Last updated: · MangyByte Ltd, London, United Kingdom
The essentials: We are the data controller for your StockTriage account. We collect only what we need to run the Service, we never sell your personal data, broker API keys are stored encrypted and used read-only, and you can ask us to delete your data at any time via privacy@stocktriage.com.
StockTriage is operated by MangyByte Ltd, a company registered in England and Wales with its registered office in London (“we”, “us”, “our”). We are the data controller for personal data processed through the Service under the UK GDPR and the Data Protection Act 2018. You can reach our privacy contact at privacy@stocktriage.com.
If you link a broker, you provide a read-only API key or authorise a read-only connection. We verify the connection does not carry trading permission and reject keys that do. Keys are encrypted at rest using authenticated encryption (AES-256-GCM) with the key-encryption key held outside the application’s web root. We use the connection solely to display your holdings beside universal scores; your holdings are never used to calculate or alter any score, ranking or generated text. You can unlink a broker at any time, which deletes the stored key; holdings cached for display are deleted on unlink.
Subscription payments are processed by Stripe Payments Europe / Stripe, Inc. acting as a separate controller for card data. We receive only a customer reference and subscription status from Stripe; we do not receive or store your full card number. Stripe’s handling of your data is governed by Stripe’s own privacy policy.
We do not sell your personal data and do not share it for third-party marketing. We share data only with processors who help us run the Service, under contract and on our instructions, including: our hosting provider, Stripe (payments), our transactional email provider, your chosen broker or its aggregator (only the connection you authorise), and any optional analytics provider you have consented to. We may disclose data where required by law.
We keep account and product data for as long as your account is active. After you close your account or ask us to delete your data, we delete or anonymise personal data within a reasonable period, except where we must retain certain records (for example billing records for accounting and tax purposes) for the period required by law. Security logs are kept only as long as needed for security purposes.
Under UK GDPR you have the right to access your data; to rectification; to erasure; to restrict or object to processing; to data portability; and to withdraw consent at any time where processing is based on consent. To exercise any right, email privacy@stocktriage.com. We will respond within one month. Exercising your rights is free in most cases and will not disadvantage you.
We use a small number of essential cookies needed to log you in, keep your session secure and remember your preferences; these do not require consent. We use analytics cookies only with your consent, requested via our cookie banner, and you can change or withdraw consent at any time. We do not use advertising or cross-site tracking cookies.
Some of our processors (for example Stripe) may process data outside the UK. Where data is transferred outside the UK, we rely on an adequacy decision or appropriate safeguards such as the International Data Transfer Agreement or Addendum to the EU Standard Contractual Clauses.
We protect your data with measures appropriate to the risk, including encryption in transit, hashing of passwords, authenticated encryption of broker keys, access controls and logging. No system is perfectly secure, but we work to keep your data safe and will notify you and the regulator of any qualifying breach as required by law.
For any privacy question or to exercise your rights, contact privacy@stocktriage.com. If you are unhappy with how we handle your data you can complain to the UK Information Commissioner’s Office (ICO) at ico.org.uk, though we’d appreciate the chance to put things right first.