Privacy Policy for costonks

Effective Date: 21 March 2026
Last Updated: 21 March 2026

costonks ("we," "us," "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and share your personal data when you use our mobile and web application ("the App"). By accessing or using the App, you agree to this Privacy Policy.

Data Controller: costonks
Contact: hello@costonks.com
Location: Belgium

1. Information We Collect

1.1 Information You Provide Directly

When you create an account and use the App, you provide:

  • Account Information: Name, email address, username, date of birth, and profile bio (optional)
  • Authentication Data: Login credentials via Google Sign-In, Apple Sign-In, or email/password
  • User-Generated Content: Posts, comments, images, and links you share in communities
  • Portfolio Data: Virtual stock portfolios, transaction records (buy/sell activities), stock watchlists, and performance tracking data

Legal Basis: Performance of contract (necessary to provide the App's services) and consent (where you voluntarily provide optional information like bio).

1.2 Information We Collect Automatically

When you use the App, we automatically collect:

  • Usage Data: Actions you take in the App (creating posts, adding stocks to watchlist, creating portfolios, login/logout events)
  • Technical Data: Device type, operating system, app version, IP address, browser type, and crash reports
  • Analytics Data: Aggregated usage statistics via Firebase Analytics (e.g., which features are used most, session duration)

Legal Basis: Legitimate interests (to improve app functionality, fix bugs, understand user behavior, and enhance user experience).

1.3 Third-Party Data

If you choose to sign in via Google or Apple, we receive basic profile information (name, email) from these providers in accordance with their terms of service.

2. How We Use Your Data

We use your personal data for the following purposes:

2.1 To Provide and Maintain the App (Contract Performance)

  • Enable user authentication and account management
  • Store and display your portfolios, posts, and watchlists
  • Enable social features (communities, comments, following users)
  • Provide real-time stock data and portfolio performance tracking

2.2 To Improve the App (Legitimate Interests)

  • Analyze user behavior via Firebase Analytics to understand feature usage
  • Identify and fix bugs through Firebase Crashlytics crash reporting
  • Optimize app performance and user experience
  • Develop new features based on user needs

2.3 To Comply with Legal Obligations

  • Respond to legal requests from authorities
  • Enforce our Terms of Service
  • Protect the rights and safety of our users

We do NOT sell your personal data to third parties.

3. Third-Party Services

We use the following third-party services to operate the App:

Service Purpose Data Processed
Firebase Authentication User login and account management Email, name, authentication tokens
Cloud Firestore Database storage All user-generated content and portfolio data
Firebase Storage Image and file hosting User-uploaded images (profile pictures, post images)
Firebase Analytics Usage analytics and app improvement Aggregated usage events, device info (no personal identifiers)
Firebase Crashlytics Crash reporting and error tracking Device info, crash logs, app version
Alpha Vantage API Stock price data Stock symbols you search or add (no personal data)
Google Sign-In / Apple Sign-In Third-party authentication Name, email from your Google/Apple account

These services are provided by Google LLC (Firebase, Google Sign-In) and Apple Inc. (Apple Sign-In), which may process data outside the European Economic Area (EEA). Google and Apple comply with GDPR through standard contractual clauses and privacy frameworks.

4. Data Storage and Retention

4.1 Where We Store Your Data

Your data is stored on Google Cloud Platform (Firebase) servers, which may be located in the United States or other regions. Google complies with GDPR requirements for international data transfers.

4.2 How Long We Keep Your Data

  • Active Accounts: Data is retained as long as your account is active
  • Deleted Accounts: Within 60 days of account deletion, all personal data is permanently deleted from our systems
  • Legal Retention: In limited cases, we may retain data longer if required by law (e.g., fraud investigation, legal disputes)
  • Analytics Data: Aggregated, anonymized analytics data may be retained indefinitely for statistical purposes

5. Your Rights Under GDPR (EU Users)

If you are located in the European Union, you have the following rights:

5.1 Right to Access

Request a copy of the personal data we hold about you.

5.2 Right to Rectification

Correct inaccurate or incomplete personal data through your account settings or by contacting us.

5.3 Right to Erasure ("Right to be Forgotten")

Request deletion of your personal data by deleting your account or contacting us at hello@costonks.com.

5.4 Right to Restriction of Processing

Request that we limit how we use your personal data in certain circumstances.

5.5 Right to Data Portability

Receive your personal data in a structured, machine-readable format (e.g., JSON export of your portfolio data).

5.6 Right to Object

Object to processing based on legitimate interests. You can disable Firebase Analytics tracking by contacting us.

5.7 Right to Withdraw Consent

Where processing is based on consent (e.g., optional bio), you can withdraw consent at any time without affecting prior processing.

5.8 Right to Lodge a Complaint

You have the right to lodge a complaint with your local data protection authority if you believe we have violated your privacy rights.

To exercise these rights, contact us at: hello@costonks.com

6. Data Security

We implement industry-standard security measures to protect your data, including:

  • Encrypted data transmission (HTTPS/TLS)
  • Firebase Authentication with secure token-based authentication
  • Firestore security rules to prevent unauthorized access
  • Regular security updates and monitoring

However, no system is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

7. Cookies and Tracking Technologies

The App uses cookies and similar technologies for:

  • Essential Cookies: Required for authentication and core app functionality
  • Analytics Cookies: Firebase Analytics uses cookies to track usage patterns (you can opt-out by contacting us)

You can manage cookie preferences in your browser settings, but disabling essential cookies may limit app functionality.

8. International Data Transfers

Your data may be transferred to and processed in countries outside the European Economic Area (EEA), including the United States. We ensure such transfers comply with GDPR through:

  • Google's compliance with EU Standard Contractual Clauses (SCCs)
  • Firebase's adherence to the EU-U.S. Data Privacy Framework

9. Children's Privacy

The App is not intended for users under 16 years of age (per GDPR requirements). We do not knowingly collect personal data from children under 16. If we discover that a child under 16 has provided personal data, we will delete it immediately.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by:

  • Posting the updated policy in the App with a new "Last Updated" date
  • Sending an in-app notification or email (for material changes affecting your rights)

Continued use of the App after changes constitutes acceptance of the updated policy.

11. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us at:
Email: hello@costonks.com
Data Controller: costonks (Belgium)

12. Supervisory Authority

For EU users, you may contact your local data protection authority. For Belgium:
Gegevensbeschermingsautoriteit (GBA)
Website: www.gegevensbeschermingsautoriteit.be

← Back to Home