Last updated: July 9, 2026
Intrinsiqq is a stock analysis service operated as a sole proprietorship based in the Netherlands (“Intrinsiqq”, “we”, “us”). We are the data controller responsible for your personal data under the GDPR. For any privacy question, or to exercise your rights, contact us at security@intrinsiqq.com.
Account data. When you sign up with email and password, we store your email address and an encrypted password (managed by our authentication provider). When you sign up with Google, we additionally store the full name your Google account exposes, used only to personalize the UI. Payment details (card numbers, billing address) are handled exclusively by our payment processor; we never see or store them.
Product data. Stocks you look up, your watchlists, your portfolios and holdings (Premium), saved alerts, and custom quality weights. Stored on our database and tied to your account.
Attribution data. So we can understand which channels bring users to Intrinsiqq, we store at signup time: the page you landed on, the referring URL (if any), UTM parameters (if any), and the country derived from your IP. This is captured once at first touch and never updated thereafter.
First-party analytics. We run our own server-side analytics in place of third-party trackers. For every page view we log, server-side only, with no cookies and no client-side storage:
Post-consent (after you click Accept) we additionally log: a coarse city label, UTM parameters from the URL, and an anonymous session ID generated client-side after Accept.
We also log a small set of high-value product events (e.g. sign_up, search with the search text, outbound link clicks, DCF / quality-weight changes) tied to your user ID. Raw IP addresses and raw User-Agent strings are never stored.
Legal basis: this analytics logging stores nothing on and reads nothing from your device, so it needs no cookie consent; the processing relies on our legitimate interest (GDPR Art. 6(1)(f)) in understanding and improving the service, kept to the minimum described above.
Subscription history. When you upgrade, cancel, or are billed for your subscription, we keep our own record of the event type, amount, currency, and timestamp so we can show your subscription status and compute aggregate revenue metrics. Card data stays with our payment processor.
We do not sell, rent, or share your personal data with third parties for marketing purposes.
We rely on a small number of trusted service providers to operate Intrinsiqq. They act as our processors and may only use your data to provide their service to us. The categories are:
Beyond the services above, our own server-side analytics are first-party: page-view and product-event data is stored only in our own database and is never shared with advertising networks or third parties for marketing purposes. See section 1 for what we log.
We work with a small number of content creators (the “Partners”) who promote Intrinsiqq to their audience and receive a commission on attributed paid subscriptions. When you click a partner link, we may store the partner’s identifier (a short slug, e.g. ?utm_source=thinkinginreturns) on your profile so we can attribute a future signup to that partner. We share no personal information with Partners. Partners only receive aggregate counts of signups and paid conversions attributed to them, plus the commission amount. Legal basis: legitimate interest in running the partner program. You can request the removal of the partner identifier from your profile at any time (see section 6).
Some of the providers listed above process data outside the EU/EEA, primarily in the United States. Where that happens, the transfer is protected by an appropriate safeguard under GDPR Chapter V: certification under the EU-US Data Privacy Framework or, where a provider is not certified, the European Commission’s Standard Contractual Clauses. Our authentication, database, and payment providers process personal data within the EU.
We may disclose your personal data where we are legally required to do so, for example in response to a valid request from a court, regulator, or law-enforcement authority, or where disclosure is necessary to establish, exercise, or defend legal claims, or to protect the rights, safety, or property of Intrinsiqq, our users, or the public. We limit any such disclosure to what is legally required.
Strictly necessary cookies manage your authentication session (set by our authentication provider), security, and your cookie-consent choice (cc_cookie). These are required for the site to function and do not require consent.
Analytics cookies are set by our analytics provider only after you click Accept on the cookie banner. They help us understand traffic patterns and improve the site. You can change your choice anytime by clearing cookies and reloading the page, or by emailing us. We do not use advertising cookies and do not share data with advertising networks.
First-party browser storage.We use a small number of entries in your browser’s local storage, which are not cookies but serve a similar role:
Pre-consent server-side logging. Independently of cookies, our server records each page request with: path, country, browser and device family, an originating-app label when applicable, and your user ID if you are signed in. This logging sets no cookies, keeps no raw IP addresses, and does not track you across days. It is equivalent in scope to a standard server access log. Legal basis: legitimate interest in operating and improving the service.
Browser-level opt-out signals. If your browser sends a Global Privacy Control or Do Not Track signal, we treat it as an automatic Decline: the cookie banner is skipped, no analytics scripts are loaded, and any existing analytics cookies are removed.
Account and product data. Retained as long as your account is active. If you delete your account, your profile, watchlists, portfolios, holdings, alerts, quality weights, attribution fields, and authentication record are permanently and immediately removed.
First-party analytics rows. Page-view and product-event rows that reference your user ID are de-personalized on account deletion: the user-ID field is set to NULL, leaving an anonymous aggregate row that can no longer be tied back to you. We retain those anonymous rows indefinitely for long-range trend analysis. Subscription-event rows and daily-active markers that name you are deleted entirely.
Analytics provider. Events sent to our analytics provider are removed via its standard 14-month retention. They cannot be tied back to you once your account is deleted, because we identify you there by an opaque user ID, not by name or email.
Payment processor. Our payment processor retains payment records independently per its own retention policy and applicable tax law, which we cannot override.
If you are in the EU/EEA, you have the right to:
To exercise any of these rights, email us at security@intrinsiqq.com.
You also have the right to lodge a complaint with your local data protection authority. In the Netherlands this is the Autoriteit Persoonsgegevens (autoriteitpersoonsgegevens.nl).
We protect your data with HTTPS encryption in transit, encrypted database connections, HTTP-only session cookies, and Content Security Policy headers. Passwords are hashed by our authentication provider using bcrypt and are never stored in plaintext.
If you are a California resident, the California Consumer Privacy Act (CCPA) gives you the following rights:
We do not sell, share, or trade your personal information to or with third parties for monetary or other valuable consideration. We do not sell personal information as defined under CCPA 1798.100 et seq.
To exercise your right to know or right to delete, email us at security@intrinsiqq.com. We will respond within 45 days as required by the CCPA.
We may update this policy from time to time. Significant changes will be communicated via email or a notice on the website.
For privacy-related questions, contact us at security@intrinsiqq.com.