Privacy Policy
Last updated: February 17, 2026
1. Data We Collect
Account Information
When you create an account, we collect your email address and a hashed password (we never see or store your password in plain text). We do not collect your name, phone number, or mailing address unless you provide them voluntarily (for example, when contacting support).
Billing Information
If you subscribe to a paid plan, payment is processed entirely by Stripe. We do not store your credit card number, expiration date, or CVC on our servers. We store only your Stripe Customer ID, subscription ID, subscription status, and billing period dates so we can manage your account tier.
Usage Data (Analytics)
We use PostHog to understand how people use HoldingsIntel. PostHog collects:
- Pages you visit and time spent on each page
- Buttons and links you click
- Your browser type, operating system, and screen size
- Referring URL (how you found us)
- Country-level location derived from your IP address
If you create an account, PostHog links this behavioral data to your user ID so we can understand feature adoption across sessions. PostHog does not capture the content of text fields you type into (search queries, passwords, etc.).
Error Monitoring
We use Sentry to detect and fix software errors. Sentry collects error messages, your browser and OS details, and may record a small sample of sessions (approximately 10%) for usability analysis. All sessions in which errors occur are also recorded. Session recordings mask all visible text and block media content to protect your privacy.
Data We Do Not Collect
We do not collect your brokerage account data, portfolio holdings, trading activity, Social Security number, or any information about your personal investments. HoldingsIntel only displays data from publicly filed SEC 13F reports.
2. How We Use Your Data
- Provide the service: Authenticate your account, determine your subscription tier, and deliver analytics data appropriate to your plan.
- Process payments: Create and manage your Stripe subscription when you upgrade to a paid plan.
- Improve the product: Analyze aggregate usage patterns to understand which features are valuable and where users encounter friction.
- Fix bugs: Use error reports to identify and resolve software issues.
- Communicate with you: Send transactional emails (account confirmation, password reset, subscription receipts). We do not currently send marketing emails.
3. Third-Party Services
We share your data only with the service providers necessary to operate HoldingsIntel:
| Service | Purpose | Data Shared |
|---|---|---|
| Supabase | Authentication and database | Email, hashed password, account data |
| Stripe | Payment processing | Email, payment method (handled by Stripe) |
| Vercel | Website hosting | IP address, request logs |
| PostHog | Product analytics | Usage events, browser info, user ID (if logged in) |
| Sentry | Error monitoring | Error details, browser info, masked session recordings |
We do not sell your personal data to anyone. We do not share your data with advertisers.
5. Data Security
Your data is protected by:
- HTTPS encryption for all data in transit
- Supabase row-level security (RLS) policies restricting database access
- Stripe PCI-DSS Level 1 compliance for payment data
- Bcrypt password hashing (via Supabase Auth) — we never store or see your password in plain text
- Webhook signature verification on all Stripe events
No system is perfectly secure. If we discover a breach affecting your personal data, we will notify you by email within 72 hours.
6. Data Retention
We retain your account data (email, subscription history) for as long as your account is active. If you request account deletion, we will delete your personal data within 30 days. Some data may be retained longer if required by law (for example, payment records for tax purposes).
Analytics data in PostHog is retained for 12 months, after which it is automatically deleted. Sentry error data is retained for 90 days.
7. Your Rights
Depending on your location, you may have the following rights regarding your personal data:
- Access: Request a copy of the personal data we hold about you.
- Correction: Ask us to correct inaccurate data.
- Deletion: Ask us to delete your account and personal data.
- Data portability: Request your data in a machine-readable format.
- Object to processing: Opt out of analytics tracking via the cookie consent banner, or by contacting us.
- Withdraw consent: You can withdraw your consent for analytics cookies at any time.
To exercise any of these rights, email us at privacy@holdingsintel.com. We will respond within 30 days.
8. International Data Transfers
HoldingsIntel is operated from the European Union. Your data may be processed by third-party services located in the United States (Stripe, Vercel, Supabase) and the EU (PostHog EU). These transfers rely on the service providers' Standard Contractual Clauses (SCCs) or equivalent legal mechanisms. By using HoldingsIntel, you acknowledge that your data may be transferred to and processed in these locations.
9. Children's Privacy
HoldingsIntel is not intended for users under the age of 16. We do not knowingly collect personal data from children. If you believe a child has created an account, please contact us and we will delete the account promptly.
10. Changes to This Policy
We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or by posting a prominent notice on the site. The "Last updated" date at the top of this page indicates when the policy was last revised.
11. Contact
For privacy-related questions or to exercise your data rights:
Email: privacy@holdingsintel.com
For general support: support@holdingsintel.com