Summary: We collect only what's necessary to provide portfolio tracking. We never sell your data. Your brokerage credentials are never shared with us. You can delete your account and data at any time.
Information We Collect
We collect different types of information to provide and improve our service.
- Email address
- Name (optional)
- Authentication via Clerk (MFA supported)
- Stock symbols and positions
- Price targets and alerts
- Notes and annotations
- Chart preferences
- Holdings and transactions (via Plaid)
- Account metadata
- Never your brokerage credentials
- Never ability to move funds
- Features accessed
- Device and browser info
- IP address (anonymized)
- Error logs for debugging
How We Use Your Information
Service Operation
CoreDisplay your portfolio, provide alerts, generate analytics, sync across devices
Service Improvement
CoreAnalyze usage patterns, fix technical issues, develop new features
Security
CoreDetect fraud, enforce terms, comply with legal obligations
Information Sharing
We do NOT sell your personal information. We never sell, rent, or trade your data to third parties for marketing purposes.
Service Providers
We share limited information with trusted providers who help us operate the service:
Data Security
- All data encrypted in transit (TLS 1.2+)
- Sensitive data encrypted at rest (AES-256-GCM)
- Passwords handled by Clerk (never stored by us)
- Phishing-resistant MFA required for financial features
- Role-based access control
- Regular security audits
Data Retention
Data Deletion
When you delete your account:
- Plaid connections are immediately revoked
- Personal data is marked for deletion
- 30-day grace period for account recovery
- Permanent deletion after grace period
Your Rights
Access & Portability
- View all data we have about you
- Export your portfolio data
- Download account information
Deletion
- Delete your account at any time
- Request deletion of specific data
- 30-day recovery window
Control
- Update your information
- Manage connected accounts
- Adjust notification preferences
California Privacy Rights (CCPA)
California residents have additional rights:
Right to Know
Categories and sources of personal information collected
Right to Delete
Request deletion of personal information
Right to Opt-Out
We do not sell personal information
Non-Discrimination
Equal service regardless of privacy choices
To exercise CCPA rights, email privacy@positiontracker.trading with subject "CCPA Request."
Cookies and Tracking
Essential Cookies
RequiredAuthentication, session management, security (CSRF protection), and user preferences
Analytics
OptionalUsage patterns to improve the service. You can opt out through browser settings or cookie preferences.
We honor "Do Not Track" browser signals when possible.
Children's Privacy
PositionTracker is not intended for users under 18 years of age. We do not knowingly collect information from children. If you believe a child has provided us information, please contact us immediately.
International Data Transfers
Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place for international transfers, including:
- Standard contractual clauses
- Service provider compliance certifications
- Encryption of data in transit and at rest
Third-Party Privacy Policies
Our service integrates with third parties that have their own privacy policies:
Policy Changes
We may update this Privacy Policy from time to time. Material changes will be communicated via email notification, in-app notification, or prominent notice on our website. Continued use after changes constitutes acceptance.
Contact Us
Have questions about your privacy? We're here to help.