Security

Your data. Your control.

A financial tool has to earn trust. Here is how we handle your data — transparently and without fine print.

EU Hosting

Personal data is stored primarily on EU servers (Supabase Frankfurt). US services are used for market data and email delivery.

No broker connection

We have no access to your brokerage account. We cannot buy, sell, or transfer anything. Your broker credentials are never requested.

Client-side computation

Signal analysis runs directly in your browser. Your portfolio data only leaves your device in encrypted form for storage — never for computation.

GDPR-compliant

Processing in accordance with EU data protection regulation. Minimal data collection, no tracking without consent, full rights of access and erasure.

Account deletion in seconds

One click, immediate, irreversible. All portfolios, transactions, settings, and signal snapshots are deleted in cascade.

Security Headers

HSTS, Content-Security-Policy, X-Frame-Options, Permissions-Policy — all modern security headers are active. Embedding in third-party pages is not possible.

What we store — and what we don't

✓Portfolio composition (ticker, quantity, purchase date)

✓Signal settings & tier configuration

✓Email address (for login & alerts)

✗Broker credentials or passwords

✗Account numbers, IBAN, or payment data (except via Stripe)

✗IP addresses or browser fingerprints

✗Your signal calculations (they run locally)

Third-party services

These services process data on our behalf:

Service	Purpose	Location
Supabase	Database & authentication	EU (Frankfurt)
Vercel	Hosting & deployment	EU Edge
Yahoo Finance	Market data (to be replaced)	USA
Resend	Email delivery (signal alerts)	USA
Stripe	Payment processing	EU

Questions about data security?

Read privacy policy →