← Back to Allvyu

Privacy Policy

Last updated: April 2026

1. What We Collect

When you use Allvyu, we collect:

  • Account information: Email address and password (password is hashed by Supabase, we never see it in plaintext).
  • Financial data you enter: Trades, property details, cash holdings, private investments, and other portfolio data. This is stored solely to provide the service to you.
  • Error reports (with consent): If you accept cookies, we use Sentry to collect anonymous error reports to fix bugs. This includes error messages and browser/device type, but no personal financial data.

2. What We Do NOT Collect

  • No advertising trackers or third-party analytics
  • No selling or sharing of your data with third parties
  • No tracking across other websites
  • No IP address logging beyond standard server logs

3. How We Use Your Data

  • To provide the service: Calculate portfolio values, generate charts, produce tax packs.
  • To fetch market data: Your ticker symbols are sent to Yahoo Finance, CoinGecko, and Frankfurter API to retrieve prices. These services receive only the ticker/coin identifiers, never your personal or financial data.
  • To fix bugs: Error reports via Sentry (only if you consent to cookies).

4. Cookies

Allvyu uses:

  • Essential cookies: Authentication session cookies managed by Supabase. Required for the app to function. These are not optional.
  • Error tracking (optional): Sentry error monitoring, only activated if you click "Accept" on the cookie banner. If you choose "Essential only", no error tracking data is sent.

We use localStorage to remember your cookie preference, theme choice, and privacy mode setting. These are stored locally on your device and never transmitted to us.

5. Data Storage & Security

  • All data is stored in Supabase (PostgreSQL) with row-level security, meaning each user can only access their own data.
  • All connections are encrypted via HTTPS/TLS.
  • Passwords are hashed using bcrypt (handled by Supabase Auth).
  • The application is hosted on Vercel with enterprise-grade infrastructure.

6. Data Export & Deletion

You can:

  • Export: Download all your data as CSV at any time from the dashboard or individual asset pages.
  • Delete: Permanently delete your account and all associated data from Settings. This action is irreversible and removes all data from our database.

7. Third-Party Services

Allvyu uses the following external services:

  • Supabase: Database and authentication
  • Vercel: Application hosting
  • Sentry: Error monitoring (with your consent)
  • Yahoo Finance / CoinGecko / Frankfurter: Market data (receives only ticker symbols, not your personal data)

8. Your Rights

Under the Australian Privacy Act and GDPR (if applicable), you have the right to:

  • Access all data we hold about you (via the Export feature)
  • Correct inaccurate data (edit your trades and holdings directly)
  • Delete your data (via the Delete Account feature in Settings)
  • Withdraw cookie consent (clear your browser's localStorage)

9. Changes to This Policy

We may update this policy from time to time. The "Last updated" date at the top will reflect the most recent revision.

10. Contact

For privacy-related questions or data requests, contact us at contact@allvyu.com.