Privacy Policy

Last updated: May 2025 · Effective immediately

Stack ("we", "our", "us") is operated by Amar, trading as Stack (teamstackapp@gmail.com). We are committed to protecting your personal data and complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

This policy explains what data we collect, why we collect it, and your rights regarding that data.

1. Who we are

Data Controller: Amar, trading as Stack
Contact: teamstackapp@gmail.com
Website: mystack.finance

2. What data we collect

We collect only the data necessary to provide the Stack service:

Account data — your email address and encrypted password, used to authenticate you.
Financial positions — asset names, types, values, and broker names that you manually enter or import. This data is stored securely in your personal account.
Financial goals — the goals and target amounts you set across your 1, 3, 5, and 10 year horizons.
Inherited amount — if you choose to provide it, to calculate your Stack Earned score. This is optional and never shared.
Bank connection data — when you connect a bank account via Open Banking, we receive read-only access to account balances. We never see or store your banking credentials. Access tokens are processed securely and not stored longer than necessary.

3. How we use your data

We use your data solely to:

Provide and personalise the Stack service
Generate AI-powered insights about your portfolio (processed via Anthropic's API — see section 6)
Calculate your position within anonymous community benchmarks
Send you service-related communications (account security, product updates)

We do not sell your personal data. We do not use your data for advertising purposes.

4. Legal basis for processing

Contract performance — processing necessary to deliver the Stack service you signed up for.
Legitimate interests — improving our service, preventing fraud, and ensuring security.
Consent — for optional features such as bank connections via Open Banking.

5. Data storage and security

Your data is stored securely using Supabase (hosted in the EU — Ireland region), which provides industry-standard encryption at rest and in transit. All connections to Stack use HTTPS/TLS encryption.

We implement appropriate technical and organisational measures to protect your data against unauthorised access, loss, or disclosure.

6. Third-party services

Stack uses the following third-party services to operate:

Supabase — database and authentication. Data stored in EU (Ireland). Privacy policy →
Anthropic — AI-powered portfolio insights. Your portfolio data is sent to Anthropic's API to generate insights. Anthropic does not use your data to train their models. Privacy policy →
TrueLayer — Open Banking connections (UK). FCA-authorised. Your banking credentials are never shared with Stack. Privacy policy →
Vercel — hosting and infrastructure. Privacy policy →

7. Community benchmarks and anonymisation

Stack's community features (cohort ranking, "Moves" data) use aggregated and anonymised data only. No individual user's data is ever displayed to other users. Aggregated statistics require a minimum group size before being displayed, ensuring no individual can be identified.

8. Data retention

We retain your data for as long as your account is active. If you delete your account, we will delete your personal data within 30 days, except where we are legally required to retain it.

9. Your rights under UK GDPR

You have the following rights regarding your personal data:

Right of access — request a copy of the data we hold about you
Right to rectification — correct inaccurate data
Right to erasure — request deletion of your data ("right to be forgotten")
Right to portability — receive your data in a machine-readable format
Right to object — object to processing based on legitimate interests
Right to restrict processing — request we limit how we use your data

To exercise any of these rights, contact us at teamstackapp@gmail.com. We will respond within 30 days.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

10. Cookies

Stack uses only strictly necessary cookies required for authentication and session management. We do not use tracking cookies, advertising cookies, or analytics cookies. No cookie consent banner is required for strictly necessary cookies.

11. Changes to this policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or via the app. The "last updated" date at the top of this page will always reflect the most recent version.

12. Contact us

If you have any questions about this Privacy Policy or how we handle your data, please contact us at teamstackapp@gmail.com.