Legal · Privacy

Privacy Policy

This Privacy Policy explains how Stoculator collects, uses, stores, and protects your information. We are committed to safeguarding your privacy and being transparent about our data practices.

Last updated: February 2026
Section 1

Introduction

This Privacy Policy describes the policies and procedures of Stoculator ("we," "us," or "our") regarding the collection, use, disclosure, and protection of your ("you" or "your") information when you use the Stoculator website located at stoculator.com, including all features, tools, data, content, and functionality provided therein (the "Service").

Stoculator is the data controller responsible for your Personal Data and can be contacted at info@stoculator.com.

We use your Personal Data to provide, maintain, and improve the Service. By accessing or using the Service, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with this Privacy Policy, please do not use the Service.

Your use of the Service is also governed by our Terms and Conditions, available at stoculator.com/terms-and-conditions. Please read both documents carefully.

We may update this Privacy Policy from time to time. We encourage you to review this page periodically for the latest information on our privacy practices.

Section 2

Definitions

"Personal Data" means any information that relates to an identified or identifiable individual, including but not limited to name, email address, and account credentials.

"Usage Data" means data collected automatically through your use of the Service, such as IP address, browser type, pages visited, and time spent on pages.

"Account Data" means the information you provide when creating an account, including your name, email address, and hashed password.

"Portfolio Data" means any financial simulation data you explicitly choose to save through the Service, including saved portfolios, ticker selections, investment amounts, date ranges, backtesting results, and watchlists.

"Cookies" are small data files placed on your device that store information about your browsing preferences and session activity.

Section 3

Information We Collect

Account Information

When you create an account on Stoculator, we collect the following information:

  • Full name — used for your profile and account identification;
  • Email address — used for account login, transactional communications, and account recovery;
  • Password — stored only in securely hashed form; we never store or have access to your plaintext password;
  • Session and authentication tokens — temporary tokens used to maintain your login session and verify your identity while using the Service.

Social Login Information

If you choose to sign in using a third-party authentication provider, we receive limited profile information from that provider. We currently support sign-in through:

  • Google
  • Microsoft
  • Facebook
  • LinkedIn

When you use social login, we receive your name, email address, and profile identifier from the provider. The specific data shared may vary by provider. We do not receive or store your password for these services, and we do not store profile pictures or avatars received from these providers. Each provider's own privacy policy governs how they handle your data.

Portfolio and Financial Simulation Data

Stoculator provides portfolio backtesting and simulation tools. We only store Portfolio Data when you explicitly choose to save it — for example, by pressing a save button to save a portfolio, save backtesting results, or add a stock to your watchlist. We do not automatically store your simulation inputs or results.

When you choose to save, the following data may be stored and associated with your account:

  • Saved portfolio configurations (ticker symbols, investment amounts, date ranges, and other parameters);
  • Saved backtesting and simulation results;
  • Watchlists and favorited stocks.

This data is stored to allow you to access your saved work across sessions. It is not shared with other users unless you explicitly choose to share it.

Usage Data

We automatically collect certain information when you access or use the Service, including:

  • Your device's Internet Protocol (IP) address;
  • Browser type and version;
  • The pages of the Service that you visit, the time and date of your visit, and the time spent on those pages;
  • Unique device identifiers;
  • Operating system information;
  • Referring and exit page URLs;
  • Other diagnostic and analytics data.

When you access the Service through a mobile device, we may additionally collect the type of mobile device, your mobile device's unique ID, the IP address of your mobile device, your mobile operating system, and the type of mobile Internet browser you use.

Payment and Subscription Data

Payments for Stoculator subscriptions are processed by our merchant of record, Paddle.com Market Limited (for customers outside the United States) or Paddle.com Inc. (for customers in the United States) ("Paddle").

We do not directly collect or store your full payment card details. Paddle processes your payment information and shares the following data with us:

  • Billing email address;
  • Name and billing address;
  • Country of residence;
  • Subscription status and plan details;
  • Transaction identifiers and payment history;
  • Payment method type (e.g., credit card, PayPal).

