Portfolio Scatter
MethodologyTermsPrivacy

Privacy Policy

Effective Date: 2026-02-14

This Privacy Policy describes how Mike Huynh and Tung Vu collect, use, and protect your information when you use Portfolio Scatter at portfolioscatter.com.

1. Information We Collect

Information You Provide

  • Account information: When you create an account, we collect your email address. You may optionally provide your name and profile image.
  • Portfolio data: Ticker symbols, allocation weights, portfolio names, and descriptions that you input into the Service. This does not include financial account numbers, balances, or other sensitive financial identifiers.
  • Authentication credentials: If you sign in with email and password, we store a securely hashed version of your password. If you use Google OAuth, we receive your Google profile information (name, email, profile image) but never your Google password.

Information Collected Automatically

  • Usage analytics: We count anonymous page views to measure traffic, and — if you accept our cookie banner — anonymized product usage events (such as "portfolio created" or "feature accessed"). Your email address and name are never sent to our analytics provider — only an anonymized identifier.
  • Device information: Browser type, operating system, and screen size — standard web analytics data.
  • Cookies: We use essential httpOnly session cookies for authentication — these are required to sign in and cannot be turned off. For product analytics, we count anonymous page views without any cookie or stored identifier (nothing is saved on your device), so a basic page-view count may occur before you respond to our cookie banner. If you accept, we additionally set a single privacy-friendly analytics cookie and record product usage events. If you decline, no analytics cookie is set and we record no usage events — only the cookieless, anonymous page-view count continues; the Service works normally either way. We do not use third-party tracking or advertising cookies.

Information We Do NOT Collect

  • Financial account numbers or brokerage credentials
  • Social Security numbers or government IDs
  • Payment or credit card information
  • Location data (GPS or IP-based geolocation)

2. How We Use Your Information

We use your information to:

  • Provide the Service — store your portfolios, calculate risk metrics, and generate visualizations
  • Authenticate your identity — manage your account and sessions
  • Improve the Service — analyze anonymized usage patterns to understand which features are valuable
  • Read uploaded files — when you upload a PDF or screenshot of your holdings, it is sent to our AI provider to read your holdings from it; such files may contain more than tickers and weights (for example, a brokerage statement)

3. Information Sharing

We do not sell your personal information. We never have and never will.

We share information only with the following categories of service providers, solely to operate the Service:

  • Cloud database provider — stores your account information and portfolio data
  • Authentication provider — processes authentication tokens (only if you choose third-party sign-in such as Google)
  • Analytics provider — receives anonymized usage events only (no email, no name)
  • AI provider — receives any PDF or screenshot you upload, to read your holdings from it
  • Hosting provider — processes standard web server logs
  • Financial data providers — receives ticker symbols for market prices (not linked to your identity)

We may also disclose information if required by law, legal process, or to protect our rights or the safety of others.

4. Data Storage and Security

  • Anonymous users: Your portfolio data is stored only in your browser's localStorage and is not saved on our servers. CSV and Excel files are processed entirely in your browser; if you upload a PDF or screenshot, it is sent to our servers and our AI provider to read your holdings from it.
  • Authenticated users: Your portfolio data is stored in our cloud database.
  • Security measures: We implement industry-standard security headers, use httpOnly cookies for sessions, and follow security best practices for authentication.
  • Encryption: Data is encrypted in transit via HTTPS/TLS.

While we take reasonable measures to protect your information, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security.

5. Data Retention

  • Active accounts: Your data is retained as long as your account is active.
  • Deleted portfolios: When you delete a portfolio, it is soft-deleted (archived) and can be permanently deleted upon request.
  • Account deletion: You may request full account deletion by contacting us. Upon deletion, your personal data and portfolio data will be permanently removed within 30 days.
  • Analytics data: Anonymized usage events are retained per our analytics provider's standard retention policy.

6. Your Rights Under California Law (CCPA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA):

  • Right to Know: You may request a copy of the personal information we have collected about you.
  • Right to Delete: You may request that we delete your personal information.
  • Right to Opt-Out of Sale: We do not sell your personal information. No opt-out is necessary.
  • Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.

To exercise your rights, contact us at support@portfolioscatter.com. We will respond to verified requests within 45 days.

7. Your Rights Under European Law (GDPR)

If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, the General Data Protection Regulation (GDPR) and equivalent laws give you additional rights.

Data controller. Portfolio Scatter is operated by Mike Huynh and Tung Vu, who act as the data controllers for your personal information. You can reach us at support@portfolioscatter.com.

Legal bases for processing. We rely on the following legal bases:

  • Consent — for product analytics, which load only if you accept our cookie banner. You may withdraw consent at any time.
  • Performance of a contract — to provide the features you request, such as storing your portfolios and generating analysis.
  • Legitimate interests — to keep the Service secure and functioning, where these interests are not overridden by your rights.
  • Legal obligation — where we must retain or disclose information to comply with the law.

Your rights. You have the right to access, correct, delete, restrict, or object to our processing of your personal information, and the right to data portability. Where processing is based on consent, you may withdraw that consent at any time without affecting processing that already took place.

International transfers. We are based in the United States, and your information is processed there. When we transfer personal information out of the EEA, the UK, or Switzerland, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses.

Complaints. You have the right to lodge a complaint with your local data protection supervisory authority if you believe we have not handled your information lawfully.

8. Children's Privacy

The Service is not intended for users under 18 years of age. We do not knowingly collect personal information from children. If we learn that we have collected information from a child under 18, we will delete it promptly.

9. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be indicated by updating the "Effective Date" at the top of this page. We encourage you to review this policy periodically. Your continued use of the Service after changes are posted constitutes acceptance of the revised policy.

10. Contact Us

If you have questions or concerns about this Privacy Policy or your data, please contact us at:

Email: support@portfolioscatter.com

← Back to Portfolio Scatter
Methodology·Terms of Service·Privacy Policy