Loading trial status...

Privacy Policy

Introduction

This Privacy Policy explains how Stonks B.V. ("we", "our", or "us") collects, uses, and protects your personal data when you use our newsletter platform. We are committed to protecting your privacy and complying with the General Data Protection Regulation (GDPR).

Last Updated: January 14, 2026

Data Controller

Company: Stonks B.V.

Email: privacy@stonks.nl

Address: Stonks B.V., Amsterdam, Netherlands

Data We Collect

Personal Data

  • Email address (for account identification and communication)
  • Name (optional, for personalization)
  • User ID (for account management)

Usage Data

  • Reading history (newsletter IDs, read timestamps)
  • Bookmarks (newsletter IDs, bookmark timestamps)
  • Reading patterns and preferences

Technical Data

  • IP address (for audit logging and security)
  • User agent (for audit logging and security)
  • FCM push notification tokens (if you opt-in)

Financial Data

  • Payment transaction IDs (not full payment data)
  • Subscription amounts and status
  • Note: Full payment data is handled by payment providers (Mollie/Stripe), not stored on our platform

How We Use Your Data

Service Delivery

  • User authentication and account management
  • Newsletter access and delivery
  • Personalized reading experience
  • Bookmark functionality

Subscription Management

  • Subscription billing and payment processing
  • Access control for paid content
  • Subscription management (renewal, cancellation)

Service Improvement

  • Analytics and usage patterns (with consent)
  • Service quality improvement

Security

  • Audit logging for security monitoring
  • Fraud prevention
  • Compliance auditing

Legal Basis for Processing

We process your personal data based on the following legal bases:

  • Contract (Article 6(1)(b)): User registration, subscription management, payment processing - necessary for service delivery
  • Legitimate Interest (Article 6(1)(f)): Newsletter reading tracking, audit logging - necessary for service functionality and security
  • Consent (Article 6(1)(a)): Push notifications, marketing communications, analytics - explicit opt-in required
  • Legal Obligation (Article 6(1)(c)): Financial record retention (7 years), audit trail retention (2 years) - required by law

For detailed information, see our Legal Basis Documentation.

Data Sharing

We share your data only with the following third parties:

Payment Providers (Mollie/Stripe)

  • Data shared: Transaction IDs, amounts, status
  • Purpose: Payment processing
  • Legal basis: Contract (necessary for payment processing)
  • Data protection: Payment providers are GDPR-compliant and PCI DSS certified

Firebase Cloud Messaging (Google)

  • Data shared: Push notification tokens only
  • Purpose: Push notification delivery
  • Legal basis: Consent (opt-in)
  • Data protection: Google is GDPR-compliant

No other third-party data sharing.

Your Rights

Under GDPR, you have the following rights:

  • Right to Access (Article 15): Request access to your personal data. Request data access
  • Right to Rectification (Article 16): Request correction of inaccurate data. Update your data in Account Settings.
  • Right to Erasure (Article 17): Request deletion of your personal data ("right to be forgotten"). Request data deletion
  • Right to Data Portability (Article 20): Receive your data in a machine-readable format. Request data export
  • Right to Object (Article 21): Object to processing based on legitimate interest.
  • Right to Withdraw Consent (Article 7): Withdraw consent at any time. Manage consent in Account Settings.

To exercise your rights, contact us at privacy@stonks.nl. We will respond within 30 days.

Data Retention

We retain your data only as long as necessary:

  • Account data: Until account deletion (you can request deletion at any time)
  • Reading history and bookmarks: Until account deletion
  • Financial records: 7 years (legal requirement for tax/audit compliance)
  • Audit logs: 2 years (security/compliance requirement)
  • Push notification tokens: Until unsubscribe or account deletion

For detailed retention periods, see our Data Retention Policy.

Data Security

We implement comprehensive security measures to protect your data:

  • Encryption at Rest: Database encryption using AWS RDS encryption (AES-256)
  • Encryption in Transit: TLS 1.3+ for all connections (HTTPS)
  • Access Controls: Server-side access control, role-based access control
  • Password Security: Passwords hashed using bcrypt
  • Token Security: JWT tokens signed using RS256
  • Audit Logging: Comprehensive audit logging for security monitoring

For detailed security measures, see our Security Measures Documentation.

Cookies

We use the following types of cookies:

  • Essential Cookies: Required for authentication and service functionality (cannot be disabled)
  • Analytics Cookies: Used for service improvement (requires consent)

Contact Information

For GDPR-related inquiries or to exercise your rights:

  • Email: privacy@stonks.nl
  • Data Protection Officer: Contact via privacy@stonks.nl
  • Address: Stonks B.V., Amsterdam, Netherlands

Updates to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last Updated" date. We encourage you to review this policy periodically.

components.footer.legalDisclaimer

© 2026 The Compounding Club. All rights reserved.