transactions are processed by Stripe, a PCI-DSS compliant payment processor.
Usage Data: Basic information about how you interact with our service, such as login timestamps and alert delivery confirmations.

2. How We Use Your Information

We use the collected data for the following specific purposes:

To cross-reference your portfolio data against public records from the Oklahoma Corporation Commission (OCC) databases.
To send automated email alerts regarding permits, drilling activity, status changes, and regulatory filings.
To process subscription payments and manage your account status.
To respond to your inquiries and provide customer support.
To improve our scanning algorithms and website functionality.

3. Disclosure of Your Information

We maintain strict confidentiality regarding your portfolio data. We may share information only in the following limited situations:

Service Providers: We use trusted third-party vendors to operate our infrastructure:
- Stripe: Payment processing (PCI-DSS compliant)
- Postmark: Email alert delivery
- Cloudflare: Website security, hosting, and content delivery
- Airtable: Database management (SOC 2 Type II certified)
Legal Requirements: If required by law or in response to valid requests by public authorities (e.g., a court order or subpoena).
Business Transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred. We will provide notice before your data becomes subject to a different privacy policy.

We explicitly do NOT sell your data to: Data brokers, mineral acquisition companies, land buyers, marketing firms, hedge funds, or any third party seeking to contact you about purchasing your minerals.

4. Data Security

We implement industry-standard security measures designed to protect your information:

Encryption in Transit: All data transmitted between your browser and our servers is encrypted using Transport Layer Security (TLS/SSL).
Encryption at Rest: Portfolio data is stored in encrypted databases.
Access Control: Access to backend databases is restricted to authorized personnel with a specific business need.
Vendor Compliance: We utilize vendors that adhere to industry-standard security certifications (SOC 2, PCI-DSS).
Secure Authentication: We use passwordless magic link authentication to eliminate password-related vulnerabilities.

5. Data Location

Your data is stored on servers located in the United States. By using our service, you consent to the transfer of your information to the United States.

6. Data Retention

We retain your personal and portfolio data only for as long as your account remains active or as needed to provide you services. Upon account cancellation:

You may request permanent deletion of your portfolio data from our active monitoring databases.
We will delete your data within 30 days of a verified deletion request.
Certain information may be retained as required by law or for legitimate business purposes (e.g., transaction records for accounting).

7. Your Rights

You have the following rights regarding your personal data:

Access: Request a copy of the personal data we hold about you.
Correction: Request that we correct inaccurate or incomplete data.
Deletion: Request that we delete your personal data.
Export: Request your data in a portable, machine-readable format.
Opt-Out: Unsubscribe from marketing communications at any time (note: transactional alerts are part of the service).

To exercise any of these rights, contact us at [email protected].

8. Cookies and Tracking

We use minimal cookies necessary to operate the service:

Authentication Cookies: To keep you logged in during your session.
Security Cookies: To protect against cross-site request forgery and other threats.

We do not use third-party advertising cookies or sell data to ad networks. We do not use tracking pixels from social media platforms.

9. Children's Privacy

Our service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a minor, please contact us immediately so we can delete it.

10. Third-Party Links

Our alerts contain links to government websites (e.g., occ.ok.gov, ok.gov). We are not responsible for the privacy practices or content of these third-party sites. We encourage you to review their privacy policies.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by:

Posting the new policy on this page with an updated "Last Updated" date.
Sending an email notification for material changes that affect how we handle your portfolio data.

Your continued use of the service after changes become effective constitutes acceptance of the revised policy.

Contact Us

If you have questions about this Privacy Policy, our data practices, or wish to exercise your privacy rights, please contact us:

Email: [email protected]

Mail: Mineral Watch LLC, Oklahoma City, OK