1. Introduction
This Privacy Policy explains how thestockfilter.com ("the Platform"), operated by Vicky Roy ("TSF", "we", "us", or "our"), collects, uses, stores, and protects your personal data. This policy is drafted in compliance with the Digital Personal Data Protection Act, 2023 (DPDP Act) and other applicable Indian data protection laws.
2. Data We Collect
We collect the following categories of personal data:
- Account Data: Phone number, email address, name (optional), hashed password.
- Profile Data: Investor archetype/persona selection.
- Usage Data: Watchlists, portfolio holdings, chat interactions, feature usage patterns.
- Analytics Data: Pages visited, device type, browser information, session duration.
- Payment Data: Payment gateway transaction IDs and order IDs only. We do not store credit card numbers, UPI IDs, or bank account details.
- Communication Data: OTP delivery records, email alert logs.
3. Purpose of Data Collection
We use your data for the following purposes:
- Authentication and account management
- Personalisation of content based on your investor profile
- Processing payments and managing subscriptions
- Sending transactional emails (from noreply@thestockfilter.com)
- Sending Pro alert notifications (from alerts@thestockfilter.com)
- Analytics and platform improvement
- Fraud prevention and security
4. Legal Basis for Processing
We process your data on the following legal bases under the DPDP Act, 2023:
- Consent: Provided at registration and for optional features.
- Legitimate Interest: Platform security, fraud prevention, and analytics.
- Contractual Necessity: To deliver the services you have subscribed to.
5. Storage & Security
Your data is stored securely using the following measures:
- PostgreSQL database hosted on secure cloud infrastructure (with encrypted connections)
- Static assets and media on encrypted object storage (encrypted at rest)
- Passwords hashed using bcrypt (never stored in plaintext)
- All connections enforced over HTTPS/TLS
We do not sell, rent, or trade your personal data to any third party for marketing or advertising purposes.
6. Third-Party Data Processors
We share data with the following processors, strictly for operational purposes:
- Payment Gateway — PCI-DSS compliant payment processing
- SMS Provider — OTP delivery for authentication
- CDN & Security — Content delivery, DDoS protection, and object storage
- Cloud Infrastructure — Application and database hosting
- AI Providers — Used for content analysis. No personally identifiable information (PII) is sent to AI models.
7. Cookies & Local Storage
We use the following browser storage mechanisms:
tsf_token — Authentication token (localStorage)tsf-theme — Theme preference (localStorage)tsf_session — Anonymous session identifier (localStorage)tsf-archetype — Investor profile selection (localStorage)
We do not use advertising cookies, tracking pixels, or third-party analytics cookies.
8. Your Rights (DPDP Act, 2023)
Under the Digital Personal Data Protection Act, 2023, you have the right to:
- Access: Request a summary of your personal data we hold.
- Correction: Request correction of inaccurate or incomplete data.
- Erasure: Request deletion of your personal data.
- Consent Withdrawal: Withdraw your consent at any time.
- Grievance Redressal: File a complaint regarding data handling.
We commit to responding to all data rights requests within 30 days. Contact us at contact@thestockfilter.com to exercise any of these rights.
9. Data Retention
- Active accounts: Data retained while the account is active.
- Deleted accounts: Personal data purged within 90 days of account deletion.
- Payment records: Retained for 8 years as required by Indian tax law.
- Server logs: Retained for 180 days, then automatically purged.
10. Children's Privacy
The Platform is not intended for individuals under the age of 18. We do not knowingly collect personal data from minors. If we become aware that we have collected data from a person under 18, we will take steps to delete it promptly.
11. Data Breach Notification
In the event of a personal data breach, we will notify affected users and the Data Protection Board of India in accordance with the timelines and procedures prescribed under the DPDP Act, 2023.
12. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be notified to registered users via email. The updated effective date will be posted at the top of this page. Continued use of the Platform after changes constitutes acceptance.