Portfolio Engine | Cycle-Based Investment Management

Your Privacy Matters

This Privacy Policy complies with the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other applicable data protection laws. We are committed to protecting your personal information and being transparent about how we use it.

Overview
Data We Collect
How We Use Your Data
Legal Basis for Processing (GDPR)
Data Sharing and Third Parties
Data Retention
Your Rights
Cookies and Tracking
Data Security
International Transfers
Children's Privacy
Changes to This Policy
Contact Us

1. Overview

Portfolio Engine ("we", "us", "our") operates an educational investment platform. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website and services.

By using our Service, you consent to the collection and use of information in accordance with this policy. If you do not agree with this policy, please do not use our Service.

2. Data We Collect

2.1 Information You Provide Directly

Data Type	Examples	Purpose
Account Information	Email, name, profile picture (via Google)	Account creation and authentication
Investor Profile	Risk tolerance, investment horizon, market location	Personalized recommendations
Portfolio Data	Instrument tickers, quantities, purchase prices	Portfolio tracking and analysis
Payment Information	Processed by LemonSqueezy (we don't store card details)	Subscription management
Contact Information	Email for waitlist, support inquiries	Communication and support

2.2 Information Collected Automatically

Usage Data: Pages visited, features used, time spent on pages
Device Information: Browser type, operating system, device type
Log Data: IP address, access times, referring URLs
Cookies: Session cookies for authentication (see Section 8)

2.3 Information We Do NOT Collect

Bank account numbers or credentials
Brokerage account login information
Social Security numbers or tax IDs
Credit card details (handled by LemonSqueezy)
Sensitive personal data (race, religion, health, etc.)

3. How We Use Your Data

We use your information to:

Service Delivery

Provide personalized portfolio analysis
Display economic cycle-based recommendations
Calculate risk-adjusted allocations
Send alerts based on your preferences

Account Management

Create and maintain your account
Process subscription payments
Provide customer support
Enforce our Terms of Service

Communication

Send transactional emails
Notify you of service updates
Send marketing emails (with consent)
Respond to inquiries

Improvement

Analyze usage patterns
Improve features and UX
Fix bugs and issues
Develop new features

Email Delivery Logs

We maintain operational logs of email communications sent to you, including delivery status, subject line, and technical metadata. These logs are used solely for debugging delivery issues and ensuring reliable communication. Logs are retained for 12 months and are accessible only to authorized technical personnel.

4. Legal Basis for Processing (GDPR)

Under the GDPR, we process your data based on:

Legal Basis	Applicable Processing
Contract Performance	Providing our Service, processing payments, account management
Consent	Marketing emails, optional analytics, waitlist signup
Legitimate Interest	Security, fraud prevention, service improvement
Legal Obligation	Tax records, legal compliance, responding to legal requests

5. Data Sharing and Third Parties

We share your data with the following third-party services:

Service	Purpose	Data Shared	Privacy Policy
Google (OAuth)	Authentication	Email, name, profile picture	Link
LemonSqueezy	Payment processing	Email, payment details	Link
FRED API	Economic data	No personal data shared	Link
Resend	Email delivery	Email address	Link
MongoDB Atlas	Database hosting — SOC 2 Type II certified	All account data (encrypted)	Link
Anthropic	AI-powered analysis and automated insights generation (portfolio summaries, rebalancing suggestions, cycle analysis, behavioral coaching)	Anonymized portfolio structure (instrument types, sector allocations, performance metrics, economic phase context, user risk profile). We do NOT share specific quantities, cost basis values, purchase dates, full name, or any directly personally identifiable information beyond what is necessary for analysis generation.	Link

AI Data Processing

When generating AI-powered analysis and automated insights, portfolio data is processed by Anthropic's API under a data processing agreement. Anthropic processes this data solely to generate the requested analysis and does not use it to train AI models (per Anthropic's API usage policy). Data transmitted to Anthropic is anonymized to remove direct personal identifiers before transmission.

