Skip to content

Privacy Policy

Last updated: July 13, 2026

1. Introduction

Welcome to OpenCapital ("we," "our," or "us"). We are committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website and use our services.

2. Information We Collect

We process standard request data, including IP address, requested URL, and timestamp, to deliver the site and prevent abuse. This processing occurs whether you accept optional analytics.

  • Account information: Email address, name, and profile picture from your Google account when you sign in with Google.
  • Optional product usage: If you accept analytics, PostHog collects pages visited, features used, device and browser details, approximate location, and session activity. OpenCapital also records stock-page popularity after a five-second visit, using the stock, view count, timestamps, and either your account ID or a random browser identifier. Signed-in usage may be associated with your account.
  • Authentication metadata: Session cookie, IP address, and timestamps needed to keep you signed in and detect suspicious activity.

3. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve our services
  • Send you updates about our product and services
  • Respond to your comments, questions, and customer service requests
  • Analyze usage patterns and trends to improve user experience
  • Detect, prevent, and address technical issues and security threats
  • Comply with legal obligations and enforce our terms

4. Cookies and Tracking Technologies

We use necessary cookies and browser storage for authentication, security, interface preferences, and your analytics consent choice. Optional analytics remains off until you select Accept analytics.

If you accept, PostHog measures product use, OpenCapital records first-party stock-read popularity, Tolt can attribute a subscription to a referral partner, and Sentry can attach a masked error replay when the site fails. You can reject or withdraw consent without losing access to the public site or signed-in product features.

The full breakdown and a control for changing your choice are on the Cookie Policy page.

5. Third-Party Service Providers

We rely on a small set of third parties to operate the site. Each receives only the data necessary for the specific task:

  • Google: Sign-in with Google (authentication) and optional Google Calendar integration for earnings reminders.
  • PostHog: Optional product analytics and approximate location for visitors who accept analytics.
  • Tolt: Optional referral attribution for visitors who accept analytics.
  • Resend: Transactional email delivery (account emails, earnings alerts you opt into).
  • OVHcloud and Cloudflare: Website hosting, delivery, security, and abuse prevention.
  • Sentry: Operational browser error reports for diagnosing failures, plus masked error replay for visitors who accept analytics.

These providers have access to your information only to perform tasks on our behalf and are obligated to protect it. We do not sell personal data to advertisers or data brokers.

6. Google Calendar Integration

OpenCapital offers optional integration with Google Calendar to help you track earnings announcements. When you choose to use this feature:

  • Permission Request: We request permission (calendar.events scope) to create events in your Google Calendar. This permission is only used to add earnings reminder events that you explicitly request.
  • Limited Access: We only create and manage calendar events you request; we do not read, modify, or delete your existing calendar events.
  • Data Storage: We store a reference to created calendar events to allow you to view and remove them. We do not store the contents of your calendar.
  • No Data Sharing: We do not sell, rent, or share your Google Calendar data with any third parties, advertisers, or data brokers.
  • Employee Access: Our team does not access your Google Calendar data except for security investigations, legal compliance, or with your explicit consent.
  • Revocation: You can revoke calendar access at any time through your Google Account settings.

OpenCapital's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

7. AI Assistant Connections (Model Context Protocol)

OpenCapital can be connected to AI assistants such as Claude, ChatGPT, Cursor, and other clients that support the Model Context Protocol (MCP), so you can ask questions about our research from inside those tools. When you connect an AI assistant:

  • Authorization:You sign in with Google and grant the AI client read-only access via OAuth 2.0. The client receives a token scoped to your account, which you can revoke at any time from the AI client's connector settings or your Google Account.
  • What the assistant can access: The same read-only research available on the website: fundamentals, segments, peer data, and earnings derived from public SEC filings. If you ask, it can also read and update your OpenCapital watchlist. It cannot place trades or change any other account state.
  • What we receive: Only the specific requests the assistant sends on your behalf, for example the ticker, metric, or search terms in your question. We log these inputs, tied to your account, to enforce usage limits and understand which features are used. If you accept analytics, related product events may also be sent to PostHog. We do not receive your conversation, chat history, prompts, uploaded files, or any other context from the AI client beyond the parameters of each request.
  • The AI provider: The assistant you connect (for example, Anthropic or OpenAI) is operated by that company under its own terms and privacy policy. Your conversation with the assistant is governed by that provider, not by OpenCapital.
  • Data minimization: We request only the data needed to answer your question and do not attempt to access anything in the AI client beyond the inputs you direct to OpenCapital.

8. Data Security

We implement appropriate technical and organizational security measures to protect your personal information. However, no method of transmission over the internet or electronic storage is 100% secure, and we cannot guarantee absolute security.

9. Your Privacy Rights

Depending on your location, you may have certain rights regarding your personal information:

  • Access: Request a copy of the personal information we hold about you
  • Correction: Request correction of inaccurate or incomplete information
  • Deletion: Request deletion of your personal information
  • Object: Object to our processing of your personal information
  • Portability: Request transfer of your information to another service
  • Withdraw Consent: Withdraw consent for data processing where consent is the legal basis

To exercise these rights, please contact us at support@opencapital.sh.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that differ from your country. We ensure appropriate safeguards are in place to protect your information.

11. Data Retention and Deletion

We retain personal information only for as long as necessary to provide the Service, unless a longer retention period is required or permitted by law. In practice:

  • Account and authentication data is retained while your account is active and deleted within 30 days of account closure or a verified deletion request.
  • Product usage analytics are tied to your account and deleted when your account is deleted.
  • Anonymous stock-read records use a random browser identifier and remain until we delete or aggregate the record. Withdrawing consent removes the identifier from your browser and stops future collection.
  • Billing records may be retained for up to 7 years as required by tax and accounting law, even after account closure.
  • Server logs are retained briefly (no more than 90 days) for security and abuse prevention.

We maintain a documented data retention and deletion policy that is reviewed at least annually. To request deletion of your data, contact us at support@opencapital.sh.

12. Children's Privacy

Our services are not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us immediately.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date. Your continued use of our services after changes are posted constitutes your acceptance of the revised policy.

14. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us at: