Privacy Policy

This Privacy Policy explains how Press agency MOREL (the operator of EquityMonitoring) collects, uses and stores personal data when you use the EquityMonitoring application.

Data controller

Press agency MOREL, Ljubljana, Slovenia, is the data controller for this service unless you self-host the software, in which case the operator of that installation is the controller.

What we collect

We store only the minimal personal data necessary to operate the service and provide the requested functionality. This typically includes:

• Account username and any profile data you enter.
• Investment, company and transaction data you upload or create in the application (amounts, dates, descriptions).
• If you subscribe to a paid plan via PayPal, we store the PayPal Subscription ID and related subscription status to track billing; we do not store PayPal account credentials, payment method details, or other sensitive PayPal data.
• Server logs and technical metadata (IP addresses, user agent) kept for operational and security purposes.
• If you sign up or log in via Google OAuth, we request only the user’s Google Account basic profile (name, email address, and Google Account identifier) and no other Google data scopes.

How we use Google user data

When you choose Google to sign up or sign in, EquityMonitoring uses the Google OAuth consent flow to obtain your verified email address and profile name. We use that information exclusively to:

• Create or match your EquityMonitoring account and keep your login secure.
• Display your name/email in the interface so you can identify the active session.
• Send critical account messages such as password change confirmations or billing notices.

We do not use Google user data to build marketing profiles, share it with advertisers, or combine it with unrelated datasets. Google user data is never sold or shared with third parties except the processors listed in this policy, and only for operating the service. You may disconnect Google access at any time via the EquityMonitoring profile page or your Google Account permissions page, after which we remove the stored OAuth tokens. Removing your account or requesting deletion permanently erases the associated Google user data from our systems within 30 days.

External processors

We use PayPal as an external payment processor for subscription payments. PayPal acts as a separate data controller/processor for payment processing. Please review PayPal's privacy information here: PayPal Privacy Statement. We use Google OAuth as secondary channel to create accounts. We store backups in GitLab package registry.

Retention

Data retention periods are kept deliberately short for this service. Unless you request otherwise, user-related operational data (including subscription status and logs) will be retained for 90 days after the account becomes inactive or a subscription expires. The backups are retained for maximum of 90 days when they are automatically deleted along with any account details. PayPal transactions and subscription invoices are retained as per legal requirement according Slovenian legislation for 10 years. User-exported CSVs are controlled by the user and are not automatically deleted by this service.

Exporting and deleting your data

You can export and request deletion of your data; the FAQ documents the export and deletion flows. See the FAQ for step-by-step instructions on exporting and deleting account data.

Cookies and tracking

The application uses cookies necessary for authenticated sessions and CSRF protection. We do not enable analytics cookies or third-party tracking by default in the base distribution. Operators who self-host may enable additional tracking or analytics; these are not enabled by default.

Security

We follow common best practices: run the site over HTTPS, protect secrets, and keep sensitive operations server-side. If you self-host, ensure your deployment rotates keys and secures backups. For hosted deployments, contact the operator for the specific measures in place.

Children

The service is not directed at children and we do not knowingly collect data from children under applicable ages; if you believe an account belonging to a child exists, contact the operator to request removal.

Contact

For privacy questions or to exercise your data subject rights (access, correction, deletion), contact Press agency MOREL at crt@the-mori.com.

Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be announced in the application as notification when you login to your account.