This information is used to manage your subscription, provide customer support, and comply with tax and legal obligations. Paddle's privacy policy governs how they handle your full payment information.

Section 4

Tracking Technologies and Cookies

We use Cookies and similar tracking technologies to track activity on the Service and store certain information. Non-essential Cookies (such as analytics Cookies) are only placed on your device after you have provided your consent through our cookie consent banner. The technologies we use may include:

Cookies. Small data files placed on your device. You can instruct your browser to refuse all Cookies or to indicate when a Cookie is being sent. However, if you do not accept Cookies, you may not be able to use some features of the Service.

Web Beacons. Small electronic files (also known as clear gifs, pixel tags, and single-pixel gifs) in certain sections of the Service and in emails that allow us, for example, to count users who have visited those pages or opened an email.

Cookies can be "Persistent" or "Session" Cookies. Persistent Cookies remain on your device when you go offline, while Session Cookies are deleted as soon as you close your browser.

We use the following types of Cookies:

Necessary / Essential Cookies (Session Cookies) — These Cookies are essential to provide you with services available through the Service and to enable you to use some of its features. They help authenticate users and prevent fraudulent use of accounts. Without these Cookies, the services you request cannot be provided. These Cookies do not require your consent.

Cookies Policy / Notice Acceptance Cookies (Persistent Cookies) — These Cookies record whether you have accepted the use of cookies on the Service and your cookie preferences.

Functionality Cookies (Persistent Cookies) — These Cookies allow us to remember choices you make, such as login details or language preferences. The purpose is to provide a more personal experience and avoid you having to re-enter preferences on each visit.

Analytics Cookies (Persistent Cookies) — These Cookies are only placed after you consent through our cookie banner. They help us understand how visitors interact with the Service by collecting and reporting information. We use Google Analytics for this purpose. You can learn more about how Google uses your data at google.com/policies/privacy/partners/ and opt out of Google Analytics tracking by installing the Google Analytics Opt-out Browser Add-on.

Do Not Track Signals. Some browsers offer a "Do Not Track" (DNT) signal. There is currently no universally accepted standard for how websites should respond to DNT signals. At this time, we do not respond to DNT signals, but you can manage your tracking preferences through our cookie consent banner and your browser settings.

Section 5

How We Use Your Information

We use the information we collect for the following purposes:

To provide and maintain the Service, including monitoring usage patterns and ensuring the Service operates correctly.

To manage your Account, including your registration, authentication, and access to features available to registered users.

To store and display your Portfolio Data, when you explicitly choose to save portfolios, backtesting results, or watchlists, so that your saved data persists across sessions.

To process your subscription, including managing billing through Paddle, activating premium features, and handling subscription changes.

To contact you with service-related communications, such as account verification, password resets, subscription confirmations, security alerts, and important service updates. We do not send marketing or promotional emails.

To improve the Service, including data analysis, identifying usage trends, evaluating feature effectiveness, and enhancing user experience.

To ensure security, including detecting and preventing fraud, unauthorized access, and other harmful activities.

To comply with legal obligations, including responding to lawful requests from public authorities and complying with applicable laws and regulations.

We only collect and process data that is necessary for the purposes stated above. We do not use your Personal Data for purposes incompatible with those listed here without notifying you.

Section 6

How We Share Your Information

We do not sell, rent, or trade your Personal Data to third parties. We may share your information only in the following circumstances:

With Paddle (Payment Processor). We share necessary information with Paddle to process subscription payments. Paddle acts as the merchant of record and is subject to its own privacy policy.

With Google Analytics. We share Usage Data with Google Analytics to understand how the Service is used. Google Analytics uses Cookies to collect information about your activity on the Service. This data sharing only occurs after you consent to analytics Cookies.

With Authentication Providers. When you use social login, authentication data is exchanged between the Service and the selected provider (Google, Microsoft, Facebook, or LinkedIn) to verify your identity.

For legal compliance. We may disclose your information if required to do so by law, in response to valid requests by public authorities (e.g., a court or a government agency), or to protect our rights, privacy, safety, or property.

