Privacy Policy

1. Who we are

Spriggl (“we”, “us”) is a UK-based stock research platform. This policy explains what personal data we collect when you use Spriggl, why we collect it, and the rights you have over it. We aim to collect the minimum we need to run the service — and we do not sell personal data, show advertising, or share your data with marketers.

2. What we collect

When you create an account and use Spriggl, we store:

• Account details — your email address and, if you sign in with Google, the name and profile identifier Google shares with us. We never see your password when you use Google sign-in; if you register with email and password, the password is held by our authentication provider in hashed form and is not visible to us.
• Content you create — watchlists, alerts, and any portfolio holdings you choose to enter (tickers, share counts, costs). Portfolio data exists so the platform can show you your own analytics; it is never used for any other purpose.
• Subscription status — your membership tier and, when paid subscriptions launch, payment status. Card payments will be processed by Stripe; we will never see or store your card number.
• Basic usage records — limited counters tied to your account (for example, which report PDFs you have opened) used to operate membership features.

Display preferences (such as plain-English mode) are stored in your own browser's local storage and are not transmitted to us.

3. What we don't do

• We do not sell or rent personal data to anyone.
• We do not show advertising or use advertising trackers.
• We do not currently run third-party analytics. If we introduce privacy-respecting usage analytics in future, we will update this policy first.
• We do not send marketing email unless you have expressly opted in, and every such email will include an unsubscribe link.

4. Where your data lives

Spriggl runs on Google Firebase (authentication and database) and Vercel (website hosting). Both are established providers with strong security practices, and both may process data in data centres outside the UK, including in the United States. Where data is transferred internationally, it is protected by the providers' standard contractual safeguards recognised under UK data-protection law.

5. Cookies and local storage

We use only what is needed to keep you signed in and remember your preferences: authentication tokens managed by our sign-in provider, and local-storage entries for settings such as display mode. We do not use advertising or cross-site tracking cookies.

6. How long we keep data

We keep your account data for as long as your account exists. If you delete your account, or ask us to, we will delete the personal data associated with it within 30 days, except where a legal obligation requires longer retention (for example, payment records once subscriptions launch).

7. Your rights

Under UK data-protection law (UK GDPR), you have the right to:

• access a copy of the personal data we hold about you;
• correct inaccurate data;
• have your data deleted (“right to erasure”);
• receive your data in a portable format;
• object to or restrict certain processing.

To exercise any of these rights, contact us using the details below. You also have the right to complain to the Information Commissioner's Office (ICO) at ico.org.uk.

8. Children

Spriggl is not directed at children and is intended for users aged 18 and over. We do not knowingly collect personal data from children.

9. Changes to this policy

If we change how we handle personal data, we will update this page and revise the date at the top. Material changes will be flagged on the site before they take effect.