Last updated: May 2026 · Applies to all users of the Stockpilo platform.
01
Introduction
Stockpilo is an AI-powered stock analysis platform that provides real-time market data, AI-generated insights, and portfolio tracking tools. This Privacy Policy explains what personal data we collect, how we use it, who we share it with, and what rights you have over your data.
By using Stockpilo, you agree to the practices described in this policy. If you do not agree, please discontinue use of the platform.
02
Data Controller
The data controller responsible for your personal data is:
Vebify OÜ
Registry code: 17183973
Address: Aaslina tn 5, Estonia
Email: support@stockpilo.com
03
What Data We Collect
Account data: When you create an account, we collect your email address and a unique user identifier. After onboarding, you may optionally provide a username, full name, avatar image, investment experience level, and how you heard about Stockpilo.
Platform usage data: We store your watchlist, AI chat conversation history, in-app notifications, price and earnings alert settings, and portfolio analysis data. These records are created as a direct result of your use of the platform's features.
Subscription and billing data: If you subscribe to a paid plan, billing is handled by Stripe. We store your subscription status and plan type. Full payment details are processed and stored exclusively by Stripe and are never held by Stockpilo.
Technical data: Your session token is stored in your browser's localStorage. We store one cookie — sidebar:state — which remembers whether your UI sidebar is open or closed, expiring after 7 days. If you consent to reCAPTCHA, Google may set additional cookies on the authentication page.
We have Data Processing Agreements (DPA) in place with each processor where required under GDPR. For services located in the United States, data transfers are conducted under Standard Contractual Clauses (SCCs) in accordance with GDPR Chapter V.
Service
Purpose
Location
Supabase
Database, authentication, file storage
EU
Stripe
Subscription billing and payment processing
US
OpenAI
AI-generated analysis and chat responses
US
Resend
Transactional email delivery
US
Google reCAPTCHA v3
Bot protection on authentication forms
US
Financial Modeling Prep (FMP)
Market and stock data
US
Note — OpenAI: Your AI chat messages are sent to OpenAI to generate responses. We do not intentionally include personal information in these requests. However, if you type personal information into the AI chat, that content will be included in the request sent to OpenAI. OpenAI's privacy policy governs how they handle this data.
Note — Google reCAPTCHA: If you consent to reCAPTCHA, Google's script processes your IP address and browser information to assess bot risk. This is governed by Google's Privacy Policy.
06
How We Use Your Data
We use your data exclusively to:
Create and manage your account.
Provide platform features including watchlists, alerts, AI analysis, and portfolio tracking.
Process your subscription and payments through Stripe.
Protect the platform from automated abuse via reCAPTCHA.
Improve platform stability and resolve errors.
We do not use your data for advertising. We do not sell your data to third parties. We do not use any third-party analytics tools to track your behaviour on the platform.
07
Data Retention
Account and profile data persists until you delete your account.
Watchlist, alert settings, and portfolio data persist until you remove them or delete your account.
AI chat conversation history is stored permanently unless you delete it or your account.
Subscription and billing records may be retained beyond account deletion to meet legal and financial obligations.
Email verification and password reset tokens expire automatically.
08
AI Chat History
Your conversations with the Stockpilo AI assistant are stored in our database and associated with your account. This data is used solely to provide chat history within the platform.
If you delete your account, this data is deleted along with all other user data.
09
Your Rights Under GDPR
As a data subject under GDPR, you have the following rights:
Right of access — request a copy of all personal data we hold about you.
Right to rectification — correct inaccurate or incomplete data.
Right to erasure — request deletion of your account and all associated data.
Right to restriction — request that we limit processing of your data.
Right to data portability — receive your data in a machine-readable format.
Right to object — object to processing based on legitimate interest.
To exercise any of these rights, contact us at support@stockpilo.com. We will respond within 30 days.
10
Supervisory Authority
If you believe we have not handled your personal data in accordance with applicable law, you have the right to lodge a complaint with the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon).
We take reasonable technical and organisational measures to protect your data.
Authentication is managed through Supabase with encrypted storage and secure token handling.
Passwords are never stored in plain text.
All data in transit is encrypted via HTTPS.
In the event of a data breach affecting your rights, we will notify you in accordance with applicable law.
12
Age Restriction
Stockpilo is intended for users who are 18 years of age or older. We do not knowingly collect personal data from individuals under 18.
If you believe a minor has created an account, please contact us at support@stockpilo.com and we will delete the account promptly.
13
Changes to This Policy
We may update this Privacy Policy from time to time. When we do, we will update the date at the top of this page. For significant changes, we will notify you by email.
Continued use of the platform after changes have been posted constitutes your acceptance of the updated policy.