Skip to content
← Back home

Security

Last updated April 2026

Stackhold is built for sensitive financial planning. This page summarises how your portfolio data is protected, how billing and AI access work, and what control you keep over your account. The Privacy policy covers what's stored and why.

Encryption

  • In transit: all traffic is HTTPS / TLS 1.2+.
  • At rest: all account and portfolio data is encrypted at rest by our cloud infrastructure provider.

Access controls

  • Per-user isolation: account-level security rules enforce that each user can only read or write their own portfolio document.
  • Server-managed tier: subscription tier is written only by our server-side billing webhook — the client can never grant itself Premium.
  • Sign-in: delegated to Google and secure email / password flows with password-reset and email-verification support.
  • Payment isolation: card data is handled by Stripe. Stackhold does not store full card numbers on its own servers.

AI & sub-processors

To deliver Stackhold's features we work with a small number of trusted sub-processors. We name them here for transparency; the underlying technical stack is not part of the marketing surface for competitive reasons.

  • Cloud hosting & database: Google Cloud (Firebase) — encrypted account, portfolio and authentication storage.
  • Payments: Stripe — for web subscriptions and refunds.
  • AI responses: DeepSeek — your portfolio context is sent only when you actively invoke an AI feature.
  • Marketing analytics: Google Analytics 4 — only loaded after you accept cookies on this site.

AI control

Stackhold Assistant only receives portfolio context when you actively use an AI feature. Suggested changes are previewed before they are applied, so the AI can draft updates but cannot silently rewrite your plan.

Not financial advice

Stackhold is planning and modelling software. It is not a bank, broker, accountant, lawyer, or licensed financial adviser. Always check material decisions with qualified professionals before acting.

Incident response

If you believe you've found a security issue, please email security@stack-hold.app. We aim to acknowledge reports within 24 hours and coordinate disclosure responsibly.

Delete your data at any time

Settings → Delete account removes your authentication record and your portfolio document. No hidden retention.

Privacy Policy Terms of Use