Privacy Policy
Last updated: June 10, 2026
PortfolioPatrol (“we”, “us”) provides portfolio-tracking and decision-support analytics. This policy describes the information we collect, how we use it, and the choices you have. The short version: we collect only what the service needs, we never sell it, and deleting your account deletes your data.
Information We Collect
- Account information. Your email address (sign-in is passwordless via emailed links). If you enroll a passkey, we store its public-key credential — never biometrics, which stay on your device.
- Financial data you provide. Holdings, purchase lots, sales, dividends, options, other assets, liabilities, and income streams that you enter manually or import from brokerage files.
- Connected accounts. If you connect an exchange account (for example Coinbase), we receive read-only balance and transaction data. Access tokens are stored encrypted (AES-256-GCM).
- Statement text you submit. If you use AI-assisted statement import, the statement content you upload is processed to extract holdings and transactions.
- Technical data. Standard server logs and the session cookie that keeps you signed in.
How We Use Your Information
We use your data solely to operate the service: storing your portfolio, computing analytics (returns, tax estimates, exposure), sending sign-in links and service emails, and keeping the service secure. We do not use your financial data for advertising, and we do not build advertising profiles.
What We Do Not Do
- We do not sell or rent your personal data.
- We never hold, custody, or move your assets — connections are read-only, and we cannot place trades or transfer funds.
- We do not run third-party advertising trackers.
Service Providers
We rely on a small set of processors to run the service: application hosting, database hosting, and transactional email. Market-data providers receive only ticker symbols — never your identity or position sizes. Exchange connections (such as Coinbase) and AI statement extraction involve those providers only when you choose to use those features. Each provider processes data solely to deliver its function to us.
Security
Data is encrypted in transit (TLS) and at rest. Exchange access tokens are additionally encrypted at the application layer. Every database query is scoped to your user with row-level security, so your records are isolated even at the database layer. No method of storage is perfectly secure, but security is the first design constraint of this product.
Data Retention & Deletion
We keep your data for as long as your account exists. Deleting your account from Settings permanently deletes the financial data associated with it — holdings, lots, transactions, connections, and preferences. Backups age out on a fixed schedule after deletion.
Your Rights
You can access and correct your data in the app at any time, and delete it by deleting your account. Depending on where you live (for example under GDPR or CCPA), you may also have rights to request a copy of your data or object to certain processing — contact us and we will honor verified requests.
Cookies
We use only the cookies required to keep you signed in (session cookies). There are no advertising or cross-site tracking cookies.
Children
PortfolioPatrol is not directed to anyone under 18, and we do not knowingly collect data from children.
Changes to This Policy
If we change this policy, we will update it here and revise the date at the top. Material changes will be flagged in the app.
Contact
Questions about this policy or your data: support@portfoliopatrol.com