Data Protection & Privacy Policy

1. Data Controller

Tectoniq
Dr. Marc Harms
Havelweg 12
47445 Moers, Germany
Email: admin@tectoniq.com

2. What Data We Collect

Account Data (if you create an account):

• • Email address: For authentication via Supabase
• • Portfolio holdings: Asset tickers and quantities you add to portfolios
• • Watchlist items: Asset tickers you add to your watchlist
• • Account preferences: Settings and configuration choices

Usage Data (all users):

• • Asset searches: Ticker symbols searched (session-based, not permanently stored)
• • Page views: Anonymous analytics for service improvement
• • Technical data: Browser type, device type, IP address (anonymized)

We do NOT collect:

• • Government-issued identification documents
• • Financial account credentials or passwords
• • Actual trading activity or brokerage positions
• • Payment information (service is currently free)
• • Social security numbers or tax IDs
• • Biometric data

3. How We Use Your Data

Your data is used to:

• • Provide the service: Display asset analysis, store portfolios, maintain watchlists
• • Authentication: Verify your identity and maintain secure sessions
• • Service improvement: Analyze usage patterns (anonymized) to improve features
• • Communication: Send account-related notifications (if enabled)
• • Security: Detect and prevent fraud, abuse, or security incidents

We do NOT:

• • Sell your data to third parties
• • Share your portfolio holdings with anyone
• • Use your data for targeted advertising
• • Train AI models on your personal data
• • Share data with data brokers

4. Third-Party Services

We use the following third-party services:

• • Supabase: Authentication and database hosting (see Supabase Privacy Policy)
• • Yahoo Finance API: Market data retrieval (no personal data shared)
• • Hetzner: Backend server hosting in Germany (GDPR-compliant)

Cookies: We use essential cookies for authentication (Supabase session cookies). No tracking or advertising cookies are used. You can disable cookies in your browser, but this will prevent you from logging in.

5. Your Rights (GDPR)

Under the General Data Protection Regulation (GDPR), you have the right to:

• • Access: Request a copy of all personal data we hold about you
• • Rectification: Correct inaccurate or incomplete data
• • Erasure ("Right to be Forgotten"): Request deletion of your account and all associated data
• • Data Portability: Receive your portfolio and watchlist data in JSON format
• • Object: Opt out of analytics or data processing
• • Restrict Processing: Limit how we use your data
• • Withdraw Consent: Revoke previously granted permissions

To exercise these rights, contact: admin@tectoniq.com
Response time: Within 30 days as required by GDPR

6. Data Retention

• • Account data: Retained while your account is active
• • Portfolio holdings: Retained until you delete them or close your account
• • Watchlist items: Retained until you remove them or close your account
• • Search queries: Not permanently stored (session only)
• • Analytics: Aggregated and anonymized, retained indefinitely for service improvement
• • Deleted accounts: All personal data permanently deleted within 30 days

7. Data Security

We implement industry-standard security measures:

• • Encryption: HTTPS/TLS for all data in transit
• • Authentication: Secure password hashing via Supabase
• • Database: Access-controlled PostgreSQL with row-level security
• • Hosting: EU-based servers (Hetzner, Germany) for GDPR compliance
• • Monitoring: Regular security audits and vulnerability scanning

However, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security.

8. Children's Privacy

Tectoniq is not intended for users under 18 years old. We do not knowingly collect data from minors. If you believe a minor has provided us with personal data, please contact us immediately atadmin@tectoniq.com.

9. International Data Transfers

Your data is primarily stored in the European Union (Germany). If you access Tectoniq from outside the EU, your data may be transferred to and processed in the EU. We ensure adequate safeguards are in place for such transfers in compliance with GDPR.

10. Changes to This Policy

We may update this policy as Tectoniq evolves. Material changes will be communicated via:

• • Prominent notice on the website
• • Email notification to registered users (if applicable)
• • Updated "Last Updated" date at the top of this page

Continued use of the service after changes constitutes acceptance of the updated policy.

11. Contact & Complaints

For privacy concerns or data requests:
Email: admin@tectoniq.com
Response time: Within 30 days (GDPR requirement)

Right to lodge a complaint:
If you believe we have not handled your data properly, you have the right to lodge a complaint with your local data protection authority. In Germany, this is the Bundesbeauftragter für den Datenschutz und die Informationsfreiheit (BfDI).