1ndexed Portfolio Analytics1ndexed Portfolio Analytics

Privacy Policy

1. Who We Are

1ndexed is an independent portfolio tracking application developed and operated by individual developers. We are committed to protecting your privacy and being transparent about how we collect, use, and protect your information.

Contact Information:

2. Information We Collect

2.1 Account Information

  • Google Account Data: When you sign in with Google, we receive your basic profile information (name, email address) to create and manage your account.

2.2 Portfolio Data

  • Transaction Information: Details of your investment transactions including asset identifiers (ISINs), amounts, dates, and transaction types (buy/sell/contribution/withdrawal).
  • Portfolio Preferences: Your allocation targets, goals, currency preferences, and display settings.
  • Usage Preferences: Language selection, theme preferences, and interface customizations.

2.3 Analytics and Usage Data

Only collected with your explicit consent

  • Behavioral Analytics: How you interact with our application, pages visited, features used, and time spent.
  • Session Recordings: Visual recordings of your interaction with our interface to help us improve usability (via Microsoft Clarity).
  • Performance Data: Technical performance metrics, errors, and user interface interactions.

2.4 Billing and Subscription Data

When you subscribe to a paid plan, we collect billing-related information:

  • Subscription Details: Your current plan (Free or Pro), subscription status, and billing period dates.
  • Payment Identifiers: A unique customer identifier created by our payment processor (Stripe) to manage your subscription.
  • Payment History: Records of subscription payments, including dates and amounts. Your payment card details are processed and stored exclusively by Stripe and are never stored on our servers.

3. How We Use Your Information

3.1 Core Service Provision

  • Portfolio Tracking: Calculate portfolio performance, analyze allocations, and track investment goals.
  • Account Management: Maintain your account, preferences, and provide customer support.
  • Service Improvement: Identify bugs, optimize performance, and enhance user experience.

3.2 Analytics (With Your Consent)

  • Usage Analysis: Understand how features are used to prioritize development efforts.
  • Performance Optimization: Identify and fix usability issues through session analysis.
  • Product Development: Make data-driven decisions about new features and improvements.

4. Legal Basis for Processing

  • Contract Performance: Processing portfolio data necessary to provide our investment tracking service.
  • Consent: Analytics and session recording data, which you can withdraw at any time.
  • Legitimate Interest: Essential service functionality, security, and basic error monitoring.

5. Data Sharing and Third Parties

We share your data only with essential service providers:

5.1 Analytics Providers (With Your Consent)

  • Microsoft Corporation (USA): Session recordings and heatmaps via Microsoft Clarity
    • Data: Website interactions, anonymized session recordings, user behavior patterns
    • Safeguards: EU-US Data Privacy Framework compliance

5.2 Authentication Provider

  • Google LLC (USA): Account authentication services
    • Data: Basic profile information for sign-in purposes
    • Safeguards: Google's GDPR compliance measures

5.3 Advertising Provider

  • A-Ads (Anonymous Ads): Privacy-focused advertising network
    • Data: A-Ads does not collect personal data or use tracking cookies for advertising purposes
    • Safeguards: Privacy-by-design approach with no user tracking or profiling

5.4 Payment Processor

  • Stripe, Inc. (USA): Payment processing for Pro subscriptions
    • Data: Payment card details (processed and stored by Stripe, never stored on our servers), email address, subscription status, and billing history
    • Safeguards: PCI DSS Level 1 certified, EU-US Data Privacy Framework compliance

6. Advertising

We display advertisements on our free tier to support the service. Pro subscribers enjoy an ad-free experience. For free-tier users, we use A-Ads, a privacy-focused advertising network:

6.1 Privacy-Focused Advertising

A-Ads (Anonymous Ads) is designed with privacy in mind:

  • No user tracking: A-Ads does not track users across websites
  • No advertising cookies: No cookies are used for ad targeting or personalization
  • No personal data collection: Your browsing behavior is not collected or analyzed
  • Contextual ads: Ads are served based on the website content, not your personal profile

6.2 What This Means for You

Because we use privacy-focused advertising:

  • All users see the same non-personalized advertisements
  • No advertising profiles are built based on your activity
  • No additional consent is required for advertising beyond essential cookies
  • Learn more about A-Ads privacy practices at https://a-ads.com/privacy_policy

7. International Data Transfers

Your data may be transferred to and processed in the United States by our third-party providers. These transfers are protected by:

  • EU-US Data Privacy Framework: Microsoft and Google comply with this framework approved by the European Commission.
  • Standard Contractual Clauses: Additional data protection agreements where applicable.

8. Data Retention

  • Account Data: Retained while your account is active and for 30 days after account deletion.
  • Portfolio Data: Retained while your account is active and for 30 days after account deletion to allow for account recovery.
  • Analytics Data:
    • Microsoft Clarity: Retained according to Microsoft's data retention policies
  • Subscription Data: Billing records and subscription history are retained while your account is active and for 30 days after account deletion. Stripe retains payment data according to its own retention policies and legal obligations.
  • Backups: May be retained for up to 90 days for disaster recovery purposes.

9. Your Rights Under GDPR

You have the following rights regarding your personal data:

  • Access: Request a copy of your personal data we hold.
  • Rectification: Request correction of inaccurate or incomplete data.
  • Erasure: Request deletion of your personal data ("right to be forgotten").
  • Portability: Request your data in a machine-readable format.
  • Restriction: Request limitation of processing in certain circumstances.
  • Objection: Object to processing based on legitimate interests.
  • Consent Withdrawal: Withdraw consent for analytics tracking at any time.

To exercise these rights, contact us at [email protected].

10. How We Protect Your Personal Information

We have implemented appropriate technical, physical, and organizational measures to protect your personal information from misuse or accidental, unlawful, or unauthorized destruction, loss, alteration, disclosure, acquisition, or access, as well as all other forms of unlawful processing. To achieve this, we have developed and implemented an Information Security Management System and other sub-policies and guidelines relating to the protection of your personal information. For example, our staff is permitted to access customer personal information only to the extent necessary to fulfill the applicable business purpose(s) and to perform their job, subject to confidentiality obligations.

11. Data Security

We implement appropriate technical and organizational measures to protect your data:

  • Encryption: All data in transit is encrypted with TLS. Sensitive personal data (email, name, payment identifiers, broker credentials) is encrypted at rest using AES-256-GCM.
  • Access Controls: Limited access to personal data on a need-to-know basis
  • Regular Monitoring: Ongoing security assessments and monitoring
  • Incident Response: Procedures for detecting and responding to data breaches

12. Cookies and Tracking

Our use of cookies and tracking technologies is detailed in our separate Cookie Policy. We use analytics cookies only with your explicit consent, which you can withdraw at any time through our consent banner or browser settings.

13. Children's Privacy

1ndexed is not intended for users under 16 years of age. We do not knowingly collect personal information from children under 16. If you become aware that a child has provided us with personal information, please contact us immediately.

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on our website and updating the "Last updated" date. Continued use of our service after changes constitutes acceptance of the updated policy.

15. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us at:

For data protection concerns within the EU, you also have the right to lodge a complaint with your local data protection authority.

We use analytics tools to understand how you interact with our website through behavioral metrics, heatmaps, and session replay to improve our products and services. This helps us provide you with a better experience.