Privacy Policy
Last Updated 6/11/26
This Privacy Policy explains how Stock + Option Log (“we,” “us,” or “our”) collects, uses, and protects your information when you use our website and application at stockoptionlog.com and app.stockoptionlog.com (the “Service”).
The short version: we collect only what we need to run the Service. Your portfolio and trade data belongs to you. We never sell your personal information, and we never share your financial data with third parties for their own purposes. Our app and our marketing website are separate: the app is where you create an account and store your portfolio and trade data (hosted on our database provider, Supabase), while the marketing website uses analytics only to help us understand and improve the site.
1. Information We Collect
Information you provide
Account information: your email address and a password (stored in hashed form — we cannot see your password).
Portfolio and trade data: the trades, holdings, dividends, options positions, and related notes you enter manually or import (for example, via CSV or brokerage export files). This may include transaction dates, ticker symbols, quantities, prices, and account labels you choose.
Communications: messages you send us, such as support requests or feedback.
Information collected automatically
Usage and analytics data (marketing website only): on our public marketing website we use Google Analytics to collect information such as pages visited, approximate location (country/region derived from IP address), browser and device type, and referring pages. We use this only to understand site traffic and improve the website. We do not run analytics inside the app, and this data is not linked to your account.
Log data: IP address, timestamps, and error logs, used for security, debugging, and abuse prevention.
No behavioral tracking inside the app: we do not use analytics, session recording, or behavioral tracking within the app itself. Website analytics (described above) are aggregate and are used only to understand overall traffic; they are not used to profile or monitor what individual users do.
Cookies and similar technologies: we use cookies that are essential for the Service to function (such as keeping you signed in, including the optional “stay logged in” setting) and, where applicable, analytics cookies. See Section 7.
Information from third parties
Hosting and database (Supabase): your account and portfolio data is stored using Supabase, our database and hosting provider, which processes this data solely to store and serve it for the Service on our behalf.
Payment information: if you purchase a paid plan, payments are processed by our payment processor (e.g., Stripe). We receive confirmation of payment, your plan, and billing status — we never receive or store your full card number.
Market data: we retrieve stock and option market data (such as prices and dividends) from third-party data providers to display alongside your portfolio. Requests for market data are made by the Service; your identity is not shared with these providers.
2. How We Use Your Information
To provide, maintain, and operate the Service, including calculating and displaying your portfolio performance.
To create and manage your account and authenticate you.
To process payments and manage subscriptions.
To respond to support requests and communicate with you about the Service (for example, password resets and important service announcements).
To analyze usage in order to improve features, performance, and reliability.
To protect the security and integrity of the Service and prevent fraud or abuse.
To comply with legal obligations.
We do not use your portfolio or trade data for advertising, profiling, or behavioral tracking, and we do not sell or rent your personal information to anyone. While our staff can access account and portfolio data where necessary to operate, support, and secure the Service, we do not monitor individual user activity beyond what is needed for these purposes.
3. Legal Bases for Processing (EEA/UK Users)
If you are in the European Economic Area or the United Kingdom, we process your personal data under the following legal bases:
Providing the Service, account management, and payments: Performance of a contract (GDPR Art. 6(1)(b)).
Security, fraud prevention, service improvement, and analytics: Legitimate interests (Art. 6(1)(f)).
Non-essential cookies and marketing communications (if any): Consent (Art. 6(1)(a)).
Legal compliance (e.g., tax and accounting records): Legal obligation (Art. 6(1)(c)).
4. How We Share Information
We share personal information only in these limited circumstances:
Service providers: with vendors that help us operate the Service — such as cloud hosting and database storage (Supabase), payment processing, email delivery, and website analytics (Google) providers. They may only process data on our instructions and may not use it for their own purposes.
Legal requirements: if required by law, regulation, legal process, or enforceable governmental request, or to protect the rights, safety, or property of our users or the public.
Business transfers: in connection with a merger, acquisition, or sale of assets, in which case this policy will continue to apply to your data and you will be notified of any change in ownership.
We do not sell your personal information and have not done so in the preceding 12 months. We do not share your personal information for cross-context behavioral advertising.
5. Data Retention
We keep your account and portfolio data for as long as your account is active. If you delete your account, we delete your personal data within 30 days, except where we must retain certain records to comply with legal, tax, or accounting obligations, or to resolve disputes. Backup copies are purged on a rolling basis. Aggregated, de-identified usage statistics that cannot be linked to you may be retained.
6. Data Security
We use industry-standard measures to protect your data, including encryption in transit (TLS), encryption at rest, hashed passwords, and access controls. Your account and portfolio data is stored with Supabase, which provides infrastructure-level security including encryption and access controls. No method of transmission or storage is completely secure, so we cannot guarantee absolute security — please use a strong, unique password for your account.
7. Cookies
Essential cookies: required for sign-in, session management, and security. These cannot be disabled.
Analytics cookies (marketing website only): we use Google Analytics on our public marketing website to understand site traffic. Where required by law, these are set only with your consent. You can opt out of Google Analytics using Google’s browser add-on at tools.google.com/dlpage/gaoptout. We do not use analytics cookies inside the app. We also use Google Search Console to monitor how our website performs in Google Search; it reports aggregate search data and does not track individual visitors or set cookies on our site.
You can control cookies through your browser settings; blocking essential cookies may prevent the Service from working.
8. International Data Transfers
The Service is operated from the United States, and your information may be processed in the United States or other countries where our service providers operate. Where we transfer personal data from the EEA, UK, or Switzerland, we rely on appropriate safeguards such as the European Commission’s Standard Contractual Clauses or transfers to recipients certified under recognized adequacy frameworks.
9. Your Rights
Depending on where you live, you may have some or all of the following rights:
Access — request a copy of the personal data we hold about you.
Correction — request that we correct inaccurate data.
Deletion — request that we delete your personal data.
Portability — receive your data in a structured, machine-readable format (you can also export your trade data from within the app at any time).
Objection / restriction — object to or ask us to restrict certain processing.
Withdraw consent — where processing is based on consent, withdraw it at any time.
Non-discrimination — we will not discriminate against you for exercising your privacy rights.
To exercise any of these rights, contact us using the details in Section 13. We will respond within the timeframe required by applicable law (generally 30–45 days). We may need to verify your identity before fulfilling a request. EEA/UK users also have the right to lodge a complaint with their local data protection authority. California residents may exercise these rights under the CCPA/CPRA, including through an authorized agent.
10. Children’s Privacy
The Service is not directed to children under 16, and we do not knowingly collect personal information from them. If you believe a child has provided us with personal information, please contact us and we will delete it.
11. Third-Party Links and Services
The Service may contain links to third-party websites or rely on third-party services (such as our payment processor’s checkout pages). Their privacy practices are governed by their own policies, which we encourage you to review.
12. Changes to This Policy
We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or through a notice in the app before the changes take effect. The “Last updated” date at the top reflects the most recent revision.
13. Contact Us
If you have questions about this Privacy Policy or how we handle your data, contact us at:
Email: [email protected]
