Portfolio Scatter

Privacy Policy

Effective Date: 2026-02-14

This Privacy Policy describes how Tung Vu ("we," "us," or "our") collects, uses, and protects your information when you use Portfolio Scatter at portfolioscatter.com ("Service").

1. Information We Collect

Information You Provide

  • Account information: When you create an account, we collect your email address. You may optionally provide your name and profile image.
  • Portfolio data: Ticker symbols, allocation weights, portfolio names, and descriptions that you input into the Service. This does not include financial account numbers, balances, or other sensitive financial identifiers.
  • Authentication credentials: If you sign in with email and password, we store a securely hashed version of your password. If you use Google OAuth, we receive your Google profile information (name, email, profile image) but never your Google password.

Information Collected Automatically

  • Usage analytics: We collect anonymized product usage events (such as "portfolio created" or "feature accessed") via PostHog. Your email address and name are never sent to our analytics provider — only an anonymized user identifier.
  • Device information: Browser type, operating system, and screen size — standard web analytics data.
  • Cookies: We use essential httpOnly session cookies for authentication. We do not use third-party tracking cookies or advertising cookies.

Information We Do NOT Collect

  • Financial account numbers or brokerage credentials
  • Social Security numbers or government IDs
  • Payment or credit card information
  • Location data (GPS or IP-based geolocation)

2. How We Use Your Information

We use your information to:

  • Provide the Service — store your portfolios, calculate risk metrics, and generate visualizations
  • Authenticate your identity — manage your account and sessions
  • Improve the Service — analyze anonymized usage patterns to understand which features are valuable
  • Provide AI analysis — when you explicitly request AI-powered portfolio analysis, your portfolio data (ticker symbols, weights, and calculated metrics) is sent to our AI provider for processing

3. Information Sharing

We do not sell your personal information. We never have and never will.

We share information only with the following categories of service providers, solely to operate the Service:

| Provider | Purpose | Data Shared | |----------|---------|-------------| | Convex | Cloud database | Account info, portfolio data | | Google | OAuth authentication | Authentication tokens (only if you choose Google sign-in) | | PostHog | Product analytics | Anonymized usage events (no email, no name) | | OpenAI | AI analysis (opt-in) | Portfolio data when you request AI analysis | | Vercel | Hosting | Standard web server logs | | Financial data providers | Market prices | Ticker symbols (not linked to your identity) |

We may also disclose information if required by law, legal process, or to protect our rights or the safety of others.

4. Data Storage and Security

  • Anonymous users: Your portfolio data is stored only in your browser's localStorage. It never touches our servers.
  • Authenticated users: Your portfolio data is stored in our Convex cloud database.
  • Security measures: We implement security headers (HSTS, X-Frame-Options: DENY, X-Content-Type-Options: nosniff), use httpOnly cookies for sessions, and follow security best practices for authentication.
  • Encryption: Data is encrypted in transit via HTTPS/TLS.

While we take reasonable measures to protect your information, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security.

5. Data Retention

  • Active accounts: Your data is retained as long as your account is active.
  • Deleted portfolios: When you delete a portfolio, it is soft-deleted (archived) and can be permanently deleted upon request.
  • Account deletion: You may request full account deletion by contacting us. Upon deletion, your personal data and portfolio data will be permanently removed within 30 days.
  • Analytics data: Anonymized usage events are retained per PostHog's standard retention policy.

6. Your Rights Under California Law (CCPA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA):

  • Right to Know: You may request a copy of the personal information we have collected about you.
  • Right to Delete: You may request that we delete your personal information.
  • Right to Opt-Out of Sale: We do not sell your personal information. No opt-out is necessary.
  • Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.

To exercise your rights, contact us at support@portfolioscatter.com. We will respond to verified requests within 45 days.

7. Children's Privacy

The Service is not intended for users under 18 years of age. We do not knowingly collect personal information from children. If we learn that we have collected information from a child under 18, we will delete it promptly.

8. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be indicated by updating the "Effective Date" at the top of this page. We encourage you to review this policy periodically. Your continued use of the Service after changes are posted constitutes acceptance of the revised policy.

9. Contact Us

If you have questions or concerns about this Privacy Policy or your data, please contact us at:

Email: support@portfolioscatter.com