For business transfers. If Stoculator is involved in a merger, acquisition, or asset sale, your Personal Data may be transferred. We will provide notice before your Personal Data is transferred and becomes subject to a different Privacy Policy.

With your consent. We may disclose your Personal Data for any other purpose with your explicit consent.

Section 7

Data Retention

We retain your Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy. Specifically:

Account Data is retained for as long as your account is active. If you delete your account, we will delete or anonymize your Account Data within 30 days, except where we are required to retain it for legal or regulatory purposes.

Portfolio Data (saved portfolios, backtesting results, watchlists) is retained for as long as your account is active and is deleted when you delete your account.

Usage Data is generally retained for a shorter period for internal analysis purposes, except when this data is used to strengthen the security or improve the functionality of the Service, or when we are legally obligated to retain it for longer periods.

Subscription and Payment Data received from Paddle is retained as necessary to manage your subscription and comply with tax and accounting obligations.

Backups. Deleted data may persist in encrypted database backups for up to 7 days before being automatically purged. During this period, backup data is not actively used or accessible for any purpose other than disaster recovery.

Section 8

Data Security

The security of your Personal Data is important to us. We implement appropriate technical and organizational measures to protect your information, including:

  • Encryption of data in transit using TLS/SSL;
  • Secure hashing of passwords (we never store plaintext passwords);
  • Access controls to limit who can access Personal Data;
  • Regular security reviews of our systems and practices.

However, no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee its absolute security.

Section 9

International Data Transfers

Your information, including Personal Data, may be transferred to and maintained on servers located outside of your state, province, country, or other governmental jurisdiction where data protection laws may differ from those in your jurisdiction.

Where we transfer Personal Data outside of the European Economic Area (EEA), the United Kingdom (UK), or Switzerland, we ensure that appropriate safeguards are in place to protect your data, including the use of Standard Contractual Clauses (SCCs) approved by the European Commission, reliance on adequacy decisions where applicable, or other legally recognized transfer mechanisms.

Our third-party service providers (including Paddle and Google) maintain their own data transfer mechanisms and safeguards. We encourage you to review their respective privacy policies for details on how they protect data during international transfers.

By using the Service, you acknowledge that your data may be processed in jurisdictions outside your own. We take all reasonably necessary steps to ensure that your data is treated securely and in accordance with this Privacy Policy.

Section 10

Your Rights and Choices

Depending on your location, you may have certain rights regarding your Personal Data:

Access. You may request a copy of the Personal Data we hold about you.

Correction. You may request that we correct inaccurate or incomplete Personal Data. You can also update your information directly through your account settings.

Deletion. You may request that we delete your Personal Data. You can also delete your account through your account settings, which will remove your Account Data and Portfolio Data within 30 days.

Objection. You may object to our processing of your Personal Data in certain circumstances.

Data Portability. You may request a copy of your Personal Data in a structured, commonly used, and machine-readable format.

Withdraw Consent. Where we rely on your consent to process your Personal Data, you have the right to withdraw that consent at any time by contacting us at info@stoculator.com or by adjusting your settings (e.g., cookie preferences).

Cookie Preferences. You can manage your Cookie preferences through our cookie consent banner, your browser settings, or by opting out of Google Analytics tracking using the Google Analytics Opt-out Browser Add-on.

To exercise any of these rights, please contact us at info@stoculator.com. We will respond to your request within 30 days in accordance with applicable law. If we require additional time, we will notify you of the extension and the reasons for it.

Section 11

European Economic Area (EEA) Users

If you are located in the European Economic Area (EEA), the United Kingdom (UK), or Switzerland, the following additional provisions apply to you under the General Data Protection Regulation (GDPR) and equivalent legislation.

Data Controller. Stoculator is the data controller responsible for your Personal Data. You can contact us at info@stoculator.com regarding any data protection matters.

