Only relevant product data
Portfolio history, settings, alerts, and enabled integrations exist to run the tracker and nothing more.
Privacy policy
Clear privacy language for a product that stores real financial history.
Last updated: April 2026. This page explains what data exists inside Voortly, why it exists, and what users can do to control it.
Consent and control
AI processing is opt-in, manual import remains available, and account deletion lives inside the app.
Financial context matters
Support access, broker secrets, and user-to-portfolio linkage are treated as separate privacy problems.
Data and purpose
What data exists and why it exists
The policy text is grouped by purpose so users can scan the parts that matter fastest.
What data we collect
We collect the account and portfolio information you provide: your email address and profile details from Clerk authentication, portfolio names, transaction history, watchlists, alert preferences, push notification subscriptions, and encrypted broker credentials when you enable live sync. Inside the financial domain, portfolios are linked through an opaque internal subject identifier rather than your direct login ID. DEGIRO browser sessions are handled as temporary encrypted tokens with automatic expiry. If you save a personal AI provider key, it is encrypted at rest and used only after you explicitly opt in to AI processing.
Why we collect it
Your data is used to reconstruct holdings and performance across devices, calculate analytics and gains and losses, deliver alerts you have opted in to, generate AI portfolio briefs only after your consent, and operate support workflows you explicitly trigger. We do not use your financial data for advertising.
Financial features
Voortly is a personal portfolio tracking tool. It displays market data and analytics to help you monitor your own investments. It does not provide regulated financial advice, and nothing in the app should be construed as a recommendation to buy or sell any security.
Processing and protection
How the product handles infrastructure, processors, and security
The policy text is grouped by purpose so users can scan the parts that matter fastest.
Third-party services
We use the following sub-processors: Clerk (authentication), Supabase or Neon (database), Vercel (hosting), Upstash Redis (caching and rate limiting), Finnhub (market data), Resend (transactional email), and only when you enable AI Copilot your chosen AI provider (OpenRouter, OpenAI, Anthropic, or Gemini). We do not sell your data to third parties and do not use it for advertising.
Security
All data is transmitted over HTTPS. Broker API keys and AI provider keys are encrypted at rest. Sensitive mutations require same-origin requests, rate limiting, and recent re-authentication, with MFA required before saving broker sessions or AI provider settings. DEGIRO browser sessions are temporary and cleared after sync or expiry. Support access is blind by default inside the app and can be opened only through a short-lived user-generated support code.
Children
Voortly is not directed at children under 13. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, contact us at support@voortly.com and we will delete it promptly.
Control and retention
How users keep control of the data they put into the product
The policy text is grouped by purpose so users can scan the parts that matter fastest.
Your rights (GDPR)
If you are located in the European Economic Area you have the right to access, correct, export, restrict, or delete your personal data. Signed-in users can export transaction data and delete their account directly from Settings after a recent sign-in check. For other requests, contact support@voortly.com.
Cookies
We use only strictly necessary session cookies set by Clerk for authentication and security. We do not use advertising or tracking cookies.
Data retention and policy changes
Your data is retained for as long as your account is active. Temporary DEGIRO browser sessions expire automatically. Support access grants expire automatically after a short window. Account deletion removes associated data within 30 days. We may update this policy from time to time and will notify you of material changes by email or via an in-app notice.
Need a human answer?
For privacy requests that do not fit the in-app export or deletion flows, contact support@voortly.com and use the support page if you need the broader contact workflow.