Privacy & Cookie Policy

Last updated: April 2026 · PortfolioCalc (portfolio-calc.com)

      Plain English summary: We collect only what we need to run the service. We don't sell your data. We don't use Google Analytics or any third-party trackers. The external services we use are Supabase (authentication and database), EODHD (market data), Stripe (payment processing), and Anthropic (AI analysis) — all necessary to make the tool work.
    

1. Who we are

PortfolioCalc is a free investment portfolio analysis tool available at portfolio-calc.com. The service is operated as an independent project. If you have privacy questions, contact us at [email protected].

2. What data we collect

If you use without an account (guest)

No personal data is collected. All portfolio data you enter stays in your browser's local storage. When you close the tab it remains only on your device.

If you create an account

Email address — used only for login and password reset. Never shared or used for marketing.
Display name — optional, shown in the app only.
Portfolio data — the stocks, weights and holdings you save. Stored in our database so you can access them from any device. This data belongs to you.

Data we do NOT collect

No payment card details — payments are processed securely by Stripe, a PCI-DSS Level 1 compliant third party. We never see or store your card number.
No browsing behaviour or analytics events
No device fingerprinting
No location data
No advertising identifiers

3. How we use your data

Data	Why we use it	Legal basis (GDPR)
Email address	Authentication and account recovery	Contract performance
Portfolio holdings	Saving your portfolios across devices	Contract performance
Theme preference	Remembering your display preference	Legitimate interest

4. Third-party services

Supabase

We use Supabase to handle authentication and store portfolio data. Supabase is SOC 2 Type II certified. Data is stored on servers in the EU. See Supabase's privacy policy.

EODHD Financial APIs

We use EODHD to fetch market price data (stock prices, historical returns). Requests to EODHD are made server-side via our Supabase proxy — your IP address is not sent to EODHD. No personal data is shared with EODHD. See EODHD's privacy policy.

Anthropic (AI analysis feature)

If you use the AI portfolio analysis feature, your portfolio composition (ticker symbols and weights) is sent to the Anthropic API to generate the analysis. No personal data (name, email) is included in these requests. See Anthropic's privacy policy.

Stripe (payments)

If you subscribe to a paid plan, payments are processed by Stripe. Stripe collects your payment card details, billing address, and email address directly — we never see or store your card number. Stripe is PCI-DSS Level 1 certified. See Stripe's privacy policy.

Google AdSense (advertising)

Some pages display advertisements served by Google AdSense. If you consent to advertising cookies, Google may collect data about your browsing activity to show personalised ads. You can opt out via Google Ad Settings. See Google's privacy policy.

Google Fonts

We load fonts from Google Fonts. This causes your browser to make a request to Google's servers, which may log your IP address. See Google's privacy policy.

5. Your rights (GDPR)

If you are in the European Economic Area (EEA) or United Kingdom, you have the following rights:

Access — request a copy of the data we hold about you
Rectification — correct inaccurate data
Erasure — request deletion of your account and all associated data
Portability — export your portfolio data
Objection — object to processing based on legitimate interest

To exercise any of these rights, email [email protected]. We will respond within 30 days.

To delete your account and all data immediately, sign in and go to Account settings → Delete account.

6. Data retention

Account data is retained as long as your account is active. If you delete your account, all portfolio data and your email address are permanently deleted within 30 days. Local storage data (theme preference, builder cache) is stored only on your device and can be cleared via your browser settings at any time.

7. Security

All data in transit is encrypted via HTTPS/TLS. Passwords are hashed using bcrypt and never stored in plain text (handled by Supabase Auth). We do not have access to your password.

8. Children

PortfolioCalc is not directed at children under 16. We do not knowingly collect data from anyone under 16.

9. Changes to this policy

We may update this policy. If we make material changes, we will update the "Last updated" date at the top. Continued use of the service after changes constitutes acceptance.

10. Contact

Privacy questions: [email protected]

      Short version: We use essential localStorage to keep you signed in and remember your preferences. We do not use tracking or analytics cookies. If you accept advertising cookies via our consent banner, Google AdSense may set cookies to show personalised ads. You can change your consent or clear all stored data at any time.
    

