Privacy Policy

Last Updated: December 27, 2025

1. Introduction

Welcome to Penvid ("we," "our," or "us"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our portfolio tracking and investment analytics platform at penvid.dk (the "Service").

Penvid is operated by Karsten Bak Malle, located at Lyshøjgårdsvej 103, Valby 2500, Denmark.

We are committed to protecting your privacy and ensuring transparency in how we handle your personal data in compliance with the General Data Protection Regulation (GDPR) and Danish data protection laws.

2. Data Controller

For the purposes of the GDPR, the data controller is:

Name: Karsten Bak Malle

Address: Lyshøjgårdsvej 103, Valby 2500, Denmark

Email: support@penvid.dk

3. Information We Collect

3.1 Information You Provide

We collect information that you voluntarily provide when using our Service:

  • Account Information: Email address, full name, password (encrypted)
  • Profile Information: Optional avatar/profile picture
  • Portfolio Data: Investment holdings, purchase prices, quantities, notes, portfolio names and descriptions
  • Payment Information: Processed securely through Stripe (we do not store credit card details)

3.2 Automatically Collected Information

When you access our Service, we automatically collect:

  • Usage Data: Pages visited, features used, time spent, click patterns
  • Device Information: IP address, browser type, operating system, device type
  • Cookies and Tracking: See our Cookie Policy for details
  • Log Data: Access times, error logs, performance metrics

3.3 Third-Party Data

We receive stock market data from our third-party provider:

  • Stock Price Data: Real-time and historical pricing from TwelveData API
  • Symbol Information: Stock symbols, company names, exchange information

4. How We Use Your Information

We use your personal data for the following purposes:

4.1 Service Provision

  • Create and manage your account
  • Store and display your portfolio data
  • Fetch real-time stock prices for your holdings
  • Calculate portfolio performance and analytics
  • Provide historical performance tracking

4.2 Payment Processing

  • Process subscription payments through Stripe
  • Manage billing and invoicing
  • Handle refunds and cancellations
  • Send payment receipts and notifications

4.3 Communication

  • Send service-related emails (welcome, password reset, trial expiration)
  • Notify you of subscription status changes
  • Respond to your support inquiries
  • Send important service updates and security alerts

4.4 Analytics and Improvement

  • Analyze usage patterns to improve the Service
  • Monitor performance and fix bugs
  • Conduct A/B testing for feature optimization
  • Generate aggregated, anonymized statistics

4.5 Legal Compliance

  • Comply with legal obligations
  • Prevent fraud and abuse
  • Enforce our Terms of Service
  • Protect our rights and security

5. Legal Basis for Processing (GDPR)

Under GDPR, we process your personal data based on:

  • Contractual Necessity: To provide the Service you signed up for
  • Legitimate Interests: To improve our Service, prevent fraud, and ensure security
  • Consent: For optional analytics and marketing cookies (you can withdraw anytime)
  • Legal Obligation: To comply with tax, accounting, and legal requirements

6. Third-Party Service Providers

We share your data with trusted third-party providers who assist in operating our Service:

Supabase (Database & Authentication)

Stores user accounts, portfolios, and holdings. Privacy Policy: supabase.com/privacy

Stripe (Payment Processing)

Handles all payment transactions securely. Privacy Policy: stripe.com/privacy

TwelveData (Stock Market Data)

Provides real-time and historical stock prices. Privacy Policy: twelvedata.com/privacy-policy

Sentry (Error Tracking)

Monitors errors and performance issues. Privacy Policy: sentry.io/privacy

PostHog (Analytics)

Analyzes user behavior to improve the Service (requires your consent). Privacy Policy: posthog.com/privacy

Vercel (Hosting)

Hosts our application infrastructure. Privacy Policy: vercel.com/legal/privacy-policy

Upstash (Rate Limiting)

Manages API rate limits for security. Privacy Policy: upstash.com/trust/privacy

Marketing Services (Optional): If you consent to marketing cookies, we may use:

  • Facebook Pixel: For ad targeting and conversion tracking
  • Google Ads: For ad performance measurement

7. International Data Transfers

Some of our service providers are located outside the European Economic Area (EEA). When transferring data internationally, we ensure adequate safeguards are in place through:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Providers certified under the EU-U.S. Data Privacy Framework
  • Adequacy decisions by the European Commission

8. Data Retention

We retain your personal data for as long as necessary to provide the Service and comply with legal obligations:

  • Active Accounts: Data retained while your account is active
  • Deleted Accounts: Data soft-deleted and permanently removed after 90 days
  • Financial Records: Billing information retained for 5 years (tax compliance)
  • Logs and Analytics: Aggregated data retained for 2 years

You can request account deletion at any time from your Settings page or by contacting support@penvid.dk.

9. Your Rights Under GDPR

As a data subject under GDPR, you have the following rights:

Right to Access

Request a copy of the personal data we hold about you

Right to Rectification

Correct inaccurate or incomplete data (available in Settings)

Right to Erasure ("Right to be Forgotten")

Request deletion of your personal data (available in Settings or contact us)

Right to Restrict Processing

Limit how we use your data in certain circumstances

Right to Data Portability

Receive your data in a machine-readable format (CSV/JSON export available for Plus/Pro tiers)

Right to Object

Object to processing based on legitimate interests or for marketing purposes

Right to Withdraw Consent

Withdraw consent for analytics/marketing cookies at any time (Cookie Settings)

Right to Lodge a Complaint

File a complaint with the Danish Data Protection Agency (Datatilsynet): www.datatilsynet.dk

To exercise any of these rights, contact us at support@penvid.dk. We will respond within 30 days.

10. Data Security

We implement industry-standard security measures to protect your data:

  • Encryption: All data transmitted using TLS/SSL encryption (HTTPS)
  • Password Security: Passwords hashed using bcrypt with salt
  • Database Security: Row-Level Security (RLS) policies in Supabase
  • Access Control: Strict authentication and authorization checks
  • Rate Limiting: Protection against brute-force attacks
  • Regular Backups: Automated daily backups of all data
  • Monitoring: 24/7 error tracking and security monitoring via Sentry

However, no method of transmission over the internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

11. Children's Privacy

Our Service is not directed to children under the age of 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal data, please contact us at support@penvid.dk and we will delete such information.

12. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience. For detailed information about the cookies we use and how to manage them, please see our Cookie Policy.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of significant changes by:

  • Posting the new Privacy Policy on this page
  • Updating the "Last Updated" date at the top
  • Sending an email notification for material changes

Continued use of the Service after changes constitutes acceptance of the updated Privacy Policy.

14. Investment Disclaimers

Important: Data provided through our Service is for informational purposes only and does not constitute investment advice, financial advice, trading advice, or any other sort of advice.

We rely on external partners (TwelveData) for stock pricing and market information. While we strive for accuracy:

  • Price data may be delayed or inaccurate
  • We are not responsible for errors in third-party data
  • Always verify critical information with your broker
  • Past performance does not guarantee future results

15. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

Email: support@penvid.dk

Address: Karsten Bak Malle, Lyshøjgårdsvej 103, Valby 2500, Denmark

This Privacy Policy is governed by Danish law and complies with the General Data Protection Regulation (GDPR) and the Danish Data Protection Act.