Security

Stackhold is built with the security controls you'd expect from a serious financial planning tool. This page summarises how your data is protected; the Privacy policy covers what's stored and why.

Encryption

• In transit: all traffic is HTTPS / TLS 1.2+.
• At rest: all account and portfolio data is encrypted at rest by our cloud infrastructure provider.

Access controls

• Per-user isolation: account-level security rules enforce that each user can only read or write their own portfolio document.
• Server-managed tier: subscription tier is written only by our server-side billing webhook — the client can never grant itself Premium.
• Sign-in: delegated to Google, Apple, and secure email / password flows with password-reset and email-verification.

AI & sub-processors

To deliver Stackhold's features we work with a small number of trusted sub-processors. We name them here for transparency; the underlying technical stack is not part of the marketing surface for competitive reasons.

• Cloud hosting & database: Google Cloud (Firebase) — encrypted account, portfolio and authentication storage.
• Payments: Stripe — for web subscriptions and refunds.
• AI responses: DeepSeek — your portfolio context is sent only when you actively invoke an AI feature.
• Marketing analytics: Google Analytics 4 — only loaded after you accept cookies on this site.

Incident response

If you believe you've found a security issue, please email security@stack-hold.app. We aim to acknowledge reports within 24 hours and coordinate disclosure responsibly.

Delete your data at any time

Settings → Delete account removes your authentication record and your portfolio document. No hidden retention.