Privacy Policy
1. Privacy at a Glance
General Information
The following information provides a simple overview of what happens to your personal data when you visit this website. Personal data is any data that can be used to personally identify you. For detailed information on data protection, please refer to our privacy policy below.
Data Collection on This Website
Who is responsible for data collection on this website?
Data processing on this website is carried out by the website operator:
Jonas Schaller
Dietrich-Bonhoeffer-Str. 4
97176 Konradsreuth, Germany
Email: jonas.schakon@gmail.com
How do we collect your data?
Your data is collected in part by you providing it to us. This may be data you enter during registration or when subscribing. Other data is automatically collected or collected with your consent when you visit the website by our IT systems. This is primarily technical data (e.g., internet browser, operating system, or time of page access).
What do we use your data for?
Some of the data is collected to ensure error-free provision of the website. Other data may be used to analyze your user behavior.
What rights do you have regarding your data?
You have the right at any time to obtain free information about the origin, recipient, and purpose of your stored personal data. You also have the right to request correction or deletion of this data. If you have given consent to data processing, you can revoke this consent at any time for the future. You also have the right, under certain circumstances, to request restriction of the processing of your personal data. Furthermore, you have the right to file a complaint with the competent supervisory authority.
2. Hosting
Vercel
We host our website with Vercel Inc., 340 S Lemon Ave #4133, Walnut, CA 91789, USA. When you visit our website, your personal data is processed on Vercel's servers. Personal data may also be transferred to Vercel in the USA. The data transfer to the USA is based on the EU Standard Contractual Clauses.
More information: https://vercel.com/legal/privacy-policy
The use of Vercel is based on Art. 6(1)(f) GDPR. We have a legitimate interest in reliable and fast delivery of our website.
3. General Information and Mandatory Disclosures
Data Protection
The operator of these pages takes the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this privacy policy.
Responsible Entity
The responsible entity for data processing on this website is:
Jonas Schaller
Dietrich-Bonhoeffer-Str. 4
97176 Konradsreuth, Germany
Email: jonas.schakon@gmail.com
The responsible entity is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data.
Storage Duration
Unless a more specific storage period has been mentioned within this privacy policy, your personal data will remain with us until the purpose for the data processing no longer applies. If you assert a legitimate request for deletion or revoke your consent to data processing, your data will be deleted unless we have other legally permissible reasons for storing your personal data (e.g., tax or commercial law retention periods); in the latter case, deletion will occur after these reasons cease to apply.
Revocation of Your Consent to Data Processing
Many data processing operations are only possible with your express consent. You can revoke consent you have already given at any time. The legality of the data processing carried out until the revocation remains unaffected by the revocation.
Right to Data Portability (Art. 20 GDPR)
You have the right to receive data that we process automatically on the basis of your consent or in fulfillment of a contract, in a commonly used, machine-readable format, to yourself or to a third party.
Right to Access, Correction, and Deletion
Within the framework of applicable legal provisions, you have the right at any time to free information about your stored personal data, its origin and recipients, and the purpose of data processing, as well as the right to correction or deletion of this data. For this purpose, as well as for further questions on the subject of personal data, you can contact us at any time.
Right to Restriction of Processing
You have the right to request restriction of the processing of your personal data. You can contact us at any time for this purpose. The right to restriction of processing exists in the following cases:
- If you dispute the accuracy of your personal data stored by us
- If the data processing is unlawful but you object to its deletion
- If we no longer need your data but you need it for the exercise, defense, or assertion of legal claims
- If you have filed an objection pursuant to Art. 21(1) GDPR
Supervisory Authority
In the event of violations of the GDPR, data subjects have the right to lodge a complaint with a supervisory authority. The competent supervisory authority for us is:
Bayerisches Landesamt für Datenschutzaufsicht (BayLDA)
Promenade 18
91522 Ansbach, Germany
https://www.lda.bayern.de
4. Data Collection on This Website
Cookies
Our website uses only technically necessary cookies. These are required for the operation of the site (e.g., session cookies for authentication). No marketing or tracking cookies are set. Technically necessary cookies are stored on the basis of Art. 6(1)(f) GDPR. The website operator has a legitimate interest in storing technically necessary cookies for the technically error-free provision of its services.
Local Storage
We use your browser's local storage to save user preferences such as layout configurations and watchlist data locally on your device. This data is not transmitted to our servers and serves exclusively to improve your user experience. The legal basis is Art. 6(1)(f) GDPR (legitimate interest).
Server Log Files
The provider of the pages (Vercel) automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:
- Browser type and browser version
- Operating system used
- Referrer URL
- Hostname of the accessing computer
- Time of the server request
- IP address
This data is not merged with other data sources. The basis for data processing is Art. 6(1)(f) GDPR.
5. Analytics
Google Analytics
This website uses Google Analytics, a web analytics service provided by Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland. Google Analytics uses cookies and similar technologies that enable analysis of your use of the website. The information generated is usually transferred to a Google server in the USA and stored there.
We use Google Analytics with IP anonymization enabled. This means your IP address is shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area before being transmitted to the USA.
The use of Google Analytics is based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in analyzing user behavior to optimize its web offering.
More information: https://policies.google.com/privacy
6. Registration and Account
Supabase (Authentication)
For user registration and authentication, we use Supabase (Supabase Inc., 970 Toa Payoh North #07-04, Singapore 318992). During registration, the following data is processed:
- Email address
- Password (stored encrypted)
- Time of registration
- Subscription status
When using Google OAuth login, your name and profile picture are additionally transmitted from Google.
Data processing is based on Art. 6(1)(b) GDPR (performance of a contract). Your data is stored on servers in the EU.
More information: https://supabase.com/privacy
7. Payment Service Provider
Stripe
For payment processing, we use Stripe (Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, D02 H210, Ireland). When you subscribe, your payment data is processed directly by Stripe. We do not receive or store complete credit card or bank account data.
Stripe processes in particular:
- Name and email address
- Payment method information (e.g., credit card number, expiration date)
- Billing address
- Transaction data
Data processing is based on Art. 6(1)(b) GDPR (performance of a contract).
More information: https://stripe.com/privacy
8. External Market Data APIs
To display financial market data, we use various external interfaces. No personal user data is transmitted to these services — all API requests are made server-side. The following services are used:
- Finnhub — Market data, calendars, news (finnhub.io)
- Financial Modeling Prep — Prices, top movers (financialmodelingprep.com)
- Yahoo Finance — Indices, forex, commodities (via unofficial API)
- FRED — US bond yields (fred.stlouisfed.org)
- Alpha Vantage — Macro indicators (alphavantage.co)
- NewsAPI — News aggregation (newsapi.org)
- OpenSky Network — Flight data (opensky-network.org)
- TradingView — Chart widgets (tradingview.com)
Since all requests are made server-side through our API routes, your IP address and browser information are not passed to these third-party providers. When using TradingView chart widgets, however, a direct connection is established between your browser and TradingView's servers.
9. Changes to This Privacy Policy
We reserve the right to adapt this privacy policy to ensure it always complies with current legal requirements or to implement changes to our services in the privacy policy. The new privacy policy will then apply to your next visit.
Last updated: March 2026