Privacy Policy

Last Updated: December 12, 2025

1. Introduction

StockHark ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website and services.

This policy is compliant with:

  • GDPR (General Data Protection Regulation) - European Union
  • CCPA (California Consumer Privacy Act) - United States
  • PIPEDA (Personal Information Protection and Electronic Documents Act) - Canada
  • PDPA (Personal Data Protection Act) - Singapore and other Asian jurisdictions

Key Point: We are transparent about what data we collect and how we use it. You have full control over your data and can delete your account at any time.

2. Information We Collect

2.1 Personal Information You Provide

When you create an account, we collect:

Data Type What We Collect Purpose
Email Address Your email (required) Account identification, login, email alerts, password resets
Password Hashed password (bcrypt) Account security and authentication
Account Creation Date Timestamp of registration Account management, analytics
Email Preferences Alert opt-in status (true/false) Managing email alert subscriptions

Security: Passwords are encrypted using bcrypt hashing. We NEVER store plaintext passwords or have access to your actual password.

2.2 Automatically Collected Information

When you use our Service, we automatically collect:

  • Session Data: Login sessions stored in secure cookies (session ID only, no personal data in cookies)
  • Server Logs: IP address, browser type, access times, pages viewed (stored temporarily for 30 days for security)
  • Usage Analytics: Aggregated, anonymized metrics about feature usage (no individual tracking)

2.3 Third-Party Data We Collect

Publicly available data from external sources:

  • Reddit Posts: Public posts and comments from Reddit (via Reddit API) - this data is already publicly available
  • Stock Ticker Data: Public stock symbols from NASDAQ and AMEX exchanges
  • Stock Prices: Public market data from financial APIs (e.g., Yahoo Finance)

Important: We do NOT collect private Reddit messages, non-public user data, or any information that is not publicly available.

3. How We Use Your Information

Purpose Legal Basis (GDPR)
Account Authentication
Verify your identity when you log in		 Contractual necessity
Email Alerts (Optional)
Send stock trend notifications if you opt in		 Consent
Transactional Emails
Account setup, password resets, account changes		 Contractual necessity
Service Improvement
Analyze aggregated usage to improve features		 Legitimate interest
Security & Fraud Prevention
Protect against unauthorized access and abuse		 Legitimate interest
Legal Compliance
Comply with applicable laws and regulations		 Legal obligation

What We DON'T Do: We do NOT sell, rent, or trade your personal information to third parties. We do NOT use your data for targeted advertising. We do NOT share your email with marketers.

4. Data Storage and Security

4.1 Where We Store Your Data

  • Database: PostgreSQL hosted on Railway (cloud infrastructure)
  • Location: Data centers in the United States
  • Encryption: All data is encrypted in transit (TLS/SSL) and at rest
  • Backups: Automated daily backups with 30-day retention

4.2 Security Measures

  • Password Hashing: Bcrypt with salt (industry-standard)
  • Secure Sessions: HTTP-only cookies, session expiration
  • HTTPS Enforcement: All traffic encrypted with TLS 1.3
  • Database Security: Restricted access, connection pooling
  • Regular Updates: Security patches applied promptly

4.3 Data Retention

Data Type Retention Period
Active Account Data As long as your account exists
Pre-registration Email Links 24 hours (auto-deleted)
Server Logs (IP, access) 30 days
Deleted Account Data Immediately deleted (anonymized analytics retained)
Stock Mention Data (anonymized) Indefinitely (no personal info)

5. Third-Party Services

We use the following third-party services:

Service Purpose Data Shared
Railway
Hosting provider		 Application hosting, database All account and service data
Mailgun
Email service		 Send emails (alerts, transactional) Email address, email content
Reddit API
Data source		 Fetch public Reddit posts None (we only fetch public data)
Financial APIs
Stock data providers		 Get stock prices and ticker info None (public market data only)

These third parties have their own privacy policies. We ensure all partners comply with applicable data protection laws and use encryption for data transmission.

6. Your Privacy Rights

6.1 Rights for All Users

  • Access: View your account data at any time in your account settings
  • Update: Change your email or password in account settings
  • Delete: Permanently delete your account and all associated data
  • Opt-Out: Unsubscribe from email alerts at any time
  • Export: Request a copy of your data (contact us)

6.2 GDPR Rights (EU/UK Users)

If you are in the European Union or United Kingdom, you have additional rights under GDPR:

  • Right to Access: Request confirmation of data processing and a copy of your data
  • Right to Rectification: Correct inaccurate personal data
  • Right to Erasure ("Right to be Forgotten"): Delete your data under certain conditions
  • Right to Restrict Processing: Limit how we process your data
  • Right to Data Portability: Receive your data in a structured, machine-readable format
  • Right to Object: Object to processing based on legitimate interests
  • Right to Lodge a Complaint: File a complaint with your local data protection authority

6.3 CCPA Rights (California Users)

If you are a California resident, you have rights under CCPA:

  • Right to Know: Request disclosure of data collected about you
  • Right to Delete: Request deletion of your personal information
  • Right to Opt-Out: We don't sell personal information, so no opt-out needed
  • Right to Non-Discrimination: Equal service regardless of privacy choices

6.4 How to Exercise Your Rights

Self-Service Options:

For other requests: Email us at contact@stockhark.com with your request. We will respond within 30 days.

7. Cookies and Tracking

7.1 Cookies We Use

Cookie Type Purpose Duration
Session Cookie
(session=...)		 Keep you logged in (HTTP-only, secure) Until you log out
Flash Messages Display one-time messages after actions Single page view

8. Children's Privacy

StockHark is not intended for users under the age of 18. We do not knowingly collect personal information from children under 18.

If we discover that a child under 18 has provided us with personal information, we will delete it immediately. If you believe a child has provided us with personal information, please contact us at contact@stockhark.com.

9. International Data Transfers

If you access StockHark from outside the United States, your information will be transferred to, stored, and processed in the United States where our servers are located.

9.1 EU-US Data Transfers

For EU/UK users, we ensure appropriate safeguards:

  • Standard Contractual Clauses (SCCs) with service providers
  • Encryption during transit and at rest
  • Compliance with GDPR requirements

By using our Service, you consent to the transfer of your information to the United States.

10. Data Breach Notification

In the unlikely event of a data breach that affects your personal information, we will:

  • Notify affected users within 72 hours (as required by GDPR)
  • Send an email to your registered email address
  • Post a notice on our website
  • Notify relevant data protection authorities as required by law
  • Provide information about what data was affected and what steps you should take

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. When we make material changes:

  • We will update the "Last Updated" date at the top of this policy
  • We will post a notice on our website for 30 days
  • For significant changes, we will send an email notification to registered users

Your continued use of the Service after changes constitutes acceptance of the updated Privacy Policy.

12. Contact Us

For privacy-related questions, data requests, or concerns, please contact us:

Email: contact@stockhark.com

Subject Line: "Privacy Request" or "Data Request"

We will respond to all requests within 30 days.

13. Data Protection Officer (DPO)

For GDPR-related inquiries, you can contact our Data Protection Officer:

Email: contact@stockhark.com
Subject: "GDPR / DPO Request"

Your Privacy Matters to Us

We are committed to protecting your personal information and being transparent about our data practices. You have full control over your data.

Manage Your Data View Terms of Service