Legal Basis for Processing. We process your Personal Data based on the following legal grounds, mapped to each processing purpose:

  1. Performance of a contract — Providing and maintaining the Service, managing your Account, storing your explicitly saved Portfolio Data, and processing your subscription through Paddle;
  2. Legitimate interests — Improving the Service, ensuring security, conducting analytics (where consent is not required), and sending service-related communications, where those interests are not overridden by your rights;
  3. Consent — Placing non-essential Cookies (including analytics Cookies), using social login to authenticate with third-party providers, and any other processing for which we specifically request your consent;
  4. Legal obligation — Complying with applicable laws and regulations, responding to lawful requests from public authorities, and retaining records as required by tax and accounting obligations.

Your GDPR Rights. In addition to the rights listed in Section 10, EEA users have the right to:

  • Lodge a complaint with your local data protection supervisory authority;
  • Request restriction of processing of your Personal Data;
  • Not be subject to a decision based solely on automated processing, including profiling, that produces legal effects concerning you.

We do not engage in automated decision-making or profiling that produces legal or similarly significant effects.

To exercise any of your rights under GDPR, please contact us at info@stoculator.com. We will respond within 30 days of receiving your request. If we require additional time (up to a further 60 days for complex requests), we will notify you within the initial 30-day period.

Section 12

California Users (CCPA/CPRA)

If you are a California resident, the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA) provide you with specific rights regarding your Personal Data.

Your California Privacy Rights. As a California resident, you have the right to:

  • Know what Personal Data we collect about you and how it is used and shared;
  • Delete your Personal Data, subject to certain exceptions;
  • Correct inaccurate Personal Data;
  • Opt out of the sale or sharing of your Personal Data — however, we do not sell or share your Personal Data as defined under the CCPA/CPRA;
  • Non-discrimination — We will not discriminate against you for exercising your privacy rights.

Categories of Personal Data Collected. In the preceding 12 months, we have collected the following categories of Personal Data: identifiers (name, email address), internet or other electronic network activity information (Usage Data), and commercial information (subscription and payment data from Paddle).

No Sale of Personal Data. We do not sell your Personal Data, and we have not sold Personal Data in the preceding 12 months.

To exercise your California privacy rights, please contact us at info@stoculator.com. We will respond to verified requests within 45 days. If we require additional time, we will notify you of the extension.

Section 13

Third-Party Services

The Service integrates with or relies upon the following third-party services, each of which has its own privacy policy governing how they collect and use data:

Paddle — Payment processing and subscription management. Paddle acts as our merchant of record for all subscription purchases.

Google Analytics — Website analytics and usage tracking. We use Google Analytics to understand how users interact with the Service. Google Analytics Cookies are only placed after you consent through our cookie banner.

Authentication Providers (Google, Microsoft, Facebook, LinkedIn) — Social login services. When you use social login, these providers share limited profile information with us.

We encourage you to review the privacy policies of these third-party services. We have no control over and assume no responsibility for the privacy practices of third-party services.

Section 15

Children's Privacy

The Service is not directed to anyone under the age of 18. We do not knowingly collect personally identifiable information from anyone under the age of 18.

If you are a parent or guardian and you are aware that your child has provided us with Personal Data, please contact us. If we become aware that we have collected Personal Data from anyone under the age of 18, we will take steps to promptly remove that information from our servers.

Section 16

Data Breach Notification

In the event of a data breach that affects your Personal Data, we will notify you and the relevant authorities as required by applicable law. Notification will include:

  • A description of the nature of the breach;
  • The categories and approximate number of individuals concerned;
  • The likely consequences of the breach;
  • The measures taken or proposed to address the breach.

We will make reasonable efforts to notify affected users promptly and within the timeframes required by applicable law.

Section 17

Changes to this Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last updated" date.

For significant changes that materially affect your rights or how we use your data, we may also notify you by email or through a prominent notice on the Service prior to the change becoming effective.

You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page. Your continued use of the Service after changes are posted constitutes your acceptance of the revised Privacy Policy.

Section 18

Contact Us

If you have any questions about this Privacy Policy, wish to exercise your data protection rights, or have concerns about how we handle your information, please contact us at:

Email: info@stoculator.com

Website: stoculator.com

We will respond to all privacy-related inquiries within 30 days.

By using Stoculator, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy.

AboutPrivacy PolicyContact usTerms & Conditions

Copyright © 2025 Stoculator.com. All rights reserved