Privacy Policy

1. Introduction

StockHark ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website and services.

This policy is compliant with:

• GDPR (General Data Protection Regulation) - European Union
• CCPA (California Consumer Privacy Act) - United States
• PIPEDA (Personal Information Protection and Electronic Documents Act) - Canada
• PDPA (Personal Data Protection Act) - Singapore and other Asian jurisdictions

Key Point: We are transparent about what data we collect and how we use it. You have full control over your data and can delete your account at any time.

2. Information We Collect

2.1 Personal Information You Provide

When you create an account, we collect:

Security: Passwords are encrypted using bcrypt hashing. We NEVER store plaintext passwords or have access to your actual password.

2.2 Automatically Collected Information

When you use our Service, we automatically collect:

• Session Data: Login sessions stored in secure cookies (session ID only, no personal data in cookies)
• Server Logs: IP address, browser type, access times, pages viewed (stored temporarily for 30 days for security)
• Usage Analytics: Aggregated, anonymized metrics about feature usage (no individual tracking)

2.3 Third-Party Data We Collect

Publicly available data from external sources:

• Reddit Posts: Public posts and comments from Reddit (via Reddit API) - this data is already publicly available
• Stock Ticker Data: Public stock symbols from NASDAQ and AMEX exchanges
• Stock Prices: Public market data from financial APIs (e.g., Yahoo Finance)

Important: We do NOT collect private Reddit messages, non-public user data, or any information that is not publicly available.

3. How We Use Your Information

What We DON'T Do: We do NOT sell, rent, or trade your personal information to third parties. We do NOT use your data for targeted advertising. We do NOT share your email with marketers.

4. Data Storage and Security

4.1 Where We Store Your Data

• Database: PostgreSQL hosted on Railway (cloud infrastructure)
• Location: Data centers in the United States
• Encryption: All data is encrypted in transit (TLS/SSL) and at rest
• Backups: Automated daily backups with 30-day retention

4.2 Security Measures

• ✅ Password Hashing: Bcrypt with salt (industry-standard)
• ✅ Secure Sessions: HTTP-only cookies, session expiration
• ✅ HTTPS Enforcement: All traffic encrypted with TLS 1.3
• ✅ Database Security: Restricted access, connection pooling
• ✅ Regular Updates: Security patches applied promptly

4.3 Data Retention

5. Third-Party Services

We use the following third-party services:

These third parties have their own privacy policies. We ensure all partners comply with applicable data protection laws and use encryption for data transmission.

6. Your Privacy Rights

6.1 Rights for All Users

• ✅ Access: View your account data at any time in your account settings
• ✅ Update: Change your email or password in account settings
• ✅ Delete: Permanently delete your account and all associated data
• ✅ Opt-Out: Unsubscribe from email alerts at any time
• ✅ Export: Request a copy of your data (contact us)

6.2 GDPR Rights (EU/UK Users)

If you are in the European Union or United Kingdom, you have additional rights under GDPR:

• Right to Access: Request confirmation of data processing and a copy of your data
• Right to Rectification: Correct inaccurate personal data
• Right to Erasure ("Right to be Forgotten"): Delete your data under certain conditions
• Right to Restrict Processing: Limit how we process your data
• Right to Data Portability: Receive your data in a structured, machine-readable format
• Right to Object: Object to processing based on legitimate interests
• Right to Lodge a Complaint: File a complaint with your local data protection authority

6.3 CCPA Rights (California Users)

If you are a California resident, you have rights under CCPA:

• Right to Know: Request disclosure of data collected about you
• Right to Delete: Request deletion of your personal information
• Right to Opt-Out: We don't sell personal information, so no opt-out needed
• Right to Non-Discrimination: Equal service regardless of privacy choices

6.4 Rights in Other Jurisdictions

We honour the access, correction, deletion, and complaint rights granted by your local law, including:

• Canada (PIPEDA): right to access your personal information, challenge its accuracy, withdraw consent, and complain to the Office of the Privacy Commissioner of Canada;
• Australia (Privacy Act 1988, APPs): right to access and correct your personal information and to complain to the OAIC;
• India (DPDP Act 2023): right to access, correction, erasure, grievance redressal, and to nominate a representative;
• China (PIPL): right to access, copy, correct, and delete your personal information and to withdraw consent. Note: we are not established in China and do not target the Chinese market; if you use the Service from China, your data is processed outside China as described in Section 9.

Regardless of jurisdiction, every user can exercise every right listed in Section 6.1 — we do not gate rights by geography.

6.5 How to Exercise Your Rights

7. Cookies and Tracking

7.1 Cookies We Use

8. Children's Privacy and Minimum Age

StockHark requires all users to be at least 18 years old. The Service provides financial market information and is not directed at, intended for, or designed to attract children or minors in any jurisdiction. We do not knowingly collect personal information from anyone under 18, and we do not engage in tracking, behavioural monitoring, profiling, or targeted advertising directed at minors.

This 18-year minimum is set to satisfy the strictest applicable children's privacy regime worldwide, and therefore also satisfies, among others:

• United States (COPPA): protections for children under 13;
• EU/UK (GDPR Art. 8, "GDPR-K"): digital consent ages of 13 to 16 depending on member state;
• India (DPDP Act 2023): verifiable parental consent for anyone under 18, the strictest threshold globally;
• China (PIPL): personal information of minors under 14 treated as sensitive, requiring parental consent;
• Australia (Privacy Act 1988 and the Children's Online Privacy Code): enhanced consent requirements for minors;
• Canada (PIPEDA): meaningful-consent guidance treating minors' data as requiring heightened care.

If we discover that a person under 18 has provided us with personal information, we will delete the account and all associated data promptly. If you believe a minor has provided us with personal information, contact us at [email protected] and we will act on it as a priority.

9. International Data Transfers

If you access StockHark from outside the United States, your information will be transferred to, stored, and processed in the United States where our servers are located.

9.1 EU-US Data Transfers

For EU/UK users, we ensure appropriate safeguards:

• Standard Contractual Clauses (SCCs) with service providers
• Encryption during transit and at rest
• Compliance with GDPR requirements

By using our Service, you consent to the transfer of your information to the United States.

10. Data Breach Notification

In the unlikely event of a data breach that affects your personal information, we will:

• Notify affected users within 72 hours (as required by GDPR)
• Send an email to your registered email address
• Post a notice on our website
• Notify relevant data protection authorities as required by law
• Provide information about what data was affected and what steps you should take

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. When we make material changes:

• We will update the "Last Updated" date at the top of this policy
• We will post a notice on our website for 30 days
• For significant changes, we will send an email notification to registered users

Your continued use of the Service after changes constitutes acceptance of the updated Privacy Policy.

12. Contact Us

For privacy-related questions, data requests, or concerns, please contact us:

13. Data Protection Officer (DPO)

For GDPR-related inquiries, you can contact our Data Protection Officer: