← Back to home

Privacy Policy

Last updated: July 9, 2026

Intrinsiqq is a stock analysis service operated as a sole proprietorship based in the Netherlands (“Intrinsiqq”, “we”, “us”). We are the data controller responsible for your personal data under the GDPR. For any privacy question, or to exercise your rights, contact us at security@intrinsiqq.com.

1. What we collect

Account data. When you sign up with email and password, we store your email address and an encrypted password (managed by our authentication provider). When you sign up with Google, we additionally store the full name your Google account exposes, used only to personalize the UI. Payment details (card numbers, billing address) are handled exclusively by our payment processor; we never see or store them.

Product data. Stocks you look up, your watchlists, your portfolios and holdings (Premium), saved alerts, and custom quality weights. Stored on our database and tied to your account.

Attribution data. So we can understand which channels bring users to Intrinsiqq, we store at signup time: the page you landed on, the referring URL (if any), UTM parameters (if any), and the country derived from your IP. This is captured once at first touch and never updated thereafter.

First-party analytics. We run our own server-side analytics in place of third-party trackers. For every page view we log, server-side only, with no cookies and no client-side storage:

  • The path you visited (no query string, no fragment).
  • A country code derived from request headers.
  • The referring URL with any query string and fragment stripped, so identifiers embedded in URLs are not logged.
  • A browser family label (e.g. Chrome, Safari, Firefox) and a device-type label (Desktop, Mobile, Tablet). The raw User-Agent is not stored.
  • An originating-app label when you arrive through an in-app browser (e.g. twitter, reddit, youtube).
  • A short-lived, privacy-preserving identifier that lets us group a single device’s page views within one calendar day for source attribution. It stores no IP address and cannot be linked to you across days.
  • Your user ID, if you are signed in at the time of the page view.

Post-consent (after you click Accept) we additionally log: a coarse city label, UTM parameters from the URL, and an anonymous session ID generated client-side after Accept.

We also log a small set of high-value product events (e.g. sign_up, search with the search text, outbound link clicks, DCF / quality-weight changes) tied to your user ID. Raw IP addresses and raw User-Agent strings are never stored.

Legal basis: this analytics logging stores nothing on and reads nothing from your device, so it needs no cookie consent; the processing relies on our legitimate interest (GDPR Art. 6(1)(f)) in understanding and improving the service, kept to the minimum described above.

Subscription history. When you upgrade, cancel, or are billed for your subscription, we keep our own record of the event type, amount, currency, and timestamp so we can show your subscription status and compute aggregate revenue metrics. Card data stays with our payment processor.

2. How we use your data

  • To provide and improve the Intrinsiqq service
  • To send password reset emails (only when you request one)
  • To enforce usage limits based on your subscription tier
  • To send price and metric alerts you have configured
  • To send periodic service emails about the companies you track, such as a weekly summary of how your watchlist and holdings moved, plus a small number of getting-started emails when you first sign up. We send these on the basis of our legitimate interests (GDPR Art. 6(1)(f)) in providing the service you signed up for; they relate only to your account and the companies you follow, with no third-party advertising. You can opt out at any time using the one-click unsubscribe link in every email or in Settings.
  • To send occasional product updates and announcements, but only if you opt in. You can opt in at signup or in Settings → Email preferences, and unsubscribe at any time using the one-click link in every such email or by toggling the same setting back off.

We do not sell, rent, or share your personal data with third parties for marketing purposes.

3. Third-party services

We rely on a small number of trusted service providers to operate Intrinsiqq. They act as our processors and may only use your data to provide their service to us. The categories are:

  • Hosting and infrastructure: to run the application and store data. Legal basis: contract performance.
  • Authentication and database: to manage your account, sign-in session, and stored product data. Legal basis: contract performance.
  • Payment processing: to take payment for paid plans and notify us of subscription events (checkout, renewal, cancellation) so we can keep your status in sync. Card details are handled entirely by the processor; we never see or store them. Legal basis: contract performance.
  • Analytics: privacy-friendly page-view and performance analytics, loaded only after you accept analytics cookies, with no cross-site tracking and no advertising cookies. Legal basis: consent.
  • Error monitoring: to detect and diagnose breakage. May capture browser version, URL, stack trace, and (when applicable) your user ID; never form contents or passwords. Legal basis: legitimate interest in keeping the service secure and operational.
  • Financial-data, news, and logo providers: queried by ticker symbol or company domain from our servers to retrieve prices, filings, news headlines, and logos. No personal data is sent to them. We also use public SEC EDGAR filing data.

Beyond the services above, our own server-side analytics are first-party: page-view and product-event data is stored only in our own database and is never shared with advertising networks or third parties for marketing purposes. See section 1 for what we log.

