pocketDCF

Privacy Policy

Last updated: April 21, 2026

1. Information We Collect

We collect only the information necessary to provide and improve the Service:

Account Information: Email address and hashed password managed via Supabase Auth.

Usage Data: The number of analyses performed is stored to enforce free-tier limits.

Payment Information: Payment processing is handled by Stripe. We store only your Stripe Customer ID to link your subscription status. We do not have access to, nor do we store, your full credit card details.

Technical Identifiers: IP addresses are processed temporarily for rate limiting and security purposes via Upstash Redis. While we do not link these to your personal profile, they are handled in accordance with GDPR as technical identifiers.

2. Legal Basis and Use of Information

We process your data based on the following legal grounds:

Contractual Necessity: To authenticate you, manage your account, and process subscriptions.

Legitimate Interest: To protect the Service from abuse (rate limiting) and to improve the quality of our financial models.

Compliance: We do not sell, rent, or share your personal data with third parties for marketing purposes.

3. Third-Party Services & International Transfers

We use the following specialized providers to operate pocketDCF. Some of these services are based in the United States, and data may be transferred outside the EEA under appropriate safeguards (such as Standard Contractual Clauses):

Supabase: Authentication and database infrastructure.

Stripe: Payment processing and billing.

Upstash Redis: Caching and security rate-limiting.

Google Gemini (API): AI-generated narratives. Only financial tickers and metrics are sent; no personal user data is included in AI prompts.

Financial Modeling Prep: Financial data provider.

Vercel: Hosting and edge infrastructure.

4. Data Retention

Account data is retained as long as your account is active. You may request account deletion at any time. Rate-limit data (IP logs) is automatically deleted after 30 days.

5. Cookies & Local Storage

We use essential technical cookies and local storage tokens (Supabase Auth) solely for session management. We do not use tracking, advertising, or third-party marketing cookies.

6. Security

We implement industry-standard security measures, including HTTPS encryption and hashed credentials. While we strive to use commercially acceptable means to protect your data, no method of transmission over the internet is 100% secure.

7. Your Rights (GDPR/Global)

You have the right to access, correct, or delete your personal data. You also have the right to object to processing or request data portability. To exercise these rights, please contact us at: pocketdcf@gmail.com

8. Changes to This Policy

We may update this Privacy Policy periodically. Significant changes will be announced by updating the “Last updated” date at the top of this page.

Contact

For privacy-related enquiries or to exercise your data rights, email us at pocketdcf@gmail.com.