Privacy Policy
Last updated: February 18, 2026
1. Data Controller
Stockletter is operated by Madison Hofer. For privacy inquiries, contact privacy@stockletter.madisonhofer.cloud.
2. Data We Collect
Account Information
- Email address (required for account creation and briefing delivery)
- Name (optional, from Google OAuth or user input)
- Profile image (from Google OAuth, if provided)
Portfolio Data
- Stock and crypto ticker symbols
- Number of shares/units held
- Average cost basis (optional)
- Watchlist entries and price targets
Usage Data
- Briefing open and click events (via email tracking pixel)
- Briefing feedback and ratings
- Feature usage patterns (anonymized)
Payment Data
Payment processing is handled entirely by Stripe. We store only your Stripe customer ID and subscription ID. We never store credit card numbers, CVVs, or bank account details.
3. How We Use Your Data
- Briefing generation: Portfolio data is sent to Claude AI (Anthropic) to generate personalized analysis. Only ticker symbols, share counts, and cost basis are included — never your email or identity.
- Email delivery: Your email address is used to deliver briefings and transactional emails (verification, billing).
- Service improvement: Anonymized usage data helps us improve briefing quality and features.
- Billing: Stripe customer IDs manage your subscription and payment history.
4. Data Sharing
We share data only with the following third-party processors:
| Service | Purpose | Data Shared |
|---|---|---|
| Anthropic (Claude) | AI analysis | Portfolio tickers, quantities, costs |
| Stripe | Payments | Email, billing info |
| Google OAuth | Authentication | Email, name, profile image |
We do not sell, rent, or trade your personal data to any third party.
5. Your Rights (GDPR)
If you are located in the European Economic Area, you have the following rights under GDPR:
- Access: Request a copy of all personal data we hold about you.
- Rectification: Request correction of inaccurate data.
- Erasure: Request deletion of your account and all associated data.
- Portability: Request your data in a machine-readable format.
- Objection: Object to processing based on legitimate interests.
- Restriction: Request restriction of processing in certain circumstances.
To exercise these rights, contact privacy@stockletter.madisonhofer.cloud. We will respond within 30 days.
6. Data Retention
- Account data is retained as long as your account is active.
- Briefing history is retained for 12 months, then automatically deleted.
- Market data cache is ephemeral and expires within 24 hours.
- After account deletion, all personal data is permanently removed within 30 days.
7. Security
We implement appropriate technical and organizational measures to protect your data, including:
- Encrypted data in transit (TLS/HTTPS)
- Encrypted database connections
- Access controls and authentication
- Regular security reviews
8. Cookies and Tracking
Stockletter uses essential cookies for authentication and session management. We use a self-hosted analytics solution (Umami) that does not use cookies and does not track personal data. Briefing emails include a 1x1 tracking pixel to measure open rates — this can be blocked by your email client.
9. Changes to This Policy
We may update this privacy policy from time to time. Material changes will be communicated via email. The date at the top of this page indicates the last revision.
10. Contact
For any privacy-related questions or concerns: privacy@stockletter.madisonhofer.cloud