Portrop
Back to Portrop

Privacy Policy

Last updated: April 2026

Portrop ("we," "us," or "our") is a stock similarity and portfolio matching tool operated by VeriduxLabs. This Privacy Policy explains what information we collect, why we collect it, and how we handle it when you use our service at portrop.com.

You can use Portrop in two modes: anonymously (no account, limited daily queries) or with a free or paid account (higher or unlimited quotas, saved portfolios, email reports). The data we collect depends on which mode you use.

1. Information We Collect

Account data (only if you sign up)

When you create an account we store your email address, authentication provider identifier (if you sign in via a third-party provider such as Google), a hashed session token, and the timestamps of your account creation and most recent sign-in. We never see or store your password in plaintext.

Portfolio data (only if you choose to save it)

If you use the save-portfolio feature, we store the portfolio name, the list of ticker symbols you added, and the weight you assigned to each holding. This data is linked to your account and is visible only to you and to VeriduxLabs administrators in the course of maintaining the service. You can delete any portfolio — or your entire account — at any time from your account page, and deletion is permanent.

If you do not sign in, no portfolio data is written to our database. Your holdings remain in your browser session only and are discarded when you close the page.

Usage metadata (all visitors)

To enforce fair-use quotas and detect abuse, we record the endpoints you call and the time of each call. For anonymous visitors, requests are bucketed by a salted SHA-256 hash of your IP address and user-agent — we do not store the raw IP address alongside the request log. For signed-in users, requests are linked to your account. Usage data is retained for 90 days and then deleted.

Billing data (only if you purchase a subscription)

Payments are processed by Lemon Squeezy, a third-party Merchant of Record. When you subscribe, Lemon Squeezy collects and stores your payment method (card details or PayPal), billing address, and tax-relevant location data. VeriduxLabs never sees or stores your full card number, CVV, or bank details.

What we do receive from Lemon Squeezy and store on your account record: your Lemon Squeezy customer ID, your subscription ID and status (active, on trial, past due, cancelled, etc.), the plan variant you purchased, and the timestamps of billing events. This information is necessary to grant you access to the paid tier you purchased and to keep your account in sync with the payment processor.

Product analytics

We use Veridux Analytics, a privacy-respecting first-party analytics service, to understand aggregate usage patterns. Veridux Analytics collects page views, referral source, browser type, screen resolution, and approximate country-level geographic region derived from IP. Veridux Analytics does not set tracking cookies, does not collect personally identifiable information, and does not share data with third-party advertisers.

2. Cookies and Local Storage

If you sign in, Portrop sets first-party authentication cookies (managed by our auth provider, Supabase) so you stay signed in across requests. These are strictly necessary cookies: without them, you cannot remain logged in. We do not use advertising, retargeting, or cross-site tracking cookies.

We may also use the browser's local storage to remember non-sensitive UI preferences (e.g., the last tab you were on). You can clear these at any time through your browser settings.

3. Financial Market Data

The financial market data displayed on Portrop (stock prices, company profiles, similarity metrics) is sourced from the Twelve Data API and from public SEC EDGAR filings. Your ticker queries are forwarded to Twelve Data in order to return results. This data is provided for informational purposes only and is subject to each provider's licensing terms. We do not independently verify or guarantee its accuracy, completeness, or timeliness. See the financial disclaimer.

4. Third-Party Processors

We rely on the following processors to operate Portrop. Each is contractually required to handle data only on our instructions and in accordance with their published privacy policies.

  • Supabase — authentication, database, and session storage. See Supabase's Privacy Policy.
  • Lemon Squeezy — payment processing and Merchant of Record (handles VAT/sales tax collection and remittance). See Lemon Squeezy's Privacy Policy.
  • Twelve Data — financial market data. See Twelve Data's Privacy Policy.
  • Vercel — hosting, edge network, and server logs. See Vercel's Privacy Policy.
  • Sentry — error monitoring. Sentry receives stack traces and environment metadata when an application error occurs. We have configured Sentry to redact known-sensitive fields. See Sentry's Privacy Policy.
  • Veridux Analytics — aggregate product analytics, as described above.

5. How We Use Your Data

  • To provide the core analytical functionality you request.
  • To enforce free-tier and paid-tier usage quotas and prevent abuse.
  • To grant or revoke access to paid features based on your subscription status.
  • To send you transactional emails relating to your account and subscription (e.g., payment receipts, cancellation confirmations). We do not send marketing email unless you explicitly opt in.
  • To diagnose and fix errors and to improve the product.
  • To comply with legal obligations (tax records, fraud investigations, lawful requests from authorities).

We do not sell personal information. We do not share personal information with advertisers. We do not use your saved portfolio data to train machine-learning models.

6. Data Retention

  • Account data is retained until you delete your account.
  • Saved portfolios are retained until you delete them or your account.
  • Usage metadata (endpoint hits, request timestamps) is retained for 90 days and then deleted automatically.
  • Subscription event logs are retained for as long as we are legally required to keep billing records (typically 7 years in the relevant jurisdictions).
  • Sentry error reports are retained for 30 days.
  • Veridux Analytics aggregates are retained indefinitely because they do not identify individuals.

7. Your Rights

Depending on where you live, you may have the following rights under laws such as the EU GDPR, the UK GDPR, the California Consumer Privacy Act (CCPA), and similar frameworks:

  • Access — request a copy of the personal data we hold about you.
  • Rectification — ask us to correct inaccurate data.
  • Erasure — ask us to delete your account and associated data. Billing records required by law will be retained but scrubbed of directly identifying fields where feasible.
  • Portability — receive an export of your portfolios in a machine-readable format.
  • Objection / restriction — object to or restrict certain processing.
  • Complaint — lodge a complaint with your local data protection authority.

Most of these rights are self-service from your account page. For anything that is not, email privacy@portrop.com and we will respond within 30 days.

8. International Transfers

Portrop is operated from Israel. Our primary data infrastructure (Supabase, Vercel) runs in the United States. If you access Portrop from the EU, UK, or other regions, your personal data is transferred to the United States and to Israel. We rely on the EU Commission's adequacy decision for Israel and on our processors' Standard Contractual Clauses for US transfers where applicable.

9. Children's Privacy

Portrop is not directed at individuals under the age of 18 and is not intended for children. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, email us at privacy@portrop.com and we will delete it.

10. Security

We protect data in transit with HTTPS, enforce row-level security on the database so users cannot read each other's rows, and store authentication secrets with industry-standard hashing. No system is perfectly secure. If we become aware of a breach involving your personal data we will notify you without undue delay in accordance with applicable law.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be announced on this page with an updated "Last updated" date and, for registered users, by email. Your continued use of Portrop after any changes constitutes acceptance of the revised policy.

12. Contact

Privacy questions, data-rights requests, or complaints: privacy@portrop.com.