Privacy Policy - FolioForecast

1. Overview

FolioForecast ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our portfolio optimization service at www.folioforecast.com (the "Service").

By using the Service, you consent to the data practices described in this Privacy Policy. If you do not agree with our policies, please do not use the Service.

Our Commitment: We collect only the data necessary to provide the Service. We do not sell personal information that directly identifies you. However, we may sell, license, or share aggregated, anonymized, or de-identified data — including portfolio weights, optimization results, and usage trends — with third parties. See Section 4 for details.

2. Information We Collect

2.1 Information You Provide

Data Type	Examples	Purpose
Account Information	Email address, username	Account creation, authentication, communication
Portfolio Data	Ticker symbols, weights, constraints, saved portfolios	Providing optimization services, saving your work
Budget & Financial Data	Income, expenses, savings rates, transaction descriptions (via CSV import), retirement planning inputs	Budget tracking, retirement planning, financial analysis
Payment Information	Processed by Stripe (we do not store card numbers)	Processing subscription payments
Agreement Records	Acceptance of Terms/Disclaimer, timestamps, IP addresses	Legal compliance, audit trail
Communications	Support emails, feedback	Customer support, service improvement

2.2 Information Collected Automatically

Data Type	Examples	Purpose
Usage Data	Features used, optimization methods selected, pages visited	Service improvement, analytics
Device Information	Browser type, operating system, device type	Compatibility, debugging
Log Data	IP address, access times, referring URLs	Security, fraud prevention

2.3 Information We Do NOT Collect

Brokerage account credentials or access
Social Security numbers or government IDs
Credit card numbers (handled by Stripe)

3. How We Use Your Information

We use collected information for the following purposes:

Provide the Service: Run optimizations, save portfolios, display analytics
Account Management: Create and manage your account, process subscriptions
Communication: Send service updates, respond to inquiries, provide support
Improvement: Analyze usage patterns to improve features and user experience
Security: Detect and prevent fraud, abuse, and security threats
Legal Compliance: Comply with applicable laws and regulations, maintain agreement records

Note: We do not use your portfolio data to make investment decisions on your behalf or provide personalized investment recommendations to other users. We may use aggregated, de-identified portfolio data for commercial purposes as described in Section 4.2.

4. Information Sharing

We do not sell personal information that directly identifies you (such as your name, email, or account credentials). We do sell, license, and share certain aggregated and de-identified data as described below.

4.1 Service Providers

We share data with trusted third-party providers who assist in operating our Service:

Clerk: Authentication and user management
Stripe: Payment processing
DigitalOcean: Cloud hosting infrastructure
EODHD: Market data provider (we send ticker requests, not your personal data)

4.2 Aggregated, Anonymized & De-identified Data

Important: We sell, license, and share aggregated, anonymized, or de-identified data derived from your use of the Service. This data does not directly identify you. Examples include but are not limited to:

Portfolio Weights & Allocations: User-generated or optimization-generated asset allocation weights, sector exposures, and portfolio compositions
Optimization Results: Output data from optimization runs, including risk/return metrics, efficient frontier data points, and constraint parameters
Portfolio Rankings Data: Aggregated performance metrics, asset allocations, and optimization results from public portfolios
Market Trends & Behavioral Data: Anonymized data about popular assets, allocation strategies, optimization preferences, and user-selected constraints
Research & Statistical Data: Statistical analysis of portfolio performance, allocation patterns, and strategy effectiveness across our user base
API Access: Third-party websites, financial institutions, research firms, and data vendors may purchase access to any of the above data categories via API or data feeds

We may sell or license this data to any third party for any lawful purpose, including but not limited to financial research, product development, academic analysis, market intelligence, and commercial resale. This aggregated data cannot reasonably be used to identify you personally. Your username may be visible in public rankings only if you opt in to that feature.

4.4 Legal Requirements

We may disclose information if required by law, subpoena, court order, or government request, or to protect our rights, safety, or property.

4.5 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity.

