LEGAL

PRIVACY POLICY

Effective date: May 9, 2026

StockSnack (“we”, “us”, “our”) respects your privacy. This policy explains what information we collect, how we use it, and your rights regarding that information when you use stocksnack.app (the “Service”).

1. INFORMATION WE COLLECT

Information you provide

  • Email address — collected when you create an account or contact us.
  • Payment information — if you subscribe to a paid plan, your payment details (card number, billing address) are collected and processed directly by Stripe. We receive only a payment token and subscription status; we never store your full card details.

Information collected automatically

  • Usage data — pages visited, features used, and general interaction patterns, collected to improve the Service.
  • Log data — server logs may include your IP address, browser type, and timestamps for security and debugging purposes. Logs are retained for a limited period.
  • Cookies and session tokens — we use session cookies managed by Supabase to keep you authenticated. These are strictly necessary for the Service to function.

2. HOW WE USE YOUR INFORMATION

  • To create and manage your account.
  • To process subscription payments and send receipts.
  • To send transactional emails (account confirmation, password reset, billing notices).
  • To respond to support requests.
  • To monitor and improve the security and performance of the Service.
  • To comply with legal obligations.

We do not use your information for advertising, and we do not sell your personal data to third parties.

3. THIRD-PARTY SERVICES

We rely on the following trusted third-party providers to operate the Service. Each operates under its own privacy policy.

SUPABASE

Authentication and database. Your email address and hashed password are stored in Supabase's infrastructure.

STRIPE

Payment processing. Stripe handles all payment card data. We store only your Stripe customer ID and subscription status.

RESEND

Transactional email delivery (welcome emails, password resets). Your email address is passed to Resend solely to deliver service emails.

FINANCIAL MODELING PREP

Financial data provider. No personal data is shared with this provider.

VERCEL

Hosting and infrastructure. Vercel may log request metadata (IP, timestamps) as part of their standard platform operation.

POSTHOG

Product analytics. PostHog collects page views, feature usage, and interaction patterns to help us understand and improve the Service. PostHog is only activated if you accept cookies. If you decline, PostHog does not initialise and no analytics data is sent.

SENTRY

Error monitoring and site reliability. Sentry captures application errors and performance traces to help us identify and fix bugs. Error tracking is always active to maintain a reliable service. Session recordings (which capture anonymised screen activity) are only enabled if you accept cookies — declining disables them entirely.

4. COOKIES AND ANALYTICS

We use the following categories of cookies and local storage:

  • Strictly necessary — session tokens managed by Supabase to keep you signed in. These are always active and cannot be declined without breaking authentication.
  • Analytics (PostHog) — page views and feature usage to help us improve the Service. Only activated if you click Accept on the cookie banner. If you decline, PostHog is never initialised.
  • Error monitoring (Sentry) — application errors and performance traces are always collected to maintain a reliable service. Session recordings are an optional part of Sentry and are disabled if you decline cookies.

We do not use advertising cookies or sell data to third parties. You may also disable cookies in your browser settings, though this will prevent you from staying signed in.

5. DATA RETENTION

We retain your account data for as long as your account is active. If you delete your account, we will delete or anonymise your personal data within 30 days, except where we are required to retain it for legal or regulatory purposes (e.g., billing records for tax compliance, typically 7 years).

6. YOUR RIGHTS

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you.
  • Request correction of inaccurate data.
  • Request deletion of your data (“right to be forgotten”).
  • Object to or restrict certain processing.
  • Data portability — receive your data in a structured, machine-readable format.
  • Lodge a complaint with your local data protection authority (e.g., ICO in the UK, CNIL in France).

To exercise any of these rights, email us at hello@stocksnack.app. We will respond within 30 days.

7. SECURITY

We take reasonable technical and organisational measures to protect your data, including encrypted connections (HTTPS), hashed password storage, and access controls. However, no transmission over the internet is completely secure. You are responsible for keeping your password confidential.

8. CHILDREN’S PRIVACY

The Service is not directed at anyone under the age of 18. We do not knowingly collect personal data from minors. If you believe a minor has provided us with personal data, please contact us and we will delete it promptly.

9. INTERNATIONAL TRANSFERS

Our infrastructure and third-party providers may process your data in countries outside your own, including the United States. Where required, we rely on appropriate safeguards (such as standard contractual clauses) to protect your data during international transfers.

10. CHANGES TO THIS POLICY

We may update this Privacy Policy from time to time. When we do, we will revise the “Effective date” at the top of this page and, for material changes, notify you by email. Continued use of the Service after the revised policy takes effect constitutes your acceptance.

11. CONTACT

For privacy-related questions or requests, contact us at hello@stocksnack.app.

STOCKSNACK · LAST UPDATED JUNE 6, 2026