Privacy Policy

1. Overview

fincomp (“we”, “us”, “our”) operates the website at finance.georgedoesthethings.com. This Privacy Policy explains how we collect, use, and protect your personal information when you use our Service. By using fincomp you consent to the data practices described here.

2. Information We Collect

2.1 Account Information

When you register, we collect:

• Email address (used as your login identifier)
• Hashed password (we never store plaintext passwords)
• Account creation timestamp

2.2 Usage Data

• Watchlist symbols you track
• Portfolio holdings and transactions you enter
• Price alerts you configure
• Onboarding preferences

2.3 Technical Data

• IP address (used for rate-limiting and security purposes only)
• Browser and device type (from standard HTTP headers)
• Access logs (request path, timestamp, response code)

3. How We Use Your Information

• To provide, operate, and maintain the Service
• To authenticate you and keep your account secure
• To send multi-factor authentication (MFA) verification codes to your email when you enable MFA
• To personalise your experience (watchlist, portfolio, alerts)
• To monitor and prevent abuse, fraud, and unauthorised access
• To improve and develop new features

We do not sell, rent, or share your personal information with third parties for marketing purposes.

4. Third-Party Data Sources

fincomp fetches publicly available market data from third-party providers (Yahoo Finance, Alpha Vantage). No personal data about you is sent to these providers. Only stock ticker symbols are included in API requests.

5. Email Communications

We send transactional emails only — specifically, MFA verification codes when you log in with two-factor authentication enabled. We do not send marketing emails. Transactional emails are delivered via Brevo (Sendinblue) SMTP relay. Your email address is transmitted to Brevo solely for the purpose of delivery.

6. Data Storage & Security

Your data is stored in a PostgreSQL database secured with industry-standard access controls. Passwords are stored as bcrypt hashes. JWTs are signed with a secret key and expire within 24 hours (access tokens) or 7 days (refresh tokens).

While we implement appropriate technical and organisational measures to protect your data, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.

7. Cookies & Local Storage

fincomp uses browser localStorage to store your authentication token and theme preference locally on your device. We do not use third-party tracking cookies or analytics SDKs.

8. Data Retention

We retain your account data for as long as your account exists. You may request deletion of your account and associated data at any time by contacting us at legal@georgedoesthethings.com. Log data is retained for a maximum of 30 days.

9. Your Rights

Depending on your jurisdiction, you may have the right to:

• Access the personal data we hold about you
• Request correction of inaccurate data
• Request deletion of your data (“right to be forgotten”)
• Object to or restrict certain processing
• Data portability

To exercise these rights, contact legal@georgedoesthethings.com.

10. Children's Privacy

fincomp is not directed at children under 13. We do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected such information, contact us immediately.

11. Changes to This Policy

We may update this Privacy Policy periodically. Changes will be posted on this page with an updated effective date. Continued use of the Service after changes constitutes your acceptance of the revised Policy.

12. Contact

Questions or concerns about this policy? Contact us at legal@georgedoesthethings.com.