Privacy Policy

a) Account Information — When you register, we collect your email address and a hashed password. We do not store your plain-text password. You may optionally provide additional profile information such as your name.

b) Usage Data — We automatically collect information about how you interact with the Platform, including: pages visited, features used, strategy configurations explored, buttons clicked, session duration, browser type and version, operating system, IP address, and referral URL.

c) Payment Data — We use Stripe to process payments. When you subscribe, your payment card information is transmitted directly to Stripe and is never stored on our servers. We receive from Stripe a limited set of non-sensitive billing data including the last four digits of your card, card type, billing country, and subscription status. Stripe's privacy policy is available at stripe.com/privacy.

d) Communications — If you contact us by email or through support channels, we retain those communications to resolve your inquiry and improve our services.

e) Cookies and Tracking Technologies — We use cookies and similar technologies as described in Section 7 below.

Under the GDPR, we process your personal data on the following legal bases:

• Performance of a Contract (Article 6(1)(b)): Processing your account data and payment information to provide the services you have subscribed to.

• Legitimate Interests (Article 6(1)(f)): Improving the Platform, analysing usage patterns, preventing fraud, and ensuring security. We have conducted balancing tests to ensure our legitimate interests do not override your fundamental rights and freedoms.

• Legal Obligation (Article 6(1)(c)): Retaining billing records as required by tax and accounting laws.

• Consent (Article 6(1)(a)): For marketing communications, non-essential analytics cookies, and newsletter subscriptions. You may withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.

We use the information we collect to:

• Provide, operate, and maintain the Platform and its features

• Process subscription payments and manage your account

• Send transactional emails (account confirmation, billing receipts, renewal reminders, password resets)

• Send product updates and feature announcements (only with your consent; you may opt out at any time)

• Analyse usage patterns to improve the Platform experience

• Monitor for and prevent fraud, abuse, and security incidents

• Comply with legal obligations

• Enforce our Terms of Service

We do not use your data to train machine learning models for sale to third parties. We do not build advertising profiles from your usage data. We do not engage in automated decision-making or profiling that produces legal effects concerning you.

We do not sell, rent, or trade your personal data to third parties. We share data only in the following limited circumstances:

Service Providers (Data Processors): We share data with trusted vendors who help us operate the Platform, including Stripe (payments), email delivery providers, cloud hosting providers, and analytics platforms. These processors are bound by Data Processing Agreements (DPAs) and process your data only on our instructions in accordance with Article 28 GDPR.

Analytics Providers: We use or plan to use analytics tools (such as PostHog or Google Analytics 4) to understand Platform usage. These services may collect anonymized or pseudonymized usage data. You may opt out of analytics tracking through our cookie preferences or your browser settings.

Legal Requirements: We may disclose your information if required by EU or member state law, regulation, legal process, or governmental request, or to protect the rights, property, or safety of PortfolioWiser, our users, or others.

Business Transfers: In the event of a merger, acquisition, or sale of all or substantially all of our assets, your data may be transferred as part of that transaction. We will notify you before your data is subject to a different privacy policy, and you will have the opportunity to delete your account before the transfer.

With Your Consent: We will share your data with third parties when you have given us explicit consent to do so.

PortfolioWiser is established in the European Union. Your data is primarily processed and stored within the EU/EEA.

Where data is transferred outside the EU/EEA (for example, to US-based service providers such as Stripe), we ensure appropriate safeguards are in place as required by Chapter V of the GDPR, including:

• Standard Contractual Clauses (SCCs) approved by the European Commission

• Adequacy decisions where applicable

• Supplementary measures where necessary based on transfer impact assessments

You may request a copy of the safeguards used for international transfers by contacting us at support@portfoliowiser.com.

We retain your personal data only as long as necessary for the purposes for which it was collected:

• Account data: Retained for as long as your account is active. If you delete your account, we will delete or anonymise your personal data within 30 days.

• Billing records: Retained for up to 7 years after the end of the relevant fiscal year, as required by EU and member state tax and accounting laws.

