1. Controller. The data controller is AXIS SOCIETY FLD SRL, CUI 52410879, with registered office at Str. Ankara 79, Sat Tămași, Ilfov County, 077068, Romania. Privacy contact: admin@axissoc.com.
2. What we collect.
- Account data: your email address, chosen username, and a securely hashed password (authentication is handled by Supabase; we never see your plaintext password).
- Data you enter: your personal portfolio holdings, cost basis, cash balances, saved valuation scenarios, and any company ratings you submit. You can use much of the service without entering this.
- Technical data: standard server/security logs (e.g. IP address, timestamps, basic device/browser information).
- What we do NOT collect: we do not store your payment-card details. Membership payments are handled by Patreon as merchant of record under its own privacy policy.
3. Why, and our legal basis (GDPR Art. 6).
| Purpose | Legal basis |
|---|---|
| Create and operate your account; provide the service | Performance of a contract |
| Store the portfolios, valuations, and ratings you create | Performance of a contract |
| Secure the service, prevent abuse, keep logs | Legitimate interests |
| Send essential service emails (confirmation, password reset, account notices) | Performance of a contract |
| Comply with legal obligations | Legal obligation |
We do not run analytics and do not use your data for advertising.
4. Processors.
| Processor | Purpose | Location |
|---|---|---|
| Supabase | Authentication and database (your account + the data you enter) | EU — Frankfurt (eu-central-1) |
| Vercel | Application hosting / delivery | US (global edge) |
| Resend | Transactional email (confirmation, password reset) | US |
| Patreon | Membership billing (merchant of record) | per Patreon |
| Financial Modeling Prep | Market-data provider (does not receive your personal data) | — |
We have, or will have, data processing agreements with each processor that handles personal data.
5. International transfers. Your account data and the data you enter are stored in the EU (Frankfurt). Some processors (e.g. Patreon, Resend) may process limited data outside the EU; where they do, transfers are protected by appropriate safeguards such as Standard Contractual Clauses.
6. Retention. We keep your account and data while your account is active. If you delete your account, we delete or anonymise your personal data within 30 days, except limited records we must retain by law. Security logs are kept for a limited period.
7. Your rights (GDPR / RGPD). You have the right to access, rectify, erase, restrict or object to processing, request portability, and withdraw consent. To exercise any right, contact admin@axissoc.com. The service provides an in-app way to delete your account and data from the Account page. You may also complain to the Romanian supervisory authority, ANSPDCP (anspdcp.ro).
8. Cookies. The service uses only essential authentication/session cookies required to keep you logged in, plus a functional cookie that remembers your language preference (English/Romanian). We do not use analytics or advertising cookies.
9. Security. We protect your data with measures including encryption in transit (HTTPS), hashed passwords, row-level security isolating each member's private data, and access controls on administrative functions.
10. Children. The service is not intended for anyone under 18, and we do not knowingly collect data from minors.
11. Changes. We may update this Policy; material changes will be notified by email and in-app.
12. Contact. admin@axissoc.com.