Skip to content
InvestTracker
Back to home

Privacy Policy

Your data stays yours.

Last updated — February 2026

Overview

InvestTracker is a privacy-first portfolio analytics platform. Your financial data is encrypted and protected by strict access controls. We do not have access to, process, or store your portfolio holdings, transaction history, or account balances.

Data we collect

When you create an account, we store your email address and an encrypted password hash. We do not collect names, phone numbers, payment information, or government identifiers.

We do not use cookies for tracking. Session cookies are strictly functional — they maintain your authenticated state and expire when you sign out.

Data we do not collect

The following categories of data are never transmitted to, processed by, or accessible to InvestTracker staff or any third party:

  • Portfolio holdings, balances, and asset allocations
  • Transaction history, trade data, and cost-basis records
  • Analytics results, tax reports, or alert configurations
  • Browser fingerprints, device identifiers, or usage telemetry
  • IP-based geolocation beyond standard server logs
  • Search queries, page views, or click behaviour within the dashboard

Cookies and local storage

InvestTracker does not use advertising cookies or third-party ad tracking scripts. The only cookies set by default are strictly functional session cookies used for authentication. These cookies expire when you sign out or after the configured session lifetime.

If you consent via our cookie banner, we enable Vercel Analytics and Vercel Speed Insights to help us understand general usage patterns and page performance. These tools collect anonymised, aggregated data and are activated only after you provide explicit consent. No analytics data is collected if you decline or dismiss the cookie banner.

Local storage may be used to persist non-sensitive UI preferences such as your selected theme (dark or light mode) and sidebar state. This data never leaves your browser.

Third-party services

We rely on the following third-party service providers to operate InvestTracker. Each provider processes only the minimum data necessary for its function.

Supabase — Database hosting and user authentication. Your account data, portfolio holdings, and transaction history are stored in Supabase-managed PostgreSQL databases protected by row-level security. Subject to Supabase's privacy policy.

Stripe — Payment processing for subscriptions. When you subscribe to a paid plan, Stripe handles all payment card processing. InvestTracker does not store, process, or have access to your credit card numbers or payment card information. Subject to Stripe's privacy policy.

Vercel — Hosting, deployment, and (with your consent) analytics. Vercel Analytics and Speed Insights are enabled only after you provide consent via the cookie banner. Subject to Vercel's privacy policy.

CoinGecko — Cryptocurrency market price data. API requests are made server-side. CoinGecko does not receive information about your holdings or portfolio composition.

Yahoo Finance — Stock and ETF price data. API requests are made server-side. Yahoo Finance does not receive information about your holdings or portfolio composition.

Frankfurter — Exchange rate data sourced from the European Central Bank (ECB). API requests are made server-side. No user data is transmitted.

Resend — Email delivery for price alert notifications, if configured. Only your email address and the alert content are transmitted. Subject to Resend's privacy policy.

Data isolation

All database tables are protected by strict access control policies. Each query is scoped to the authenticated user, ensuring complete data isolation. One user cannot read or modify another user's data under any circumstances. See our Security page for full architecture details.

Legal basis for processing (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your personal data under the following legal bases:

  • Article 6(1)(b) — Contract performance: Processing your account data, portfolio holdings, and transaction history is necessary to provide the portfolio tracking and analytics service you signed up for.
  • Article 6(1)(a) — Consent: Analytics cookies (Vercel Analytics and Speed Insights) are only activated after you provide explicit consent via our cookie banner. You may withdraw consent at any time by clearing your cookies or adjusting your browser settings.

Data retention and deletion

For active accounts, we retain your data for as long as your account remains active and is necessary to provide the service. You may delete your account at any time through the Settings page. Upon deletion, all your data is permanently removed immediately, including your authentication record, portfolio holdings, transactions, snapshots, alerts, and analytics history. There is no recovery process once deletion is confirmed.

We do not retain backups of individual user data after deletion. If you wish to preserve your data before deleting your account, use the CSV export feature to download your transaction history and portfolio holdings.

International data transfers

Your data may be transferred to and processed in the United States, where our service providers — including Supabase, Vercel, and Stripe — operate servers. Where required by applicable law, these transfers are protected by Standard Contractual Clauses (SCCs) or other legally recognised transfer mechanisms to ensure your data receives an adequate level of protection regardless of where it is processed.

Age restriction

InvestTracker is intended for users who are 18 years of age or older. We do not knowingly collect personal data from anyone under 18. If we become aware that we have collected data from a person under 18, we will take steps to delete that data promptly. If you believe a minor has provided us with personal data, please contact us at support@investtracker.app.

Your rights

You can export or delete your data at any time through your dashboard settings. If you need assistance exercising your data rights or have questions about what data is stored, contact us and we will help you.

Changes to this policy

We may update this policy to reflect changes in functionality. The “last updated” date at the top of this page will be revised accordingly. Continued use of InvestTracker after changes constitutes acceptance of the updated policy.

Contact

For questions about this privacy policy or your data, email us at support@investtracker.app.

© 2026 InvestTracker. All rights reserved.
AboutPrivacyTermsSecurity