We Do NOT:

Sell your personal data to third parties
Share your portfolio data with advertisers
Provide your information to data brokers
Use your data for targeted advertising (without explicit consent)

We May Disclose Data:

To comply with legal obligations or court orders
To protect our rights, property, or safety
In connection with a merger, acquisition, or sale of assets
With your explicit consent

6. Data Retention

We retain your data for the following periods:

Active Account Data: For as long as your account is active
After Account Deletion: Up to 30 days (to allow recovery)
Payment Records: 7 years (legal/tax requirements)
Support Communications: 3 years
Anonymous Analytics: Indefinitely (no personal identifiers)

You can request deletion of your data at any time (see Section 7: Your Rights).

7. Your Rights

GDPR Rights (EU/EEA Residents)

Right to Access

Request a copy of your personal data

Right to Rectification

Correct inaccurate or incomplete data

Right to Erasure

Request deletion of your data ("Right to be Forgotten")

Right to Portability

Receive your data in a machine-readable format

Right to Restrict Processing

Limit how we use your data

Right to Object

Object to processing for direct marketing

CCPA Rights (California Residents)

Right to Know: What personal information we collect and how it's used
Right to Delete: Request deletion of your personal information
Right to Opt-Out: Opt out of the sale of personal information (we do not sell data)
Right to Non-Discrimination: Equal service regardless of exercising rights

How to Exercise Your Rights

To exercise any of these rights, contact us at:

Email: support@portfolioengine.io
Response Time: We will respond within 30 days (GDPR) or 45 days (CCPA)
Verification: We may need to verify your identity before processing requests

8. Cookies and Tracking

Cookies We Use

Cookie Type	Purpose	Duration
Session Cookies	Keep you logged in	7 days
Preference Cookies	Remember your settings	1 year
Analytics Cookies	Understand usage patterns (if enabled)	2 years

Managing Cookies

You can control cookies through your browser settings. Note that disabling cookies may affect the functionality of our Service (e.g., you may need to log in more frequently).

Analytics Provider

We use Google Analytics 4 (GA4) to understand how users interact with our Service. GA4 collects anonymized usage data including:

Pages and features visited
User journey patterns within the application
General engagement metrics (session duration, feature usage frequency)
Device type, browser, and operating system

GA4 does NOT collect your portfolio data, investment information, or financial details. IP addresses are anonymized by default in our GA4 configuration.

You can opt out of GA4 tracking by:

Installing the Google Analytics Opt-out Browser Add-on
Adjusting your browser cookie settings to block analytics cookies
Contacting us at support@portfolioengine.io to request exclusion from analytics tracking

9. Data Security

We implement appropriate technical and organizational measures to protect your data:

Encryption: Data encrypted in transit (TLS) and at rest
Access Controls: Role-based access, least privilege principle
Authentication: Secure OAuth 2.0 via Google
Infrastructure: Hosted on secure, SOC 2 compliant platforms
Monitoring: Security logging and intrusion detection

While we implement robust security measures, no system is 100% secure. We cannot guarantee absolute security of your data. You are responsible for maintaining the security of your account credentials.

10. International Data Transfers

Your data may be processed in countries outside your residence, including the United States. When we transfer data internationally, we ensure appropriate safeguards:

Standard Contractual Clauses (SCCs) approved by the European Commission
Data processing agreements with all third-party processors
Compliance with the EU-US Data Privacy Framework (where applicable)

11. Children's Privacy

Our Service is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at support@portfolioengine.io.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

Posting the updated policy on this page
Updating the "Last updated" date
Sending an email notification for significant changes

Your continued use of the Service after changes constitutes acceptance of the updated policy.

13. Contact Us

For privacy-related questions or to exercise your rights:

Privacy Email: support@portfolioengine.io
Data Protection Officer: support@portfolioengine.io
Company: Portfolio Engine

EU/EEA Residents: For GDPR-related matters, EU and EEA residents may contact us directly at support@portfolioengine.io. We will respond to all GDPR requests within 30 days as required by law. Please note that Portfolio Engineis operated from the United States. If you are unsatisfied with our response to a data protection request, you have the right to lodge a complaint with your local data protection supervisory authority.

Privacy Policy