Privacy policy
Last updated: 2026-05-27
1 · What we collect
When you sign in we collect the minimum needed to create your account: a display name and handle, plus the email address (or provider-issued identifier) returned by the auth provider you chose. If you continue with Apple, Google, or X (Twitter), we only see what that provider agrees to share — typically your email and a verified user id.
Once you start using the app, we store the portfolios you create, the positions inside them, the tickers you put on your watchlist, your notification preferences, and the answers from the onboarding quiz (risk profile, goals, interests, starter cash). All of this lives in your row of our Supabase database, gated behind row-level security so other users can’t read it.
If you opt in to push notifications we store the Apple Push (APNs) token for your device. We collect device-level diagnostics (model, OS version, app version, crash stacks) and a small set of product analytics events (which screens you visit, which features you tap) so we can fix bugs and prioritise what to ship next.
2 · How we use it
We use your data to provide the service: render your portfolio, run the council scoring you see on holdings, deliver the alerts you opted into, and personalise the Discover and Home surfaces. When you use the AI chat assistant, the messages you send are transmitted to our AI provider to generate replies (see §3 for who receives it and exactly what is sent). We never sell your data and it is never used to train a third-party LLM.
We use the diagnostics and analytics to find and fix issues, measure whether a new feature is working, and keep the app stable. Where possible we keep these aggregated rather than per-user.
3 · Who we share it with
We never sell your personal data. We do hand limited slices of it to service providers (“processors”) that the product depends on. Each one is named below with a one-line description of what they see. If any of this changes we’ll update this section and ask you to re-accept on the next launch.
• Supabase — stores your profile, portfolio, watchlist, notifications and waitlist signups; runs auth. • Finnhub — supplies live market quotes and company news; never receives your user data, only the tickers we look up. • Yahoo Finance — fallback chart and quote source; same no-user-data contract as Finnhub. • A third-party AI provider — powers the AI chat assistant. When you send a message in chat, the text you type and any tickers you reference are transmitted to the provider to generate the reply. This happens only when you ask a question in chat, and only after you agree to a one-time in-app consent prompt; we do not send your email, identity, or portfolio. The provider processes the request to return a response and does not use it to train its models. Please don’t include sensitive personal information in chat. • Apple, Google and X (Twitter) — sign-in providers; see only what their OAuth scopes require to mint a session. • Sentry and PostHog (pending) — crash reports + product analytics. Disabled until we explicitly wire them in; this section will be updated and a re-acceptance prompted before launch.
4 · Where it lives, how long we keep it
Your data is stored on Supabase’s managed Postgres infrastructure. We pick a single region per project; review the current region in the Supabase dashboard or contact us if you need to confirm.
We keep your data for as long as your account is active. When you delete your account from Settings → Delete my account, we immediately wipe your profile, portfolios, holdings, watchlist, notifications, and subscription-waitlist entries.
5 · Your rights
You can export your data at any time from Settings → Export my data. The export is a JSON document containing everything we hold about you in the public schema. You can copy it to your clipboard and save it wherever you want.
You can delete your account at any time from Settings → Delete my account. The deletion is permanent and we keep no backup copy of your personal data once the sweep completes. If you previously signed in with Apple, Google or X you may also want to revoke TickrAI’s access in those providers — see the in-app instructions at Settings → Delete my account.
If you’re in a jurisdiction with stronger data-protection rules (EU GDPR, UK DPA, California CCPA, Brazil LGPD), the rights you have under that law apply. Email yusufsevinir@gmail.com with the request and we’ll respond within 30 days.
6 · Children
TickrAI is not directed at children. We don’t knowingly accept accounts from anyone under 13 (or under 16 in jurisdictions where that’s the local minimum age for processing personal data without parental consent). If you believe a child has created an account, email yusufsevinir@gmail.com and we’ll delete it.
7 · Changes to this policy
We’ll update the “Last updated” date at the top of this page whenever we make a change. For material updates (new processors, new categories of data, a meaningful change to what happens on account deletion) we’ll show an in-app notice and ask you to re-accept before the new policy takes effect.
8 · Contact us
Questions, requests, or a heads-up about something we missed? Email yusufsevinir@gmail.com — a human reads every message.
Contact us at yusufsevinir@gmail.com