1. Who we are
Quantfolio is a personal-use US-equity research app published by Normi Labs Ltd ("we", "us"). This policy explains what we collect when you use the Quantfolio iOS or Android app, and how we handle it.
We do not sell your data, we do not share it with advertisers, and we do not use it to train AI models.
2. What we collect
2.1 Account information
- Email address, used to authenticate and to contact you about the service
- Hashed password (we never see your plain-text password)
2.2 Content you create
- Watchlist tickers
- Thesis text and invalidation conditions
- Holding flags (whether a position is held), position size and cost basis (optional)
- How you actioned each alert (added, trimmed, ignored, watching)
2.3 Collected automatically
- Device identifier and platform (iOS or Android), used to route push notifications
- App version and basic interaction data, used to debug crashes and inform product decisions
- Crash and performance diagnostics, used only to fix bugs
We do not collect contacts, location, photos, microphone, camera, health, or browsing data outside the app. We do not use tracking identifiers for advertising.
3. How we use it
- To run the service: surface alerts, render your watchlist, deliver the morning brief, and send push notifications
- To score the AI's alpha: ledger entries link your alerts to subsequent price returns versus the S&P 500
- To support you: respond to email and triage bug reports
- To keep the service safe: detect abuse, enforce the Terms, and meet legal obligations
4. Service providers we use
Quantfolio is built on a small set of providers. Each one only receives the data it needs to do its job.
| PROVIDER | PURPOSE |
|---|---|
| Supabase | Account database and authentication, with strict per-account access controls |
| Firebase Cloud Messaging | Push notification delivery (device tokens only) |
| RevenueCat | Subscription state and entitlement management for the Pro tier |
| Apple App Store / Google Play | Payment processing for in-app subscriptions |
| AI model provider | Generates alerts and the morning brief from public market data. Your watchlist tickers are sent so the model can review them. Your thesis text is not sent. |
5. Public data sources
Quantfolio reads from public US-market sources to generate alerts and briefs: SEC EDGAR (filings, insider transactions), XBRL company facts, Yahoo Finance (daily prices, including the S&P 500 as benchmark), GDELT (news), and Finnhub (earnings calendar). Nothing about you is sent to these sources.
6. Storage and security
Your account data is stored on Supabase infrastructure with encryption in transit, encryption at rest, and per-account access controls. You are responsible for keeping your login credentials confidential.
7. Your rights
You can, from inside the app:
- Read or edit any of your watchlist or thesis content
- Delete any single watchlist entry, alert action, or your entire account
- Export your ledger as CSV from Settings, then Data
To request a copy of all data we hold about you, or to delete your account from outside the app, email [email protected].
8. Children
Quantfolio is not directed at children under 13 and we do not knowingly collect data from them. If you are a parent or guardian and believe a child has created an account, contact us and we will delete it.
9. Jurisdiction
EEA and UK (GDPR): You have rights to access, rectification, erasure, restriction, portability, and objection. Our lawful basis is contract performance for the service and legitimate interest for safety and security.
California (CCPA): You have rights to know, delete, and not be discriminated against. We do not sell personal information.
10. Changes
We will update the "Last Updated" date when this policy changes, and we will notify you in-app for material changes affecting how we handle your data.
11. Contact
Questions or requests: [email protected]. We aim to reply within 7 days.
By using Quantfolio you confirm you have read and understood this Privacy Policy.