Privacy Policy

Stocks View is operated by an individual data controller. For any privacy request or question, contact kiril.u@gmail.com. This policy explains how we handle personal data under the EU/UK General Data Protection Regulation (GDPR) and Israel's Privacy Protection Law, 5741–1981, as amended by Amendment 13.

We only collect what the product needs to work:

• Account identity — your email address, and (if you sign in with Google) your name and avatar image. We never store a password; sign-in is by magic link or Google OAuth.
• Your content — the stocks on your watchlist, any paper-portfolio positions, free-text notes, and alert rules you create.
• Authentication tokens — session tokens and, for OAuth sign-in, provider tokens, stored so you stay signed in.
• Usage metadata — when you trigger an on-demand analysis, that action is associated with your account to enforce a daily quota.

We do not run analytics, ad trackers, or third-party tracking pixels, and we do not sell or share your data for marketing.

• Contract — to provide the service you signed up for (your account, watchlist, analyses).
• Legitimate interests — to keep the service secure and enforce fair-use quotas.

We rely on a small number of processors to run the service:

• Resend — sends the sign-in magic-link email to your address.
• Google — OAuth sign-in (only if you choose it), providing your email, name, and avatar.
• Vercel — application hosting.
• Postgres database host (e.g. Neon) — stores your account and content data.

Market-data and LLM providers (Finnhub, FRED, SEC EDGAR, Stooq, Google News, and the configured LLM backend) receive stock symbols and news text — not your personal data.

Stocks View sets a single strictly-necessary cookie: the authentication session cookie that keeps you signed in. It is essential to the service and is exempt from consent requirements under GDPR/ePrivacy. We set no analytics, advertising, or tracking cookies, so there is no cookie consent banner.

We keep your account and content data for as long as your account exists. When you delete your account, your profile, watchlist, positions, notes, alerts, sessions, and OAuth tokens are permanently removed. Analyses you triggered are part of an append-only prediction log that the project relies on to measure accuracy; on deletion these are de-personalised (the link to your account is removed) rather than erased, so they no longer constitute your personal data.

In line with Israel's Protection of Privacy (Data Security) Regulations, 5777–2017 and Amendment 13, we apply security measures proportionate to the data we hold: we never store passwords (sign-in is by magic link or Google OAuth), access to your records is scoped to your own account, data is transmitted over TLS, and our database is held by a managed host with encryption at rest. If a security incident affecting your personal data occurs, we will record it and notify affected users and the relevant supervisory authority as required by applicable law.

Under GDPR you can:

• Access & portability — download a machine-readable copy of your data anytime from your Account page.
• Erasure — delete your account and data yourself from the Account page.
• Rectification, restriction & objection — email kiril.u@gmail.com and we will respond within 30 days.

You also have the right to lodge a complaint with your local data protection authority — in Israel, the Privacy Protection Authority (הרשות להגנת הפרטיות); in the EU/UK, your national data protection regulator.