Last updated: May 22, 2026
Account data. When you sign up with email and password, we store your email address and an encrypted password (managed by our authentication provider, Supabase). When you sign up with Google, we additionally store the full name your Google account exposes, used only to personalize the UI. Payment details (card numbers, billing address) are handled exclusively by Stripe; we never see or store them.
Product data. Stocks you look up, your watchlists, your portfolios and holdings (Premium), saved alerts, and custom quality weights. Stored on our database and tied to your account.
Attribution data. So we can understand which channels bring users to Intrinsiqq, we store at signup time: the page you landed on, the referring URL (if any), UTM parameters (if any), and the country derived from your IP. This is captured once at first touch and never updated thereafter.
First-party analytics. We run our own server-side analytics in place of third-party trackers. For every page view we log, server-side only, with no cookies and no client-side storage:
sha256(daily_salt + UA + IP-truncated-to-/24 + UTC-date). The salt rotates every UTC day so the hash cannot be correlated across days. The IP is truncated to the /24 network block beforehashing and is never stored. We use this only to group a single device’s anonymous and authenticated page views within the same calendar day, for first-touch source attribution. The pattern follows CNIL’s exempted- analytics guidance and is the same approach used by Plausible / Matomo.Post-consent (after you click Accept) we additionally log: a coarse city label, UTM parameters from the URL, and an anonymous session ID generated client-side after Accept.
We also log a small set of high-value product events (e.g. sign_up, search with the search text, outbound link clicks, DCF / quality-weight changes) tied to your user ID. Raw IP addresses and raw User-Agent strings are never stored.
Legal basis: ePrivacy 5(3) does not apply because no information is stored on or read from your device; GDPR Art. 6(1)(f) (legitimate interest) covers the processing, with IP truncation, daily salt rotation, and absence of raw identifiers as the necessary minimisation.
Subscription history. When you upgrade, cancel, or are billed by Stripe, we keep our own record of the event type, amount, currency, and timestamp so we can show your subscription status and compute aggregate revenue metrics. Card data stays with Stripe.
We do not sell, rent, or share your personal data with third parties for marketing purposes.
We use the following services to operate Intrinsiqq:
Beyond the services above, our own server-side analytics are first-party: page-view and product-event data is stored only in our own database and is never shared with advertising networks or third parties for marketing purposes. See section 1 for what we log.
We work with a small number of content creators (the “Partners”) who promote Intrinsiqq to their audience and receive a commission on attributed paid subscriptions. When you click a partner link, we may store the partner’s identifier (a short slug, e.g. ?utm_source=thinkinginreturns) on your profile so we can attribute a future signup to that partner. We share no personal information with Partners. Partners only receive aggregate counts of signups and paid conversions attributed to them, plus the commission amount. Legal basis: legitimate interest in running the partner program. You can request the removal of the partner identifier from your profile at any time (see section 6).
Strictly necessary cookies manage your authentication session (set by Supabase), security, and your cookie-consent choice (cc_cookie). These are required for the site to function and do not require consent under ePrivacy 5(3).
Analytics cookies (_ga, _ga_*) are set by Google Analytics 4 only after you click Accept on the cookie banner. They help us understand traffic patterns and improve the site. You can change your choice anytime by clearing cookies and reloading the page, or by emailing us. We do not use advertising cookies and do not share data with advertising networks.
First-party browser storage. We use a small number of entries in localStorage, which are not cookies but serve a similar role:
ftch_utm— first-touch UTM and referrer snapshot, used to attribute your signup to the channel that brought you. Written on first page-load if a UTM parameter or non-empty referrer is present. Cleared on successful signup.intrinsiqq_session_id(or similar) — an anonymous random ID used to group your page views within a single session. Written only after you click Accept on the consent banner; cleared on Decline.auth_google_return_to— the page you were on when you started a Google sign-in, so we can return you there after the OAuth round-trip. Cleared on use.Pre-consent server-side logging. Independently of cookies, our server records each page request with: path, country (from a Vercel header), browser and device family (parsed from the User-Agent), originating-app label when applicable, and your user ID if you are signed in. This logging contains no cookies, no fingerprinting, and no IP addresses, and is equivalent in scope to a server access log. Legal basis: legitimate interest in operating and improving the service.
Browser-level opt-out signals. If your browser sends Global Privacy Control (navigator.globalPrivacyControl) or Do Not Track (navigator.doNotTrack = "1"), we treat that as an automatic Decline: the cookie banner is skipped, no analytics scripts are loaded, and any existing _ga cookies are removed.
Account and product data. Retained as long as your account is active. If you delete your account, your profile, watchlists, portfolios, holdings, alerts, quality weights, attribution fields, and authentication record are permanently and immediately removed.
First-party analytics rows. Page-view and product-event rows that reference your user ID are de-personalized on account deletion: the user-ID field is set to NULL, leaving an anonymous aggregate row that can no longer be tied back to you. We retain those anonymous rows indefinitely for long-range trend analysis. Subscription-event rows and daily-active markers that name you are deleted entirely.
Google Analytics.Events sent to GA4 are removed via GA4’s standard 14-month retention. They cannot be tied back to you once your account is deleted, because we identify you in GA4 by an opaque user ID, not by name or email.
Stripe. Stripe retains payment records independently per its own retention policy and applicable tax law, which we cannot override.
If you are in the EU/EEA, you have the right to:
To exercise any of these rights, email us at security@intrinsiqq.com.
We protect your data with HTTPS encryption in transit, encrypted database connections, HTTP-only session cookies, and Content Security Policy headers. Passwords are hashed by Supabase using bcrypt and are never stored in plaintext.
If you are a California resident, the California Consumer Privacy Act (CCPA) gives you the following rights:
We do not sell, share, or trade your personal information to or with third parties for monetary or other valuable consideration. We do not sell personal information as defined under CCPA 1798.100 et seq.
To exercise your right to know or right to delete, email us at security@intrinsiqq.com. We will respond within 45 days as required by the CCPA.
We may update this policy from time to time. Significant changes will be communicated via email or a notice on the website.
For privacy-related questions, contact us at security@intrinsiqq.com.