Privacy Policy

1. Who we are

StackerTracker provides software to help you catalogue and organize collectibles and related holdings (for example coins, bullion, banknotes, jewellery, and similar items), view contextual market information, and optionally create share links so others can view limited information you choose to expose.

For privacy questions, please reach out to us by email. If you are in Québec and applicable law requires a designated contact, requests may be directed through the same channel unless we publish a dedicated privacy officer contact.

2. What is personal information

In this policy, "personal information" means information about an identifiable individual (in some regions this is called "personal data"). Depending on where you live, business contact information and certain publicly available information may be treated differently under local law.

3. Personal information we collect

Depending on how you use the Service, we may collect the following categories of information:

• Account and authentication. For example, email address, display name (if you provide one), password hash (we store a secure hash, not your plaintext password), account identifiers, subscription or entitlement flags, sign-in timestamps, and administrative flags needed to operate the Service (for example, to enforce bans for abuse).
• Portfolio and operational data you provide. Items you add (including descriptions, quantities, acquisition details where you enter them, grading notes, photos or images you upload, organizational structure such as portfolios and containers), dashboard layout or UI preferences you save, and similar content needed to provide features you use.
• Share links. If you enable sharing, we process tokens or URLs, visibility settings (for example, whether acquisition details are revealed to viewers), and access logs reasonably necessary to operate share links securely.
• Payments and billing. Paid features may be processed by our payment processor (currently Stripe). We typically receive limited billing metadata (for example, customer identifiers, subscription status, and payment event summaries) rather than full card numbers, which are handled by the processor.
• Technical and usage data. For example, IP address, device and browser type, approximate location derived from network signals (often at a regional level), diagnostic logs, error reports, security signals, and timestamps. We use this category to secure accounts, prevent abuse, maintain reliability, and understand aggregate usage patterns.
• Support communications. Information you send when you contact us, including the content of your message and contact details you provide.
• Cookies and similar technologies. We use cookies and similar technologies that are needed for authentication and core site operation. We may also use technologies that help us measure performance or remember preferences where applicable.

Some features may fetch reference or market data from third-party sources (for example, exchange rates, metals or crypto prices, catalogue or reference data, or news headlines keyed to symbols you view). Those requests are generally not designed to transmit your portfolio contents to those providers, but providers may see technical metadata typical of internet requests (such as IP address). You should assume any third-party site or service you choose to visit separately may collect information under its own policies.

4. Purposes for which we use personal information

We use personal information for purposes that include:

• creating and maintaining your account;
• providing, operating, improving, and personalizing the Service;
• processing payments and managing subscriptions or entitlements;
• security, fraud prevention, abuse detection, and enforcing our terms;
• customer support and responding to inquiries;
• complying with legal obligations and defending legal claims; and
• sending transactional or service-related messages (for example, receipts, security notices, or policy updates).

Where required by law, we obtain appropriate consent for collections and uses—particularly for collections that are not reasonably necessary to provide the Service you requested. You may withdraw consent where withdrawal is legally permissible, but that may affect our ability to provide certain features.

5. Marketing and commercial electronic messages

For recipients in Canada, if we send commercial electronic messages (CEMs) that are subject to Canada's Anti-Spam Legislation (CASL), we will do so with consent where required, include identification information, and provide a functional unsubscribe mechanism where applicable. Transactional or relationship messages that are exempt or not subject to CASL will still identify us clearly.

If you are outside Canada, marketing communications are also handled in line with applicable local rules (for example, opt-out or consent requirements in your country or region).

6. When we disclose personal information

We do not sell your personal information. We may disclose personal information:

• to service providers and processors who assist us (for example, hosting, infrastructure, payment processing, analytics, email delivery, security tooling), subject to contractual terms that require appropriate protection and limit use to our instructions;
• to comply with law, lawful requests by public authorities (including national security or law enforcement requests), or to protect rights, privacy, safety, or property; and
• in connection with a business transaction (for example, merger, acquisition, financing, or sale of assets), under safeguards and notices required by law.

Our Service is built on managed cloud infrastructure (for example, Cloudflare for application delivery, compute, and storage components) and may use Stripe for payments. These providers may process data in Canada, the United States, the European Economic Area, the United Kingdom, or other regions where they operate data centres or support operations.

7. Cross-border processing

Personal information may be accessed from or transferred to jurisdictions outside your province, territory, or country of residence—including the United States—where privacy laws may differ. Where we engage processors in other countries, we take steps that are appropriate in the circumstances (which may include contractual clauses such as standard contractual clauses approved in the EEA or UK where relevant, technical safeguards, and vendor diligence) to protect personal information in line with this policy and applicable law in your region.

8. Retention

We retain personal information only as long as reasonably necessary for the purposes described in this policy, including to comply with legal, tax, accounting, or dispute-resolution requirements, and to maintain backups and resilient systems. When retention periods end, we delete or de-identify information where feasible.

9. Security

We implement technical and organizational measures appropriate to the sensitivity of the information we handle. No method of transmission or storage is completely secure. You are responsible for safeguarding your password and device access. For a high-level overview, see our Security page.

10. Your choices and rights

Subject to applicable law wherever you live, you may request access to or correction of your personal information, object to or restrict certain processing, withdraw consent where processing is based on consent, request deletion or portability (where technically feasible), or ask questions about our practices, by emailing us. We may need to verify your request. Certain information may be exempt from access, correction, or deletion where permitted by law.

If you wish to close your account or delete personal information, contact us with the email address associated with your account. Some information may be retained where legitimate business or legal needs require it.

If you are in the European Economic Area, the United Kingdom, or Switzerland, applicable data protection law may provide you with specific rights regarding our processing of your personal data, including the right to lodge a complaint with a supervisory authority in your country of residence, place of work, or place of an alleged infringement.

If you are in certain United States states, you may have additional rights under state privacy laws (for example, rights to know, delete, or opt out of certain sales or sharing), subject to exceptions. We describe our practices in this policy; contact us to exercise rights available to you under those laws.

If you are in Canada and are not satisfied with our response, you may complain to the Office of the Privacy Commissioner of Canada (OPC) at priv.gc.ca, or to a provincial privacy regulator if applicable (for example, in Alberta or British Columbia, the provincial Information and Privacy Commissioner; in Québec, the Commission d'accès à l'information).

11. Québec residents

If you reside in Québec, you may have additional rights or protections regarding transparency, consent, automated processing, portability (where applicable), and cross-border transfers. We will respond to Québec requests in accordance with applicable law. For more information about Québec privacy rights, visit the Commission d'accès à l'information du Québec at cai.gouv.qc.ca.

12. Children

The Service is not directed to children. We do not knowingly collect personal information from children without appropriate parental authority or consent as required by law. If you believe we have collected information from a child inappropriately, please contact us and we will take appropriate steps.

13. Automated decision-making

We do not use personal information to make decisions that produce legal or similarly significant effects solely by automated means. We may use automated tools for security, spam prevention, or product analytics.

14. Changes to this policy

We may update this policy from time to time. We will post the revised version on this page and update the "Last updated" date. Where changes are material and consent is required by law, we will obtain consent or provide notice in a legally appropriate manner.

15. Related documents

Our Terms of Service govern use of the Service and include additional provisions on content, liability, and dispute resolution.