StockDisco

Loading your portfolio insights…

Back to home

Privacy Policy

Note: This document contains placeholders ([…]) that the operator must have reviewed and completed by a qualified lawyer before going live.

This privacy policy informs you in accordance with Art. 13 GDPR about the processing of your personal data when visiting and using this application. The app serves educational and simulation purposes only; no real securities transactions are executed.

Controller

The controller within the meaning of the GDPR is the provider named in the imprint.

Data we process

• Account data: email address, hashed password, verification and session tokens. • Usage data inside the app: universes, strategies, backtests, plans, paper-trading simulations — solely to provide the functionality. • Technical data: IP address, timestamp, user agent (server logs for security and error analysis). • Cookies / local storage: only strictly necessary values (session, language preference).

Purposes and legal bases

• Provision of the service and performance of contract (Art. 6 (1) (b) GDPR). • IT security, abuse prevention and error analysis (Art. 6 (1) (f) GDPR). • Compliance with legal obligations (Art. 6 (1) (c) GDPR).

No investment advice — no profiling under § 64 WpHG

We do not generate personalised investment recommendations and do not perform suitability or appropriateness checks within the meaning of § 64 WpHG. Values entered in the app (amounts, risk preferences) serve simulation purposes only and are not evaluated to produce individual investment advice.

Recipients / processors

• Hosting / infrastructure: [provider, e.g. Railway, AWS, Hetzner — please insert]. • Market-data providers for publicly available price data (e.g. [yfinance, Alpha Vantage, …]); no personal user data is transmitted to such providers as a rule. • Email delivery: [provider, if used]. Processor agreements pursuant to Art. 28 GDPR are in place where required.

Transfers to third countries

Where processors are located outside the EEA, transfers are based on the EU Standard Contractual Clauses (Art. 46 (2) (c) GDPR) or an adequacy decision.

Storage duration

Account and usage data are stored for the duration of the user account. After deletion, data is removed within 30 days unless statutory retention obligations apply. Server logs are typically deleted after 14 days.

Your rights

You have the right to access (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction (Art. 18), data portability (Art. 20) and objection (Art. 21 GDPR). Consents can be withdrawn at any time with effect for the future. You have the right to lodge a complaint with the competent supervisory authority.

Cookies

This application uses strictly necessary cookies only (session and language). No consent under § 25 (1) TDDDG is required (exception under § 25 (2) TDDDG). No tracking, analytics or advertising cookies are used.

Security

Transmission is encrypted via TLS. Passwords are stored as hashes only. We implement technical and organisational measures in accordance with Art. 32 GDPR.

Privacy contact

For privacy-related requests please use the contact address provided in the imprint.