• Usage data: Anonymised and aggregated usage data may be retained indefinitely. Identifiable usage data is deleted within 90 days of account deletion.

• Communications: Support correspondence is retained for up to 2 years after the last interaction.

• Consent records: Retained for the duration of the consent and for 3 years after withdrawal for compliance purposes.

We use the following types of cookies:

Essential Cookies (Strictly Necessary): Required for the Platform to function. These include authentication session cookies and security tokens. These do not require consent under Article 5(3) of the ePrivacy Directive (2002/58/EC) as they are strictly necessary.

Analytics Cookies: Used to understand how users interact with the Platform. These require your consent before being set. You may opt in or out through our cookie consent banner.

Preference Cookies: Used to remember your settings and preferences (such as display theme). These require consent.

Third-Party Cookies: Stripe may set cookies related to payment processing. These are strictly necessary for payment functionality.

You can manage your cookie preferences at any time through our cookie settings panel or your browser settings. Refusing non-essential cookies does not affect your ability to use the core features of the Platform.

As a data subject, you have the following rights under the GDPR:

• Right of Access (Article 15): Request a copy of the personal data we hold about you, including information about how it is processed and to whom it has been disclosed.

• Right to Rectification (Article 16): Request correction of inaccurate or incomplete personal data.

• Right to Erasure (Article 17): Request deletion of your personal data where there is no compelling reason for its continued processing, subject to legal retention requirements.

• Right to Restriction of Processing (Article 18): Request that we limit how we use your data while a dispute is being resolved or while we verify the accuracy of your data.

• Right to Data Portability (Article 20): Receive your personal data in a structured, commonly used, machine-readable format and transmit it to another controller.

• Right to Object (Article 21): Object to processing based on legitimate interests or for direct marketing purposes. Where you object to processing based on legitimate interests, we will cease processing unless we can demonstrate compelling legitimate grounds.

• Right to Withdraw Consent (Article 7(3)): Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of processing carried out before withdrawal.

• Right to Lodge a Complaint: You have the right to lodge a complaint with your local data protection supervisory authority. A list of EU supervisory authorities is available at https://edpb.europa.eu/about-edpb/about-edpb/members_en.

To exercise any of these rights, email us at support@portfoliowiser.com with the subject line "Privacy Request." We will respond within 30 days. In complex cases, we may extend the response period by an additional 60 days, and we will inform you of any such extension. We may need to verify your identity before processing your request.

We do not charge a fee for exercising your rights, except where requests are manifestly unfounded or excessive.

PortfolioWiser is not intended for use by individuals under the age of 18. We do not knowingly collect personal data from children under 18. If we become aware that we have collected data from a child under 18, we will delete it promptly. If you believe we have inadvertently collected data from a minor, please contact us at support@portfoliowiser.com.

We implement appropriate technical and organisational measures to protect your personal data in accordance with Article 32 GDPR, including:

• Encrypted data transmission using TLS/HTTPS

• Hashed and salted password storage

• Access controls limiting employee access to personal data on a need-to-know basis

• Regular security reviews and vulnerability assessments

• Secure cloud infrastructure within the EU/EEA where possible

No method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your data using commercially reasonable measures, we cannot guarantee absolute security. In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify you and the relevant supervisory authority within 72 hours as required by Articles 33 and 34 GDPR.

The Platform may contain links to third-party websites. This Privacy Policy does not apply to those sites. We encourage you to review the privacy policies of any third-party sites you visit.

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email and/or by posting a notice on the Platform at least 14 days before the changes take effect. The updated policy will take effect on the date stated in the "Last updated" notice at the top of the page. Your continued use of the Platform after that date constitutes acknowledgement of the updated policy.

For questions, concerns, or requests relating to this Privacy Policy or our data protection practices:

Email: support@portfoliowiser.com

Website: portfoliowiser.com

You have the right to lodge a complaint with your local EU/EEA data protection supervisory authority at any time.