4.6 Public Rankings (Optional)

If you submit a portfolio to our public rankings feature, the following may be visible to other users and third-party partners:

Your username (or anonymous identifier if you choose)
Portfolio performance metrics
Portfolio allocations and asset weights
Optimization method used

Participation in rankings is optional. By submitting to public rankings, you consent to this data being shared publicly and with our data partners.

5. Data Storage & Security

5.1 Storage Location

Your data is stored on secure servers provided by DigitalOcean, located in the United States. Market data is sourced from EODHD and cached in our database.

5.2 Security Measures

We implement industry-standard security measures including:

HTTPS encryption for all data transmission
Secure authentication via Clerk
Database encryption at rest
Regular security updates and monitoring
Access controls and audit logging

5.3 Data Retention

Account Data: Retained while your account is active, deleted within 30 days of account deletion request
Portfolio Data: Retained while your account is active
Agreement Records: Retained indefinitely for legal compliance
Usage Logs: Retained for up to 12 months
Payment Records: Retained as required by tax and accounting regulations

Important: While we implement robust security measures, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security of your data.

6. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

6.1 Access & Portability

You can request a copy of your personal data in a portable format by contacting us.

6.2 Correction

You can update your account information through your account settings or by contacting us.

6.3 Deletion

You can request deletion of your account and associated data. To delete your account, contact us at [email protected]. We will process deletion requests within 30 days. Note: Agreement records may be retained for legal compliance.

6.4 Opt-Out

You can opt out of marketing communications by clicking "unsubscribe" in any email or adjusting your account preferences.

6.5 California Residents (CCPA)

California residents have additional rights under the California Consumer Privacy Act:

Right to know what personal information is collected
Right to delete personal information
Right to opt-out of sale of personal information (we do not sell information that directly identifies you; we do sell aggregated, de-identified data as described in Section 4.2)
Right to non-discrimination for exercising your rights

6.6 European Users (GDPR)

If you are in the European Economic Area, you have additional rights under GDPR:

Right to access, rectify, or erase your data
Right to restrict or object to processing
Right to data portability
Right to withdraw consent
Right to lodge a complaint with a supervisory authority

Our legal basis for processing is: contract performance (to provide the Service), legitimate interests (analytics, security), and consent (marketing communications).

7. Cookies & Tracking

7.1 Cookies We Use

Cookie Type	Purpose	Duration
Essential	Authentication, security, preferences, agreement tracking	Session / 30 days
Analytics	Usage statistics, feature popularity	Up to 2 years

7.2 Managing Cookies

You can control cookies through:

Browser settings: Most browsers allow you to block or delete cookies

Note: Disabling essential cookies may affect Service functionality.

7.4 Do Not Track

We currently do not respond to Do Not Track browser signals, as there is no industry standard for compliance.

8. Third-Party Services

Our Service integrates with third-party services that have their own privacy policies:

Clerk (Authentication): Privacy Policy
Stripe (Payments): Privacy Policy
EODHD (Market Data): Privacy Policy

We encourage you to review their privacy policies. We are not responsible for the privacy practices of third-party services.

9. Children's Privacy

The Service is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If we learn we have collected data from a child under 18, we will delete it promptly. If you believe a child has provided us with personal information, please contact us.

10. International Users

The Service is operated in the United States. If you access the Service from outside the United States, your information will be transferred to and processed in the United States, where data protection laws may differ from those in your jurisdiction.

By using the Service, you consent to the transfer of your information to the United States and the processing of your information in accordance with this Privacy Policy.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

Posting the updated policy on the Service
Updating the "Effective Date" at the top
Sending email notification for significant changes (if you have an account)

We encourage you to review this Privacy Policy periodically. Continued use of the Service after changes constitutes acceptance of the updated policy.

12. Contact Us

If you have questions about this Privacy Policy or wish to exercise your rights, please contact us:

Email: [email protected]
Support: [email protected]
Website: www.folioforecast.com

We will respond to your inquiry within 30 days.