Privacy Policy
Last updated: April 2026
This Privacy Policy describes how InvestorMind collects, uses, stores and protects your personal data, in accordance with the General Data Protection Regulation (GDPR — EU Regulation 2016/679) and applicable Romanian law. By using the service, you agree to the practices described here.
1. Data We Collect
We collect the following categories of data: • Identity data: first name, last name, email address (provided at registration or via Google OAuth). • Portfolio data: asset symbols, quantities, prices and investment targets you enter manually. • Usage data: IP address, browser type, pages visited and session duration (collected via PostHog analytics). • Technical data: cookies required for authentication and session management.
2. How We Use Your Data
Your data is used exclusively for: (a) providing and improving the InvestorMind service, (b) session authentication and account security, (c) sending transactional emails (email verification, password reset, alerts you configure), and (d) aggregated and anonymised usage pattern analysis to improve the platform. We never sell, rent or share your personal data with third parties for marketing purposes.
3. Data Storage & Processors
Your data is stored securely in cloud infrastructure provided by Supabase (PostgreSQL database, hosted on AWS infrastructure in the EU). Usage analytics are processed by PostHog (EU region). Transactional emails are handled by SendGrid/Mailtrap. All third-party processors are GDPR-compliant and operate under Data Processing Agreements. We retain your data for as long as your account is active. You may request deletion at any time.
4. Cookies & Tracking
InvestorMind uses two categories of cookies: • Essential cookies: required for authentication (HttpOnly session token) and cannot be refused without preventing login. • Analytics cookies: PostHog session analytics, used to understand feature usage. These are optional and are only loaded after you explicitly accept analytics cookies via our cookie banner.
5. Your GDPR Rights
As an EU data subject, you have the following rights: • Right of access: request a copy of all data we hold about you. • Right to rectification: correct inaccurate data. • Right to erasure (Art. 17): permanently delete your account and all associated data. You can exercise this right directly from Settings → Profile → Delete Account. • Right to restriction: limit how we process your data. • Right to data portability: receive your data in a machine-readable format. • Right to object: object to processing based on legitimate interest. To exercise any of these rights, contact us at: privacy@investormind.app
6. Data Controller & Contact
The data controller responsible for your personal data is the InvestorMind operator. For any privacy questions, data subject requests or concerns, contact us at: privacy@investormind.app. We will respond to all requests within 30 days as required by GDPR.
7. Policy Updates
We may update this Privacy Policy to reflect changes in our practices or applicable law. When we make material changes, we will notify you via email or an in-app notice. Continued use of the service after the effective date of changes constitutes acceptance of the updated policy.