Privacy Policy

Last updated: February 24, 2026

What Data We Collect

UpsideList collects the following information:

  • Email address: If you choose to participate in community features (commenting, voting, subscribing to company updates, or submitting data requests), we collect your email address and verify it via a one-time code. Your email is stored in our database and used to identify your account.
  • Community contributions: Comments, valuation sentiment votes, company subscriptions, and data requests you submit. Comments are displayed publicly with an anonymous pseudonym (e.g., "User #A3F2") — your email is never shown to other users.
  • Sentiment votes: Valuation sentiment votes are stored anonymously using a one-way hash of your email. We cannot reverse the hash to recover your email from a vote record.
  • Analytics data: Page views, referral sources, and general usage patterns through PostHog analytics.
  • Server logs: IP addresses may be temporarily logged for rate limiting and security purposes. These logs are automatically deleted after 30 days.

Cookies

If you verify your email to use community features, we set a session cookie (ul_session) that keeps you signed in for 30 days. This cookie is:

  • HTTP-only (not accessible to JavaScript)
  • Cryptographically signed to prevent tampering
  • Used solely for session management, not tracking

PostHog analytics may also set cookies for usage analytics. You can browse the site without any cookies if you do not use community features.

How We Use Data

We use the data we collect to:

  • Authenticate you for community features
  • Display your comments with an anonymous pseudonym
  • Send you email notifications when a company you subscribe to has a material update in our analysis (you can unsubscribe at any time)
  • Enforce rate limits and prevent abuse
  • Understand which pages are most useful to visitors
  • Improve the site and its content

We do not sell, rent, or share your email address or personal data with third parties for marketing purposes.

Email Communications

We send you email only in two cases:

  • Verification codes: When you sign in, we send a one-time verification code. These are transactional and cannot be unsubscribed.
  • Company update notifications: If you subscribe ("Watch") a company, we send an email when our analysis materially changes. Every notification email includes a one-click unsubscribe link. You can also unsubscribe by clicking "Watching" on the company page.

We do not send marketing emails, newsletters, or promotional content.

Third-Party Services

  • Vercel: Hosting and serverless functions. Subject to Vercel's privacy policy.
  • Supabase: Database hosting. Your email and community data are stored in a Supabase-managed PostgreSQL database. Subject to Supabase's privacy policy.
  • Resend: Email delivery for verification codes and notifications. Subject to Resend's privacy policy.
  • PostHog: Product analytics for understanding usage patterns.
  • Google AdSense: We may display ads, which are subject to Google's privacy policy and may use cookies.

Data Retention

  • Account data (email): retained until you request deletion
  • Comments: retained until you request deletion or we remove them for moderation
  • Sentiment votes: retained indefinitely (stored anonymously via hash)
  • Verification codes: automatically expire after 10 minutes
  • Server logs: deleted after 30 days

Your Rights

You can:

  • Request a copy of the data we hold about your email address
  • Request deletion of your account, comments, and subscriptions
  • Unsubscribe from any company notification at any time

To exercise these rights, contact us at privacy@upsidelist.com.

Contact

For privacy-related inquiries, please contact us at privacy@upsidelist.com.

Note: This privacy policy should be reviewed by a legal professional. It is provided as a good-faith description of our current data practices.