Privacy Policy
Your privacy is fundamental to how we built StackerScan.
Last updated: October 5, 2025
StackerScan is designed with privacy at its core. We understand that precious metals ownership is sensitive financial information, and we've built our platform to give you complete control over your data.
Key Privacy Features:
- Optional anonymous username accounts
- Ability to opt out of receipt storage on our servers
- Complete account deletion at any time
- End-to-end encryption for all data
- Any sensitive personal information from receipts such as addresses, phone numbers, or email addresses—is automatically excluded from processing and is not retained in any of our database systems
We use strictly necessary cookies to operate the site. With your consent, we also use non‑essential cookies for analytics and certain functional features. We show a consent banner globally until you make a choice. Non‑essential cookies are off by default and Global Privacy Control / Do‑Not‑Track signals are respected. You can change your preference anytime from “Cookie Settings” (available on the Home and Privacy pages).
Categories
- Strictly necessary: Required for core functionality (authentication/session). Always on.
- Analytics: Helps us understand usage. Vendor: Vercel Analytics & Speed Insights.
- Functional (security): Device recognition for login tracking and account integrity. If disabled, the Device Sessions section is hidden on your profile and device recognition is turned off.
Your Choices
- Use the banner (shown globally until you choose) or “Cookie Settings” to accept, reject, or customize non‑essential cookies.
- Global Privacy Control / Do‑Not‑Track signals are respected by default (non‑essential remain disabled unless you opt in).
- Consent choices are stored for 12 months and can be changed anytime.
Account Information
- Email address (optional — you can use anonymous username)
- Username (if chosen over email)
- Encrypted password hash
Portfolio Data
- Precious metals transaction details (encrypted)
- Receipt images (optional — can be disabled)
- Portfolio preferences and settings
Usage Information
- Login timestamps
- Feature usage analytics (anonymized)
- Error logs for troubleshooting
How We Use Your Information
- •Portfolio Tracking: To track and display your precious metals holdings, calculate values, and provide performance analytics.
- •Receipt Processing: To extract transaction data from uploaded receipts using AI (processing happens securely, and original receipts can be deleted).
- •Account Security: To authenticate your access and protect your account from unauthorized use.
- •Service Improvement: Anonymized usage data and precious metal receipts allow us to understand which features are most valuable, where to focus development, and improveme scanning accuracy.
- •Customer Support: To respond to your inquiries and provide assistance when needed.
We Never
- ✕Sell or share your personal information with third parties
- ✕Use your portfolio data for marketing purposes
- ✕Store unencrypted sensitive financial information
- ✕Share your precious metals holdings with anyone
- ✕Require real identity verification for basic features
Encryption
All sensitive data is encrypted using industry-standard AES-256 encryption at rest and TLS 1.3 for data in transit.
Data Location
Your data is stored in secure, SOC 2 compliant data centers. We use redundant backups to ensure your portfolio information is never lost, while maintaining strict access controls.
Access Controls
Only essential personnel have access to production systems, and all access is logged and audited. We use multi-factor authentication and principle of least privilege for all internal access.
You have the right to:
- Access all data we have about you
- Export your portfolio data in standard formats
- Delete your account and all associated data
- Opt out of receipt storage on our servers
- Use the service with an anonymous username
Data Deletion
When you delete your account, all your personal information, portfolio data, and uploaded receipts are permanently removed from our servers within 48 hours. This action is irreversible.
We use minimal third-party services to provide our service:
Essential Services
- Stripe: Payment processing (we never see your card details)
- Azure: Cloud infrastructure for receipt processing
- Anthropic & OpenAI: AI receipt processing
- Supabase: Authentication and database services
These services are carefully selected for their strong privacy practices and compliance with data protection regulations. We share only the minimum necessary information with these providers.
When you sign in with Google, StackerScan requests only the non-sensitive scopes: openid, email, and profile. We use this limited data solely to:
- Authenticate your account and keep you signed in.
- Display your Google profile name and profile image inside your account.
- Store your primary Google email address for login and essential account communication.
We do not request or access any other Google data, and we never use your Google information for advertising, marketing, or data mining. Your profile image and email are stored securely with the rest of your account details and are deleted if you remove your account or disconnect Google sign-in.
You can revoke StackerScan’s access at any time from your Google Account permissions page or you may utilize the Delete My Data feature to delete all of your account data including the stored Google-derived data.
Our handling of Google user data complies with Google’s Limited Use requirements; your information is never shared with third parties except as necessary to provide the StackerScan service as described in this policy.
- Active Accounts: Your data is retained as long as your account is active.
- Deleted Accounts: All data is permanently removed within 48 hours of deletion request.
- Receipts: If you opt out of server storage, receipts are deleted immediately after processing.
If you have any questions about this Privacy Policy or how we handle your data, please don't hesitate to contact us:
This privacy policy is effective as of October 5, 2025 and will remain in effect except with respect to any changes in its provisions in the future, which will be in effect immediately after being posted on this page. We reserve the right to update or change our Privacy Policy at any time, and you should check this Privacy Policy periodically.