Legal

Privacy Policy

Last updated: 2026-07-16

This Privacy Policy explains how DividendAtlas collects, uses, and protects your personal data when you use our website and service (the “Service”), and the rights you have under the General Data Protection Regulation (GDPR). It forms part of, and should be read together with, our Terms of Service.

When you send us a message through our contact form, we store the email address, name, and message you provide so we can respond to your enquiry. We do not store your IP address with the message; it is used only briefly, in memory, to prevent spam. Contact messages are retained only as long as needed to handle your enquiry.

1. Who is responsible for your data

The controller of your personal data is Dividend Atlas, a trademark of Atlas Hosting, registered with the Dutch Chamber of Commerce (KvK) under number 98785842, with its registered office at Battutalaan 759, 3526VT Utrecht, Netherlands. For any privacy question or request, contact us at support@dividendatlas.com.

We have not appointed a Data Protection Officer, as we are not required to do so. The email above is the contact point for all data-protection matters.

2. The data we collect

We collect and process the following categories of personal data:

  • Account & identity: your name, email address, and the unique identifier assigned by our authentication provider. If you sign in with Google, Google shares your name and email with us. Your password is managed by our authentication provider; we never see or store it.
  • Portfolio data: the portfolios, transactions, and holdings you import or enter (such as ticker, quantity, price, currency, dates, and broker reference), and the contents of any files you upload for import. If you connect a brokerage account on the paid plan, we also receive the holdings and transaction data that the connection returns. That connection is provided by SnapTrade (see section 4), and you enter your brokerage login details with SnapTrade, not with us: DividendAtlas never sees or stores your brokerage login credentials.
  • Subscription & payment: your plan, billing status, and the customer and subscription identifiers assigned by our payment provider. Card payments are handled by our payment provider; we do not store your full card details.
  • Communications & preferences: your notification settings, the messages we send you and their delivery status, and any correspondence you have with our support team.
  • Technical & usage data: limited technical information such as your IP address, device and browser type, and server log data, used to operate and secure the Service. On our public website we also collect aggregate, cookieless usage statistics (see section 7).

3. Why we use your data and our legal basis

We process your data only where we have a lawful basis under the GDPR:

  • To create and manage your account, authenticate you, provide the core Service (computing holdings, enriching them with market data, and displaying your portfolio), process your subscription and payments, and provide support, on the basis of performance of our contract with you.
  • To send service and transactional messages and the event notifications you configure, to perform our contract and in our legitimate interest in operating the Service.
  • To keep the Service secure, prevent abuse and fraud, apply rate limits, and maintain, troubleshoot, and improve the Service using aggregate usage insights, in our legitimate interests, balanced against your rights.
  • To keep records required for tax and accounting, to comply with a legal obligation.
  • For any optional product or marketing emails, on the basis of your consent, which you can withdraw at any time.

We do not sell your personal data, and we do not use it for advertising or for any automated decision-making that produces legal or similarly significant effects for you.

4. Who we share your data with

We share data only with service providers who process it on our behalf under a data processing agreement, and only to the extent needed for their function:

  • Auth0 (by Okta): authentication and login.
  • Amazon Web Services (AWS): hosting, storage, and transactional email delivery (SES).
  • Stripe: payment and subscription processing.
  • SnapTrade (by SnapTrade, Inc.): optional read-only brokerage connection on the paid plan. If you choose to connect a broker, SnapTrade securely collects the login details you enter with it and retrieves your holdings and transactions on your behalf. We receive that holdings and transaction data; we never receive your brokerage login credentials.
  • EODHD: market-data provider. We send instrument identifiers (such as tickers and ISINs) to retrieve market data; we do not send your personal data to EODHD.
  • Plausible Analytics: privacy-focused, cookieless analytics on our public website only.
  • Google Analytics: website usage analytics on our public website only, loaded solely with your consent (see “Cookies & analytics” below).

We may also disclose data where required by law, or to establish, exercise, or defend legal claims.

5. International data transfers

Some of our service providers are based outside the European Economic Area (EEA), which may involve transferring your data abroad. Where this happens, we rely on appropriate safeguards required by the GDPR, either a European Commission adequacy decision (such as the EU–US Data Privacy Framework, where the recipient is certified under it) or the European Commission’s Standard Contractual Clauses. You can ask us for more detail about the safeguards that apply to a specific transfer.

6. How long we keep your data

We keep your account and portfolio data for as long as your account is active. If you delete your account or ask us to erase your data, we delete your account and associated personal data within 30 days, except where we must keep certain records longer to meet a legal obligation, for example, billing and transaction records retained for the statutory tax-retention period. Residual copies may persist in secure backups for a limited period before being overwritten. Technical log data is kept only for a short period.

7. Cookies & analytics

In the authenticated app we use only the session cookies strictly necessary for authentication. On our public website we use Plausible, a privacy-focused, cookieless analytics tool that collects aggregate usage statistics and does not track you across sites or build a profile of you. Plausible sets no cookies and runs without consent.

On our public website we also use Google Analytics to understand how the site is used. Google Analytics is loaded on every visit but starts in a consent-denied mode: until you opt in via our cookie banner it sets no cookies and sends only aggregated, cookieless measurement data that does not identify you. Only when you give consent may Google Analytics set cookies. If you decline, it stays in cookieless mode and sets no cookies. You can change or withdraw your choice at any time using the Cookie settings link in the website footer. We do not use Google’s advertising features or advertising cookies.

8. Your rights

Under the GDPR you have the right to:

  • access the personal data we hold about you;
  • have inaccurate data corrected;
  • have your data erased;
  • restrict or object to our processing;
  • receive your data in a portable format; and
  • withdraw any consent you have given, at any time.

To exercise any of these rights, contact us at support@dividendatlas.com. You also have the right to lodge a complaint with a data protection authority. In the Netherlands, this is the Autoriteit Persoonsgegevens (autoriteitpersoonsgegevens.nl), or with the authority in your country of residence.

9. How we protect your data

We take appropriate technical and organisational measures to protect your data, including encryption of data in transit, restricted access on a need-to-know basis, and secure management of credentials and secrets. No system is completely secure, but we work to protect your data against unauthorised access, loss, or misuse.

10. Children

The Service is intended for users aged 18 and over. We do not knowingly collect personal data from anyone under 18. If you believe a minor has provided us with personal data, please contact us and we will delete it.

11. Changes to this policy

We may update this Privacy Policy from time to time. If we make a material change, we will notify you by a reasonable means before it takes effect. The “last updated” date above always reflects the current version.