Privacy Policy

We collect information you provide directly to us and information collected automatically when you use our platform:

We use the information we collect to:

• Provide, operate, and improve the Sector Talks platform.
• Personalise your experience — remembering your favourite drivers, teams, and settings.
• Authenticate your identity and maintain the security of your account.
• Respond to your enquiries and provide customer support.
• Analyse usage patterns to improve platform performance and develop new features.
• Protect against fraudulent, abusive, or illegal activity, including bot prevention.
• Comply with legal obligations and enforce our Terms of Service.
• Send you important service communications (e.g., account changes, policy updates) — never unsolicited marketing.

We process your data on the following legal bases: performance of a contract (providing the service you requested), your consent, our legitimate interests in operating and improving the platform, and compliance with applicable laws.

We do not sell, rent, or trade your personal information to third parties for marketing purposes. We may share information only in the following limited circumstances:

• Service providers — trusted vendors who help us operate the platform (e.g., Supabase for database hosting, Vercel for deployment, analytics providers). These parties are bound by contractual data-processing obligations.
• OAuth providers — Google and GitHub receive confirmation of successful authentication; see their respective privacy policies for details.
• Legal requirements — when required by law, regulation, or valid legal process, or to protect the rights and safety of Sector Talks, our users, or the public.
• Business transfers — in the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction, with notice provided to you.

Sector Talks uses cookies and similar technologies to operate the service and understand usage:

You can control cookies through your browser settings. Disabling essential cookies will prevent you from signing in. We do not use advertising or cross-site tracking cookies.

Sector Talks uses Auth.js (NextAuth v5) with Google and GitHub as OAuth 2.0 identity providers. When you sign in:

• We receive your name, email address, and profile picture from the selected provider. We never receive or store your password.
• A user record is created or updated in our Supabase PostgreSQL database using your email as a unique identifier.
• A signed, encrypted session cookie is issued by Auth.js and stored in your browser.
• JSON Web Tokens (JWTs) are issued for secure communication with our backend API; these expire after a short window and are refreshed automatically.

You may revoke Sector Talks's access to your Google or GitHub account at any time through their respective security settings. Revoking access will sign you out and prevent future sign-ins via that provider.

We retain your personal information for as long as your account is active or as needed to provide services. Specifically:

• Account data — retained until you delete your account.
• Usage & analytics logs — anonymised after 90 days and deleted after 12 months.
• Session tokens — expire after 30 days of inactivity and are purged automatically.
• Legal records — retained for as long as required by applicable law.

You may request deletion of your account and all associated personal data at any time by contacting us at noct@sectortalks.com. Deletion will be completed within 30 days, subject to legal retention requirements.

Depending on your jurisdiction, you may have the following rights regarding your personal data:

• Access — request a copy of the personal data we hold about you.
• Rectification — request correction of inaccurate or incomplete data.
• Erasure— request deletion of your personal data ("right to be forgotten").
• Portability — request your data in a structured, machine-readable format.
• Restriction — request that we limit processing of your data in certain circumstances.
• Objection — object to processing based on legitimate interests.
• Withdraw consent — where processing is based on consent, you may withdraw it at any time without affecting prior processing.

To exercise any of these rights, contact us at noct@sectortalks.com. We will respond within 30 days. If you believe we have not handled your data correctly, you have the right to lodge a complaint with your local data protection authority.

We implement industry-standard security measures to protect your data:

• All data in transit is encrypted using TLS 1.2+.
• Passwords are never stored — authentication is handled entirely by OAuth 2.0 providers.
• Session cookies are HTTP-only, Secure, and SameSite=Lax to mitigate XSS and CSRF attacks.
• API endpoints are protected by signed JWTs and rate limiting to prevent abuse.
• Database access is restricted by role-based policies (Row-Level Security on Supabase).

No method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security. If you discover a security vulnerability, please report it responsibly to noct@sectortalks.com.

Sector Talks is not directed at children under the age of 13 (or 16 in the EU/EEA where applicable). We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us immediately at noct@sectortalks.com and we will take prompt steps to delete such information.

We may update this Privacy Policy from time to time. When we make material changes:

• We will update the "Last updated" date at the top of this page.
• For significant changes, we will notify signed-in users via an in-app notice or email.

Your continued use of Sector Talks after the effective date of the revised policy constitutes your acceptance of the changes. We encourage you to review this page periodically.

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please reach out: