Skip to main content

Privacy Policy

Effective Date: October 2, 2025

Data Controller: Alexandre Bianchi, Rue de l’Ecluse 66A, 2000 Neuchâtel, Switzerland

Contact: privacy@stockaj.io

Services Covered: the website stockaj.io and any web or mobile application linking to this Policy (“Services”).

1) Purpose & Identity

This Policy explains how Stockaj (“we”, “our”, “us”) collects, uses, shares, and protects personal data within the Services and outlines your rights under the Swiss nFADP, the EU/UK GDPR, and other applicable privacy laws. In case of conflict, Swiss law prevails except where foreign mandatory provisions are more protective.

2) Categories of Data Processed

  • Account & Profile: name, email, user ID, hashed password (bcrypt/argon2id or equivalent), optional phone number.
  • Usage & Device: IP address, device ID, OS/browser type & version, language, visited pages, actions, referrer/exit pages, logs and diagnostics (retained ≤ 12 months).
  • Billing & Transactions (if applicable): plan details, invoices, payment status, timestamps. Payment card data is processed only by Stripe.
  • Communications: emails and support messages, newsletter preferences (opt-in).
  • User Content: files, notes, or other content uploaded to the Services.
  • Cookies / Trackers: identifiers and telemetry from cookies or similar technologies (see Section 8).

Sensitive Data: we do not intentionally collect special categories of data. Please do not upload such information.

3) Sources

  • Directly from you (sign-up, usage, support, newsletter).
  • Automatically from your device (cookies, SDK, logs).
  • From service providers strictly necessary to operate, secure and improve the Services (see Section 9).

4) Purposes & Legal Bases (EU/UK GDPR)

PurposeLegal Basis
Provide and support ServicesContract
Security and fraud preventionLegitimate interests / Legal obligation
Analytics and product improvementLegitimate interests (right to object)
Service communicationsLegitimate interests / Contract
Transactional emails via MailgunLegitimate interests / Contract
Newsletters via MailchimpConsent (withdrawable any time)
Billing and accounting via StripeContract / Legal obligation
Compliance and defense of rightsLegal obligation / Legitimate interests
Vital interests (emergency cases)Vital interests

Withdrawing consent does not affect lawfulness of processing before withdrawal.

5) Children

We do not knowingly collect data from children under 16 (or lower age as defined by local law). Please contact us to delete such data.

6) Your Choices

  • Cookies: manage them via browser settings or our cookie banner/preferences center.
  • Marketing: unsubscribe any time via email link or privacy@stockaj.io.
  • Account: request access, rectification, erasure, restriction, portability, or objection (see Section 12). Certain requests (e.g., erasure) may lead to account deletion.

7) Retention

  • Account & content: kept for the life of the account; upon verified request, deleted or irreversibly anonymized within 30 days (backups may take longer).
  • Logs & security: retained for ≤ 12 months.
  • Accounting records: retained as required by Swiss law. Data may be retained longer to defend legal claims.

8) Cookies & Similar Technologies

  • Essential (authentication, security, session).
  • Analytics (e.g., Google Analytics 4).
  • Email tracking limited to delivery/open rates (Mailgun/Mailchimp).

Blocking cookies may impact certain features. See our Cookie Policy for details.

9) Sharing & Recipients

We do not sell personal data. We share only with the following processors under binding contracts and appropriate safeguards:

ProviderPurposeLocationPolicy
StripePayments & billingEU/USstripe.com/privacy
MailgunTransactional emailsEU/USmailgun.com/privacy-policy
MailchimpNewslettersEU/USmailchimp.com/legal/privacy
Google AnalyticsAnalyticsEU/USpolicies.google.com/privacy
SentryMonitoring & performanceEU/USsentry.io/privacy

Additional recipients: hosting/CDN providers, professional advisers (legal/accounting), public authorities (if required by law), and corporate transactions (with notice and adequate safeguards).

10) International Transfers

When transferring data outside Switzerland/EEA/UK, we use either adequacy decisions or the EU Standard Contractual Clauses (2021/914) with supplementary measures where needed.

11) Security

We apply administrative, technical, and organizational measures appropriate to risk (encryption in transit, hashed passwords, access control, least privilege, monitoring). Internal/external security reviews may be performed periodically. No system is 100% secure.

12) Your Rights (EU/UK/CH) & How to Exercise

You may request access, rectification, erasure, restriction, portability, objection (for legitimate-interest processing) and withdraw consent at any time.

Requests → privacy@stockaj.io (ID verification may be required).

Complaints may be lodged with:

  • EU/EEA: your national Data Protection Authority;
  • UK: Information Commissioner’s Office (ICO);
  • Switzerland: Federal Data Protection and Information Commissioner (FDPIC).

13) Do Not Track & GPC

We do not respond to browser DNT signals due to lack of standardization. We honor Global Privacy Control (GPC) signals where our cookie banner supports them.

14) Automated Decisions

We do not use automated decision-making that produces legal or similarly significant effects.

15) U.S. Privacy Rights (Summary)

  • California (CPRA): rights of access, deletion, correction, and opt-out of data sharing. We do not sell personal information.
  • Virginia (CDPA): rights of access, correction, deletion, portability, and opt-out of targeted advertising/profiling. Requests: privacy@stockaj.io.

16) Changes

We may update this Policy; the “Effective Date” will be revised accordingly. If material changes occur, we will post a notice. Continued use of the Services constitutes acceptance.

17) Contact

Email: contact@stockaj.io / privacy@stockaj.io

Address: Alexandre Bianchi, Rue de l’Ecluse 66A, 2000 Neuchâtel, Switzerland