Skip to content
InvestTracker
Back to home

Privacy Policy

Your data stays yours.

Last updated — February 2026

Overview

InvestTracker is a privacy-first portfolio analytics platform. Your financial data is encrypted and protected by strict access controls. We do not have access to, process, or store your portfolio holdings, transaction history, or account balances.

Data we collect

When you create an account, we store your email address and an encrypted password hash. We do not collect names, phone numbers, payment information, or government identifiers.

We do not use cookies for tracking. Session cookies are strictly functional — they maintain your authenticated state and expire when you sign out.

Data we do not collect

The following categories of data are never transmitted to, processed by, or accessible to InvestTracker staff or any third party:

  • Portfolio holdings, balances, and asset allocations
  • Transaction history, trade data, and cost-basis records
  • Analytics results, tax reports, or alert configurations
  • Browser fingerprints, device identifiers, or usage telemetry
  • IP-based geolocation beyond standard server logs
  • Search queries, page views, or click behaviour within the dashboard

Cookies and local storage

InvestTracker uses strictly functional session cookies for authentication. These cookies expire when you sign out or after the configured session lifetime. No cookie data is shared with third parties.

With your consent, we use Vercel Speed Insights to collect anonymized, aggregate performance metrics (page load times, web vitals). These analytics contain no personally identifiable information. You may decline analytics cookies via the cookie consent banner, and no analytics data will be collected. You can change your preference at any time by clearing your browser's local storage.

Local storage may be used to persist non-sensitive UI preferences such as your selected theme (dark or light mode), sidebar state, and cookie consent preference. This data never leaves your browser.

Third-party services

CoinGecko — Market price data. API requests are made server-side. CoinGecko does not receive information about your holdings or portfolio composition.

Resend — Email delivery for price alert notifications, if configured. Only your email address and the alert content are transmitted. Subject to Resend's privacy policy.

Stripe — Payment processing for subscriptions. Stripe collects payment information (card details, billing address) directly — InvestTracker never sees or stores your full card number. Subject to Stripe's privacy policy.

Vercel — Hosting and, with your consent, anonymized performance analytics (Speed Insights). No personally identifiable information is collected. Subject to Vercel's privacy policy.

Data isolation

All database tables are protected by strict access control policies. Each query is scoped to the authenticated user, ensuring complete data isolation. One user cannot read or modify another user's data under any circumstances. See our Security page for full architecture details.

Data retention and deletion

You may delete your account at any time through the Settings page. When you delete your account, we anonymize your personal information (email address, display name, and other identifying metadata) by replacing it with non-identifiable placeholders. Your authentication credentials are invalidated and you will be signed out immediately.

Anonymized financial records (portfolio structures, transaction history, snapshots, and tax-lot data) are retained in a de-identified form that cannot be linked back to you. This retention is necessary for financial audit compliance and platform integrity. The retained data contains no personally identifiable information.

If you require complete deletion of all data, including anonymized financial records, please contact us at support@investtracker.app and we will process a full data purge within 30 days.

We recommend using the CSV or Excel export feature to download your transaction history and portfolio holdings before deleting your account, as this action cannot be reversed.

Your rights

You can export or delete your data at any time through your dashboard settings. If you need assistance exercising your data rights or have questions about what data is stored, contact us and we will help you.

Your Rights Under GDPR

If you are located in the European Economic Area (EEA), you have certain data protection rights under the General Data Protection Regulation (GDPR):

  • Right to access — You can request a copy of the personal data we hold about you.
  • Right to rectification — You can request correction of inaccurate or incomplete personal data.
  • Right to erasure — You can request deletion of your personal data when it is no longer necessary for the purposes for which it was collected.
  • Right to data portability — You can request a machine-readable copy of your data to transfer to another service.
  • Right to object — You can object to the processing of your personal data in certain circumstances.

To exercise any of these rights, contact our Data Protection Officer at support@investtracker.app. We will respond to your request within 30 days.

Your Rights Under CCPA

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA):

  • Right to know — You can request information about the categories and specific pieces of personal data we have collected about you.
  • Right to delete — You can request deletion of your personal data, subject to certain exceptions.
  • Right to opt-out — You can opt out of the sale of your personal data. InvestTracker does not sell personal data.
  • Right to non-discrimination — You will not receive discriminatory treatment for exercising your CCPA rights.

To exercise any of these rights, contact us at support@investtracker.app.

Children's privacy

InvestTracker is not intended for use by anyone under the age of 18. We do not knowingly collect personal information from minors. Users must confirm they are 18 years or older when creating an account. If we become aware that we have collected data from a minor, we will promptly delete the account and associated information.

Changes to this policy

We may update this policy to reflect changes in functionality. The "last updated" date at the top of this page will be revised accordingly. Continued use of InvestTracker after changes constitutes acceptance of the updated policy.

Contact

For questions about this privacy policy or your data, email us at support@investtracker.app.

See our Terms of Service for full usage policies and account responsibilities.

© 2026 InvestTracker. All rights reserved.
AboutPrivacyTermsSecurityRoadmapPricing