BestFolio — Privacy Policy
Effective Date: March 2026
Last Updated: March 2026
1. Introduction
This Privacy Policy explains how BestFolio (“BestFolio”, “we”, “us”, or “our”) collects, uses, stores, and protects your personal data when you use the BestFolio web application (the “Service”).
We are committed to protecting your privacy and processing your personal data in compliance with the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and applicable Hungarian data protection legislation.
2. Data Controller
The data controller responsible for your personal data is:
BestFolio
sole proprietorship
Budapest, Hungary
Email: [email protected]
As a small business, we do not have a designated Data Protection Officer (DPO). For all data protection inquiries, please contact us at the email address above.
3. Data We Collect
3.1 Data You Provide Directly
| Data Category | Examples | Purpose |
|---|---|---|
| Account information | Email address, name | Account creation, authentication, communication |
| Portfolio preferences | Strategy selections, allocation settings, watchlists | Service functionality, personalization |
| Communications | Support emails, feedback | Customer support, service improvement |
3.2 Data Collected Automatically
| Data Category | Examples | Purpose |
|---|---|---|
| Usage data | Pages visited, features used, session duration | Service improvement, analytics |
| Technical data | Browser type, operating system, device type | Service optimization, debugging |
| Log data | IP address, access timestamps | Security, abuse prevention |
| Cookies | Session cookies, preference cookies | See Section 10 |
3.3 Data We Do NOT Collect
We want to be clear about what we do not collect:
- Payment and financial information: All payment processing is handled by Paddle (our Merchant of Record). We never receive, process, or store your credit card numbers, bank account details, or other payment information.
- Brokerage account data: We do not connect to or access your brokerage or investment accounts.
- Social Security numbers, government IDs, or similar sensitive identifiers.
- Precise geolocation data beyond what can be inferred from your IP address.
4. Legal Basis for Processing
Under the GDPR, we process your personal data based on the following legal grounds:
| Legal Basis | Processing Activities |
|---|---|
| Contract performance (Art. 6(1)(b)) | Account creation, service delivery, subscription management |
| Legitimate interest (Art. 6(1)(f)) | Analytics, security, fraud prevention, debugging |
| Consent (Art. 6(1)(a)) | Marketing communications, non-essential cookies |
| Legal obligation (Art. 6(1)(c)) | Tax record-keeping, legal requests |
5. How We Use Your Data
- Providing the Service: Authenticating your account, displaying your strategy preferences and portfolio configurations, delivering strategy signals and analysis.
- Communication: Sending transactional emails (account confirmation, password resets, subscription changes), responding to support requests. Marketing emails are only sent with your explicit consent.
- Service improvement: Understanding how users interact with the Service to improve features, fix bugs, and develop new functionality.
- Security: Detecting and preventing unauthorized access, abuse, and fraud.
- Legal compliance: Meeting tax, accounting, and regulatory obligations.
6. Data Retention
| Data Category | Retention Period |
|---|---|
| Account information | Duration of account + 30 days after deletion request |
| Portfolio preferences | Duration of account; deleted upon account deletion |
| Usage and analytics data | 26 months (rolling) |
| Log data (IP addresses) | 90 days |
| Support communications | 3 years from resolution |
| Billing records (held by Paddle) | Per Paddle's retention policies |
| Marketing consent records | Duration of consent + 3 years after withdrawal |
7. Third-Party Data Processors
7.1 Paddle (Merchant of Record)
- Purpose: Payment processing, subscription management, invoicing, tax compliance
- Data shared: Email address, name, country
- Paddle independently collects payment information directly from you. BestFolio does not have access to this data.
- Privacy policy: paddle.com/legal/privacy
7.2 Authentication (Clerk)
- Purpose: User authentication and account management
- Data shared: Email address, name, authentication tokens
- Privacy policy: clerk.com/legal/privacy
We do not sell, rent, or trade your personal data to any third party for their own purposes.
8. Your Rights Under GDPR
As a data subject, you have the following rights:
- Right of Access (Art. 15): Request a copy of the personal data we hold about you.
- Right to Rectification (Art. 16): Request correction of inaccurate personal data.
- Right to Erasure (Art. 17): Request deletion of your personal data, subject to certain exceptions.
- Right to Restriction of Processing (Art. 18): Request that we restrict processing in certain circumstances.
- Right to Data Portability (Art. 20): Receive your personal data in a structured, machine-readable format.
- Right to Object (Art. 21): Object to processing based on legitimate interest.
- Right to Withdraw Consent (Art. 7(3)): Withdraw consent at any time for consent-based processing.
Right to Lodge a Complaint
You have the right to lodge a complaint with a supervisory authority:
Nemzeti Adatvedelmi es Informacioszabadsag Hatosag (NAIH)
(Hungarian National Authority for Data Protection and Freedom of Information)
Address: 1055 Budapest, Falk Miksa utca 9-11.
Phone: +36 1 391 1400
Email: [email protected]
Website: naih.hu
How to Exercise Your Rights
To exercise any of these rights, please contact us at [email protected]. We will respond within 30 days and may ask you to verify your identity.
9. International Data Transfers
BestFolio is operated from Hungary (EU). Your data is primarily stored and processed within the European Economic Area (EEA). Where data is transferred outside the EEA, we ensure appropriate safeguards are in place, including EU Standard Contractual Clauses (SCCs), adequacy decisions, or the EU-U.S. Data Privacy Framework.
10. Cookie Policy
10.1 What Are Cookies
Cookies are small text files placed on your device when you visit a website. They serve various purposes including remembering your preferences and understanding how you use the Service.
10.2 Cookies We Use
| Cookie Type | Purpose | Legal Basis | Duration |
|---|---|---|---|
| Strictly necessary | Authentication, session management, security | Legitimate interest | Session or up to 30 days |
| Functional | User preferences (theme, display settings) | Legitimate interest | Up to 1 year |
| Analytics | Understanding usage patterns | Consent | Up to 26 months |
10.3 Managing Cookies
You can control and manage cookies through your browser settings. On your first visit, we will present a cookie consent banner allowing you to accept or decline non-essential cookies.
11. Data Security
We implement appropriate technical and organizational measures to protect your personal data, including encryption of data in transit (TLS/HTTPS), access controls, and regular security reviews. While we take reasonable precautions, no method of electronic transmission or storage is 100% secure.
12. Children's Privacy
The Service is not intended for individuals under the age of 18. We do not knowingly collect personal data from children under 18. If you are a parent or guardian and believe your child has provided us with personal data, please contact us at [email protected].
13. Automated Decision-Making
BestFolio does not engage in automated decision-making or profiling that produces legal effects concerning you. Strategy signals and portfolio analysis are informational outputs, not decisions made about you.
14. California Privacy Rights (CCPA/CPRA)
If you are a California resident, you may have additional rights including the right to know what personal information we collect, the right to request deletion, and the right to opt out of the sale or sharing of your personal information. We do not sell or share your personal information as defined by the CCPA/CPRA.
15. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. When we make material changes, we will update the “Last Updated” date and notify active account holders by email at least 14 days before the changes take effect.
16. Contact Us
If you have questions about this Privacy Policy, please contact us:
BestFolio
Email: [email protected]
Budapest, Hungary
For payment-related privacy inquiries, please refer to Paddle's privacy policy.