Privacy Policy

Last updated: 2025-06-15

This privacy policy clearly, transparently, and in compliance with applicable regulations (GDPR, PIPEDA, CCPA/CPRA) informs you about how we collect, use, store, and protect your personal data when you use our investment assistance platform.

1. Who are we?

Investminder.com is a platform published by Investminder LLC, 8 The Green, Suite B, DOVER, DE, 19901, USA. We act as the data controller for your personal data.

2. What data do we collect?

Identification data: email address.
Connection data: IP address, browser type, operating system, session IDs.
Usage data: pages visited, features used, connection duration.
Financial data (via aggregator partners): account types, balances, transactions. We do not store your bank credentials.
Payment data: credit card information (tokenized by Stripe), subscription history.

3. How do we use your data (purposes)?

We process your personal data for the following purposes, based on the indicated legal grounds:

Processing Purpose	Data Categories	Legal Basis	Retention Period
User account management	Identification, connection	Contract performance	Subscription duration + 2 years
Provision of services (dashboard, aggregation, analysis)	Usage, financial	Contract performance	Subscription duration
Subscription and payment management	Identification, payment	Contract performance, legal obligations	Subscription duration + 10 years (accounting)
Improvement of our services and personalization	Usage	Legitimate interest	1 year (aggregated/anonymized data)
Security and fraud prevention	Connection, identification	Legitimate interest, legal obligations	5 years (audit data)
Compliance with legal obligations (taxation, anti-money laundering)	Identification, payment, financial	Legal obligation	According to specific legislations (e.g., 5-10 years)

Data used for analysis and improvement of our services are, as far as possible, aggregated or anonymized so as not to allow direct re-identification of individuals.

4. With whom do we share your data?

Technical providers: Google Cloud Platform (hosting).
Authentication partners: Auth0 (user account management).
Financial aggregator partners: Snaptrade, Powens (connection to your banks).
Payment providers: Stripe (transaction processing).

We ensure that our partners offer sufficient guarantees regarding the implementation of appropriate technical and organizational measures to protect your data.

Your data may also be shared if required by law or if necessary to protect our rights or your safety.

5. Data transfer outside EU/EEA

Investminder LLC is a company based in the United States. By using our services, your personal data may be transferred and processed in the United States. We ensure that these transfers are governed by appropriate safeguards, including the Standard Contractual Clauses (SCCs) of the European Commission or recognized certification mechanisms (Data Privacy Framework for transfers to the United States).

For transfers to Auth0 and Stripe (services based in the United States), these companies are certified under the EU-US Data Privacy Framework or use other GDPR-compliant transfer mechanisms. You can consult their privacy policies for more details:

Auth0:
https://www.okta.com/legal/privacy-policy
Stripe:
https://stripe.com/privacy
Snaptrade:
https://www.snaptrade.com/privacy-policy
Powens:
https://www.powens.com/privacy-policy

We make every effort to ensure a level of protection equivalent to that required by European legislation, regardless of the processing location.

6. Data Security

We have implemented robust technical and organizational security measures to protect your data against unauthorized access, alteration, disclosure, or destruction. This includes data encryption in transit (HTTPS/TLS) and at rest (AES-256), strict access management, regular security audits, and staff awareness.

Your bank credentials are never stored on our servers. Access to your financial accounts is only through our certified aggregator partners (Snaptrade, Powens) and is read-only, in accordance with banking security standards (e.g., PSD2).

For more details on our security measures, please refer to the dedicated 'Security' section in our Terms and Conditions of Use and Sale.

7. Your Rights

In accordance with GDPR, PIPEDA, and CCPA/CPRA (for California residents), you have the following rights regarding your personal data:

Right of access, rectification, erasure (right to be forgotten), restriction of processing, objection to processing, data portability. You also have the right to withdraw your consent at any time.

8. How to exercise your rights?

By email to: contact@investminder.com
By postal mail to: 8 The Green, PMB 21892, DOVER, DE, 19901 USA
Via your personal space: Certain actions (e.g., account deletion) are available directly in your user interface.

To process your request as quickly as possible (generally within 30 days, extendable to 60 days if the request is complex), we may need to verify your identity.

9. Changes to this Privacy Policy

legislative or regulatory changes;
changes to our services;
the introduction of new data processing activities.

We may modify this privacy policy at any time. Any changes will be published on this page. We will inform you by email or via a notification on the platform in case of significant changes regarding the collection or use of your data, before they come into effect.

10. Contact

For any questions or requests related to privacy:

📧 contact@investminder.com

📍 8 The Green, PMB 21892, DOVER, DE, 19901 USA

For California residents wishing to exercise their CCPA/CPRA rights, please indicate “CCPA Request” in the subject line of your message.