StackerScan

Privacy Policy

Your privacy is fundamental to how we built StackerScan.

Last updated: October 5, 2025

Our Privacy Commitment

StackerScan is designed with privacy at its core. We understand that precious metals ownership is sensitive financial information, and we've built our platform to give you complete control over your data.

Key Privacy Features:

  • Optional anonymous username accounts
  • Ability to opt out of receipt storage on our servers
  • Complete account deletion at any time
  • End-to-end encryption for all data
  • Any sensitive personal information from receipts such as addresses, phone numbers, or email addresses—is automatically excluded from processing and is not retained in any of our database systems
Cookies & Consent

We use strictly necessary cookies to operate the site. With your consent, we also use non‑essential cookies for analytics and certain functional features. We show a consent banner globally until you make a choice. Non‑essential cookies are off by default and Global Privacy Control / Do‑Not‑Track signals are respected. You can change your preference anytime from “Cookie Settings” (available on the Home and Privacy pages).

Categories

  • Strictly necessary: Required for core functionality (authentication/session). Always on.
  • Analytics: Helps us understand usage. Vendor: Vercel Analytics.
  • Functional (security): Device recognition for login tracking and account integrity. If disabled, the Device Sessions section is hidden on your profile and device recognition is turned off.

Your Choices

  • Use the banner (shown globally until you choose) or “Cookie Settings” to accept, reject, or customize non‑essential cookies.
  • Global Privacy Control / Do‑Not‑Track signals are respected by default (non‑essential remain disabled unless you opt in).
  • Consent choices are stored for 12 months and can be changed anytime.

Your Choices: Communications

  • Essential communications (for example, security alerts, incident notices, service changes) are required to provide StackerScan and cannot be turned off while you maintain an account.
  • Non‑essential product updates (for example, new features or tips) are optional, include an unsubscribe link, and can be managed anytime inside the app.
  • If you use StackerScan without an email (anonymous username), we surface essential notices in‑app whenever possible.
Information We Collect

Account Information

  • Email address (optional — you can use anonymous username). If you provide an email address, we use it for authentication and essential service communications (for example, incident notices, security alerts, and important updates about your account).
  • Username (if chosen over email)
  • Encrypted password hash

Portfolio Data

  • Precious metals transaction details (encrypted)
  • Receipt images (optional — can be disabled)
  • Portfolio preferences and settings

Usage Information

  • Login timestamps
  • Feature usage analytics (anonymized)
  • Error logs for troubleshooting

How We Use Your Information

  • Portfolio Tracking: To track and display your precious metals holdings, calculate values, and provide performance analytics.
  • Receipt Processing: To extract transaction data from uploaded receipts using AI (processing happens securely, and original receipts can be deleted).
  • Account Security: To authenticate your access and protect your account from unauthorized use.
  • Service Improvement: Anonymized usage data and precious metal receipts allow us to understand which features are most valuable, where to focus development, and improve scanning accuracy.
  • Customer Support: To respond to your inquiries and provide assistance when needed.
  • Service & Transactional Communications: We use your contact details (for example, your email address) to send non‑marketing, service-related messages, including:
    • Incident and error notifications that may have affected your account or recent activity
    • Fixes, reliability updates, security alerts, and important changes to the service
    • Account, billing, or policy updates required to run the service

    These are considered essential communications for providing StackerScan and cannot be opted out of while you use the service. You can still opt out of non‑essential product updates; see “Your Choices”.

  • Product Updates (non‑essential): With your preferences respected, we may also send non‑essential product updates (for example, new features or tips). You can opt out of these at any time without affecting your access to StackerScan.

Legal Bases for Processing (EEA/UK)

  • Performance of a contract (Art. 6(1)(b)): To create and maintain your account, authenticate you, process receipts, and send essential service communications.
  • Legitimate interests (Art. 6(1)(f)): To monitor reliability, maintain security, notify you of incidents or fixes related to your use of StackerScan, and improve the service.
  • Consent (Art. 6(1)(a)): For non‑essential cookies/analytics and non‑essential product update emails where required. You can withdraw consent at any time.

We Never

  • Sell or share your personal information with third parties
  • Use your portfolio data for marketing purposes
  • Store unencrypted sensitive financial information
  • Share your precious metals holdings with anyone
  • Require real identity verification for basic features
Data Storage & Security

Encryption

All sensitive data is encrypted using industry-standard AES-256 encryption at rest and TLS 1.3 for data in transit.

Data Location

Your data is stored in secure, SOC 2 compliant data centers. We use redundant backups to ensure your portfolio information is never lost, while maintaining strict access controls.

Access Controls

Only essential personnel have access to production systems, and all access is logged and audited. We use multi-factor authentication and principle of least privilege for all internal access.

Your Rights & Controls

You have the right to:

  • Access all data we have about you
  • Export your portfolio data in standard formats
  • Delete your account and all associated data
  • Opt out of receipt storage on our servers
  • Use the service with an anonymous username

Data Deletion

When you delete your account, all your personal information, portfolio data, and uploaded receipts are permanently removed from our servers within 48 hours. This action is irreversible.

Third-Party Services

We use minimal third-party services to provide our service:

Essential Services

  • Stripe: Payment processing (we never see your card details)
  • Azure: Cloud infrastructure for receipt processing
  • Anthropic & OpenAI: AI receipt processing
  • Supabase: Authentication and database services
  • Email delivery provider(s): Transactional email delivery for account and service communications. We share only the minimum necessary information (such as your email address and the relevant message content) to deliver these messages.

These services are carefully selected for their strong privacy practices and compliance with data protection regulations. We share only the minimum necessary information with these providers.

Google User Data

When you sign in with Google, StackerScan requests only the non-sensitive scopes: openid, email, and profile. We use this limited data solely to:

  • Authenticate your account and keep you signed in.
  • Display your Google profile name and profile image inside your account.
  • Store your primary Google email address for login and essential account communication.“Essential account communication” includes service notices, incident updates, security alerts, and other transactional messages required to operate StackerScan.

We do not request or access any other Google data, and we never use your Google information for advertising, marketing, or data mining. Your profile image and email are stored securely with the rest of your account details and are deleted if you remove your account or disconnect Google sign-in.

You can revoke StackerScan’s access at any time from your Google Account permissions page or you may utilize the Delete My Data feature to delete all of your account data including the stored Google-derived data.

Our handling of Google user data complies with Google’s Limited Use requirements; your information is never shared with third parties except as necessary to provide the StackerScan service as described in this policy.

Data Retention
  • Active Accounts: Your data is retained as long as your account is active.
  • Deleted Accounts: All data is permanently removed within 48 hours of deletion request.
  • Receipts: If you opt out of server storage, receipts are deleted immediately after processing.
  • Service communication logs: Delivery metadata for essential and transactional messages (for example, delivery status) is retained for up to 24 months to investigate delivery issues, meet record-keeping obligations, and improve reliability, after which it is deleted or anonymized.
Contact Us

If you have any questions about this Privacy Policy or how we handle your data, please don't hesitate to contact us:

Privacy Inquiries

Email: support@stackerscan.com

Response time: 24-48 hours

This privacy policy is effective as of October 5, 2025 and will remain in effect except with respect to any changes in its provisions in the future, which will be in effect immediately after being posted on this page. We reserve the right to update or change our Privacy Policy at any time, and you should check this Privacy Policy periodically.

StackerScan