Privacy
Last updated: 9 May 2026
Fortune is a private travel calendar for iGaming professionals — invitation-only, single-user, no public profiles. This page describes what we keep, why, and what we won't do with it.
What we collect
Email + name. Used for sign-in and to display you to friends you connect with. Supplied at sign-up; you can edit your name anytime from Settings.
Avatar. Shown as your initials. Photo upload arrives in v1.5.
Events you mark. Going / Maybe / Declined RSVPs against events from our admin-curated catalog.
RSVP notes. Free-text on each RSVP. Visible to you, to the LLM you connect via MCP, andto friends who RSVP'd Going to the same event — so a friend can plan around the practical stuff. Anyone outside that overlap (friends not at the event, strangers, the public) never sees them.Examples: "Tue–Wed only, staying at NH Centro" · "Free Wed evening for dinner" · "Booked the speaker dinner — drinks Thurs?" · "Skipping the show floor, hotel meetings only".Don't put anything you wouldn't want a Fortune-connected friend to see — deal terms, salaries, medical detail. There's no separate "private only" mode in v1.
Friend connections. Stored as graph edges (you ↔ friend). One degree only — we don't infer or recommend friends-of-friends.
Preferred contact (optional). A single free-text handle you choose to share with your friends — phone number, Telegram, email, whatever you prefer. Stored only if you fill it in (Settings → Profile). It's shown as a one-tap Message button on your friend-detail page so a friend can jump to WhatsApp / Telegram / mail with a draft already written. We never call it, text it, or use it ourselves — and we never share or sell it. Clear it from Settings or via Claude (clear_my_preferred_contact) anytime.
MCP session tokens. When you connect Claude (or another MCP client), we issue a short-lived JWT signed by Fortune. We keep a revocation record per token so you can disconnect any client from Settings → Claude. We do not see your Claude prompts or replies — those stay between you and Claude.
Operational logs. Standard request logs (path, status, latency) at the hosting layer. No request bodies. Used for debugging and uptime.
Anonymous analytics. Vercel Analytics + Speed Insights — pageviews, device type, country, web-vitals. No cookies set, no cross-site identifiers.
Visit timing. When you last opened Fortune. Used to highlight what changed in your network since then. Stored against your account, never exported.
Cookies
Clerk session. Issued when you sign in; required for the app to know who you are.
fortune_invite_handle. Set when you click someone's invite link, so we can connect you with them after sign-up.
Waitlist marker. Set when you submit your email to the waitlist so the page can show your "you're on the list" state on return visits.
No advertising or tracking cookies. No third-party tag managers.
We send four kinds of email, all from hello@getfortune.ai via Resend:
Sign-in / verification — required for auth, can't be turned off without disabling your account.
Weekly "On the road" digest (default) — friends' RSVP changes from the past week. One-click unsubscribe in the footer; toggle per frequency in Settings → Notifications.
T-7 pre-event reminders — once, 7 days before each event you're going to. Same unsubscribe / off toggle.
Account-deletion confirmations and security alerts.
What we don't do
We don't read your email, calendar, or contacts. Fortune has no integration with Gmail, Google Calendar, LinkedIn, or any address book.
We don't auto-import friends. Every connection is an explicit invite link the other person clicked.
We don't sell your data. We don't share it with advertisers, brokers, or affiliates. There are none.
We don't call, text, or message the phone numbers and Telegram handles you list as preferred contact. They're only there to power the Message button your friends see — Fortune itself stays out of those channels.
We don't make your trips public. Only friends you've connected with see them. There's no public profile.
We don't train any model on your data. Fortune doesn't run its own AI; the LLM you connect is your own (your Claude account, your Cursor, etc.).
We don't run ads.
Where data lives
Database on Supabase (Postgres). App + serverless functions on Vercel (currently Frankfurt edge, fra1). Auth via Clerk. Email via Resend. Each provider has its own privacy policy linked from their website. We've picked providers that don't require data-export beyond the EU/US.
Your rights
Export. Settings → Account → Export. Returns a JSON of your trips, friends, and notes. Always available.
Delete. Settings → Danger zone → Delete account. Permanent. We wipe your profile, your RSVPs, your friendships, your notes, and your MCP tokens within 7 days of confirmation. Your friends will see your past RSVPs disappear from their history. Email hello@getfortune.ai if you can't reach Settings for any reason.
Correction. Edit your name, profile, notes anytime from Settings or event detail pages.
Data-protection contact. hello@getfortune.ai.
Changes to this policy
When this policy changes we'll update the "last updated" date and email all active users with a one- paragraph summary of what changed and why.