What are cookies?

Cookies are small text files stored on your device. We also use localStorage — similar to cookies but stored only on your device, never sent to our servers automatically.

What we store and why

Essential (always active — cannot be disabled)

Name	Type	Purpose	Expires
sb-*-auth-token	localStorage	Keeps you signed in. Set by Supabase Auth when you log in.	Session / 1 week
pcTheme	localStorage	Remembers your dark/light mode preference.	Permanent (on device)
activePortfolioId	localStorage	Remembers which portfolio is active in the builder.	Permanent (on device)
pc_cookie_consent	localStorage	Stores your cookie consent choice (essential only, or all cookies).	Permanent (on device)
pc_no_remember	localStorage	Stores your "don't remember me" login preference.	Permanent (on device)

Functional (improve your experience)

Name	Type	Purpose	Expires
pc_tickerbar	localStorage	Caches the live ticker bar prices to reduce API calls.	24 hours
pc_*	localStorage	Caches market data (prices, CAGR) to speed up the app.	24 hours
pc_ticker_*	localStorage	Per-ticker CAGR and price history cache.	24 hours
builder_guide_dismissed	localStorage	Remembers if you dismissed the builder onboarding guide.	Permanent (on device)
pc_analytics_guide_dismissed	localStorage	Remembers if you dismissed the analytics walkthrough.	Permanent (on device)

Advertising (only with your consent)

If you click "Accept all" on our cookie consent banner, we load Google AdSense, which may set cookies to show personalised advertisements. These cookies are set by Google, not by us. Common AdSense cookies include:

Name	Set by	Purpose
__gads, __gpi	Google	Measure ad interactions and prevent the same ads showing repeatedly.
IDE, NID	Google (DoubleClick)	Serve personalised ads based on your browsing activity across sites that use Google advertising.

If you choose "Essential only", AdSense is not loaded and no advertising cookies are set. You can change your choice at any time by clearing pc_cookie_consent from your browser's localStorage (see instructions below) — the consent banner will reappear on your next visit.

You can also opt out of personalised ads via Google Ad Settings.

What we do NOT use

No Google Analytics or similar analytics platforms
No Facebook Pixel or social tracking
No session recording tools (Hotjar, FullStory etc.)
No cross-site tracking of any kind from our side
No fingerprinting or device identification

Third-party cookies

The following third parties may set cookies when you use PortfolioCalc:

Google AdSense — advertising cookies (only if you consent). See Google advertising policies.
Google Fonts — may set cookies when loading fonts. See Google's privacy policy.
Cloudflare — our hosting provider may set security cookies (__cf_bm, cf_clearance) for bot protection. See Cloudflare's privacy policy.
Supabase — our authentication provider stores session tokens in localStorage (listed above). No additional cookies are set.

How to manage or delete stored data

All of our localStorage items can be deleted via your browser:

Chrome / Edge: DevTools (F12) → Application → Local Storage → portfolio-calc.com → select and delete
Firefox: DevTools (F12) → Storage → Local Storage → portfolio-calc.com → select and delete
Safari: Preferences → Privacy → Manage Website Data → portfolio-calc.com → Remove
Or use your browser's "Clear site data" option for portfolio-calc.com

Note: clearing your auth token (sb-*-auth-token) will sign you out. Your saved portfolios remain in our database and will be available when you sign in again.

Consent

On your first visit, we show a cookie consent banner with two options:

Accept all — enables essential storage plus advertising cookies (Google AdSense).
Essential only — enables only the essential and functional storage listed above. No advertising cookies are loaded.

Essential and functional storage items do not require consent under EU ePrivacy rules because they are strictly necessary for the service to function. Advertising cookies (AdSense) are only loaded with your explicit consent, as required by GDPR.

To withdraw your advertising consent, clear pc_cookie_consent from your localStorage — the banner will reappear on your next visit. Alternatively, clear all site data for portfolio-calc.com in your browser settings.

Contact

Cookie questions: [email protected]