Privacy Policy

Pinfolio is an online portfolio analytics dashboard that lets retail investors view their holdings across multiple brokerages in one place. This Privacy Policy describes what personal information Pinfolio collects, how we use it, and the choices you have.

Account information. When you create an account we collect your email address and a hashed password. We may also store a display name and avatar URL that you optionally provide.

Brokerage data. When you connect a broker (directly or through an aggregator such as SnapTrade or Finatic), we receive read-only information about your accounts: holdings, positions, lots, balances, recent orders, transaction history and account values. We do not receive your broker login credentials.

Encrypted credentials. For brokers that issue API keys (currently eToro), we store those keys in our database encrypted with AES-256-GCM. For aggregator connections we store the opaque user identifier the aggregator issues us, not the underlying broker login.

Technical data. Our hosting provider logs standard request metadata (IP address, user agent, request path, timestamp) for security and abuse prevention.

• To display your portfolio analytics in the app.
• To authenticate you and keep your account secure.
• To diagnose errors and improve the product (aggregate usage metrics only).
• To contact you about account, security or service changes if needed.

We do not sell your data, and we do not share it with advertisers. We do not use your brokerage data to train machine learning models or to provide investment advice to third parties.

Pinfolio runs on the following infrastructure providers, each of which processes some data on our behalf:

• Supabase hosts our database and authentication. Your encrypted credentials and account metadata are stored there under row-level security so rows are isolated per user.
• Netlify hosts the web application and serverless functions.
• PostHogprovides our product analytics, hosted on EU infrastructure. It records how the app is used so we can improve it. See “Analytics” below.
• SnapTrade is an optional brokerage aggregator. When you connect a broker through SnapTrade, your broker login is handled entirely on SnapTrade and their broker partners; Pinfolio only receives the resulting holdings data.
• Finatic is an optional brokerage aggregator with the same model as SnapTrade.
• eToro is supported via their public Direct API when you provide your API keys. Those keys are stored encrypted and used only to read your portfolio.
• Yahoo Finance is queried server-side for stock price quotes and daily moves. No personal data is sent in those requests.

We keep your data for as long as your account is active. You can disconnect any broker at any time from the Settings page, which removes the corresponding stored credentials. To delete your account entirely (including all stored encrypted credentials, account metadata, and any cached broker data), email us at the address below and we will action the deletion within 30 days.

All traffic between your browser and Pinfolio is served over HTTPS. Broker API keys are encrypted at rest with AES-256-GCM. Database access is restricted by Supabase row-level security so one user cannot read another user's rows. We do not store your broker login passwords at any time.

No system is perfectly secure. If you suspect your account has been compromised, email us immediately.

We use PostHog (hosted in the EU) to understand how Pinfolio is used so we can improve it. PostHog records product-usage events such as pages viewed, features used and buttons clicked, and may capture session recordings of how you navigate the interface. When you are signed in, these events are linked to your account (identified by your user ID and email) so we can measure things like activation and retention.

Analytics data is stored on PostHog's EU infrastructure, is never sold or shared with advertisers, and is used only to operate and improve the product. Under the GDPR you may object to this processing. Contact us and we will exclude your account from analytics.

Pinfolio uses a small number of strictly necessary cookies to keep you signed in and to remember your appearance preferences (theme, source filter selections). Our analytics provider (PostHog) also stores a first-party identifier (via cookie / local storage) to recognise return visits. We do not use advertising cookies or third-party advertising trackers.

Subject to applicable law (including the GDPR for users in the EU and EEA), you have the right to access, correct, export or delete the personal information we hold about you, and to object to certain processing. Email us at the address below to exercise any of these rights.

We may update this Privacy Policy from time to time. The date at the top of this page reflects the most recent change. Material changes will be announced in-app or by email.

Questions about this policy or your data? Get in touch.