Last updated: February 25, 2025

Privacy Policy

1. Introduction

At StockAlert.pro, we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service. We are committed to protecting your personal data in compliance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

This policy applies to all information collected through our website (stockalert.pro), mobile application, and any related services, sales, marketing, or events.

2. Data Controller

The data controller responsible for your personal data is:

twys Software GmbH
Käthe-Niederkirchner-Str. 30
10407 Berlin
Germany

Email: privacy@stockalert.pro

3. Services We Use

We use the following services to provide our platform:

  • Supabase: For user authentication and database storage (hosted in the United States)
  • Vercel: For hosting and deployment (globally distributed edge network)
  • Hetzner Cloud: For monitoring servers (hosted in Germany)
  • Stripe: For payment processing and subscription management
  • Twilio: For sending SMS and WhatsApp notifications
  • Resend: For sending email notifications
  • PostHog: For analytics (cookie-free implementation, hosted in the EU)

All our service providers are GDPR-compliant and have signed Data Processing Agreements (DPAs) with us.

4. Data We Collect

4.1 Account Information

  • Email address (required for account creation and communications)
  • Password (encrypted using industry-standard algorithms)
  • Phone number (optional, for SMS and WhatsApp alerts)
  • IP address and device information (for security and fraud prevention)

4.2 Alert Preferences

  • Stock symbols and watchlists
  • Alert conditions and parameters
  • Notification preferences
  • Alert history

4.3 Payment Information

Payment information is processed directly by Stripe and we do not store any credit card details. We only maintain records of subscription status, transaction history, and billing information for accounting purposes.

4.4 Usage Data

  • Log data (access times, pages visited)
  • Device information (browser type, operating system)
  • Performance and error data

5. Legal Basis for Processing

We process your personal data under the following legal bases:

  • Contract: Processing necessary for the performance of our contract with you
  • Consent: Processing based on your specific consent (e.g., for marketing communications)
  • Legal Obligation: Processing necessary to comply with legal requirements
  • Legitimate Interests: Processing necessary for our legitimate interests (e.g., improving our services)

6. How We Use Your Data

  • To provide and maintain our stock alert service
  • To process your payments and manage subscriptions
  • To send you alerts via email and WhatsApp
  • To communicate important service updates
  • To improve our service based on usage patterns
  • To prevent fraud and ensure security
  • To comply with legal obligations
  • To respond to your inquiries and support requests

7. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including:

  • Account data: As long as your account is active
  • Alert history: 12 months for active accounts
  • Payment records: As required by tax laws (typically 10 years)
  • Usage logs: 30 days

After account deletion, we retain certain data as required by law or for legitimate business purposes, such as fraud prevention.

8. Data Storage and Security

Your data is stored securely across our infrastructure, which uses:

  • End-to-end encryption for sensitive data
  • Regular security audits and updates
  • Industry-standard database security practices
  • Regular backups to prevent data loss
  • Access controls and authentication mechanisms
  • Network security monitoring

9. International Data Transfers

Our services involve data processing in various locations worldwide, including the United States and other countries outside the EU. We ensure appropriate safeguards are in place through:

  • EU Standard Contractual Clauses
  • Data Processing Agreements
  • Privacy Shield certification (where applicable)

Our main database is hosted by Supabase in the United States, and our website is served through Vercel's global edge network. All data transfers comply with EU data protection requirements.

10. Your Rights

Under GDPR and other applicable laws, you have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Request deletion of your data (right to be forgotten)
  • Restrict or object to processing
  • Data portability (export your data)
  • Withdraw consent for processing
  • Lodge a complaint with a supervisory authority

To exercise these rights, please contact us at privacy@stockalert.pro. We will respond to your request within 30 days.

11. Cookies and Tracking

We only use technically necessary (essential) cookies that are required for the operation of our service. According to Article 5(3) of the ePrivacy Directive, these essential cookies do not require explicit consent. We use them for:

  • Authentication and session management (to keep you logged in)
  • Security measures (CSRF protection, fraud prevention)
  • Remembering basic preferences (language, theme)

We do not use any marketing, tracking, or analytics cookies. The essential cookies we use are:

  • supabase-auth: Authentication session cookie
  • csrf-token: Security token to prevent cross-site request forgery

For analytics, we use PostHog with a cookie-free implementation. Our PostHog configuration:

  • Does not use cookies for tracking
  • Does not store persistent identifiers in your browser
  • Only tracks anonymous usage data during your current session
  • Only creates user profiles when you explicitly identify yourself (e.g., by logging in)
  • Hosted in the EU to ensure GDPR compliance

While you can control cookies through your browser settings, please note that our service requires these essential cookies to function properly. Disabling them will prevent you from using our service.

12. Children's Privacy

Our service is not intended for users under 18 years of age. We do not knowingly collect or process personal data from children. If you become aware that a child has provided us with personal data, please contact us.

13. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the "Last updated" date. Significant changes will be communicated directly to users via email.

14. Contact Us

For any privacy-related questions, requests, or complaints, please contact our Data Protection Officer at:

Email: privacy@stockalert.pro

Postal Address:
twys Software GmbH
Käthe-Niederkirchner-Str. 30
10407 Berlin
Germany