3a. Affiliate / partner program

We work with a small number of content creators (the “Partners”) who promote Intrinsiqq to their audience and receive a commission on attributed paid subscriptions. When you click a partner link, we may store the partner’s identifier (a short slug, e.g. ?utm_source=thinkinginreturns) on your profile so we can attribute a future signup to that partner. We share no personal information with Partners. Partners only receive aggregate counts of signups and paid conversions attributed to them, plus the commission amount. Legal basis: legitimate interest in running the partner program. You can request the removal of the partner identifier from your profile at any time (see section 6).

3b. International data transfers

Some of the providers listed above process data outside the EU/EEA, primarily in the United States. Where that happens, the transfer is protected by an appropriate safeguard under GDPR Chapter V: certification under the EU-US Data Privacy Framework or, where a provider is not certified, the European Commission’s Standard Contractual Clauses. Our authentication, database, and payment providers process personal data within the EU.

3c. Legal disclosures

We may disclose your personal data where we are legally required to do so, for example in response to a valid request from a court, regulator, or law-enforcement authority, or where disclosure is necessary to establish, exercise, or defend legal claims, or to protect the rights, safety, or property of Intrinsiqq, our users, or the public. We limit any such disclosure to what is legally required.

4. Cookies and local storage

Strictly necessary cookies manage your authentication session (set by our authentication provider), security, and your cookie-consent choice (cc_cookie). These are required for the site to function and do not require consent.

Analytics cookies are set by our analytics provider only after you click Accept on the cookie banner. They help us understand traffic patterns and improve the site. You can change your choice anytime by clearing cookies and reloading the page, or by emailing us. We do not use advertising cookies and do not share data with advertising networks.

First-party browser storage.We use a small number of entries in your browser’s local storage, which are not cookies but serve a similar role:

  • A first-touch snapshot of the UTM parameters and referrer that brought you to Intrinsiqq, used to attribute your signup to the right channel. It is only persisted after you click Accept, is erased if you click Decline, and is cleared once you sign up.
  • An anonymous session ID used to group your page views within a single visit. Written only after you accept analytics consent, and cleared if you decline.
  • A couple of short-lived helpers used only during Google sign-in, to return you to the page you started from and to preserve your first-touch attribution across the sign-in redirect. They are read once and deleted, and are never used to identify returning users.

Pre-consent server-side logging. Independently of cookies, our server records each page request with: path, country, browser and device family, an originating-app label when applicable, and your user ID if you are signed in. This logging sets no cookies, keeps no raw IP addresses, and does not track you across days. It is equivalent in scope to a standard server access log. Legal basis: legitimate interest in operating and improving the service.

Browser-level opt-out signals. If your browser sends a Global Privacy Control or Do Not Track signal, we treat it as an automatic Decline: the cookie banner is skipped, no analytics scripts are loaded, and any existing analytics cookies are removed.

5. Data retention

Account and product data. Retained as long as your account is active. If you delete your account, your profile, watchlists, portfolios, holdings, alerts, quality weights, attribution fields, and authentication record are permanently and immediately removed.

First-party analytics rows. Page-view and product-event rows that reference your user ID are de-personalized on account deletion: the user-ID field is set to NULL, leaving an anonymous aggregate row that can no longer be tied back to you. We retain those anonymous rows indefinitely for long-range trend analysis. Subscription-event rows and daily-active markers that name you are deleted entirely.

Analytics provider. Events sent to our analytics provider are removed via its standard 14-month retention. They cannot be tied back to you once your account is deleted, because we identify you there by an opaque user ID, not by name or email.

Payment processor. Our payment processor retains payment records independently per its own retention policy and applicable tax law, which we cannot override.

6. Your rights (GDPR)

If you are in the EU/EEA, you have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Delete your account and all associated data
  • Export your data in a machine-readable format
  • Object to processing of your data
  • Withdraw consent at any time, where we rely on your consent
  • Lodge a complaint with a data protection supervisory authority

To exercise any of these rights, email us at security@intrinsiqq.com.

You also have the right to lodge a complaint with your local data protection authority. In the Netherlands this is the Autoriteit Persoonsgegevens (autoriteitpersoonsgegevens.nl).

7. Security

We protect your data with HTTPS encryption in transit, encrypted database connections, HTTP-only session cookies, and Content Security Policy headers. Passwords are hashed by our authentication provider using bcrypt and are never stored in plaintext.

8. California residents (CCPA)

If you are a California resident, the California Consumer Privacy Act (CCPA) gives you the following rights:

  • Right to know what personal information we collect, use, and disclose
  • Right to delete your personal information (subject to certain exceptions)
  • Right to opt out of the sale of your personal information
  • Right to non-discrimination for exercising your privacy rights

We do not sell, share, or trade your personal information to or with third parties for monetary or other valuable consideration. We do not sell personal information as defined under CCPA 1798.100 et seq.

To exercise your right to know or right to delete, email us at security@intrinsiqq.com. We will respond within 45 days as required by the CCPA.

9. Changes to this policy

We may update this policy from time to time. Significant changes will be communicated via email or a notice on the website.

10. Contact

For privacy-related questions, contact us at security@intrinsiqq.com.