Privacy Policy

Last updated: May 26, 2026

1. Introduction

Welcome to OpenCapital ("we," "our," or "us"). We are committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website and use our services.

2. Information We Collect

We collect different information depending on whether you are signed in:

If you are not signed in, we do not run any analytics or tracking. No cookies are set, no personal data is collected, and no third-party scripts run for the purpose of identifying or profiling you. Standard web server logs (IP address, requested URL, timestamp) are retained briefly for security and abuse prevention.

If you sign in, we additionally collect:

  • Account information: Email address, name, and profile picture from your Google account when you sign in with Google.
  • Product usage: Pages visited, features used, and interactions tied to your account, captured through PostHog. We use this to understand how the product is used and prioritize improvements.
  • Authentication metadata: Session cookie, IP address, and timestamps needed to keep you signed in and detect suspicious activity.
  • Connected financial accounts: If you choose to connect a brokerage or investment account, we collect, via Plaid, account and institution names, account balances, investment holdings, securities information, and investment transactions. We never receive or store your financial institution login credentials. This data is collected only when you explicitly link an account, and you can disconnect at any time. See Section 7 for details.

3. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve our services
  • Send you updates about our product and services
  • Respond to your comments, questions, and customer service requests
  • Analyze usage patterns and trends to improve user experience
  • Detect, prevent, and address technical issues and security threats
  • Comply with legal obligations and enforce our terms

4. Cookies and Tracking Technologies

We do not set any cookies for anonymous visitors and do not run any analytics on anonymous browsing. The public site can be used without anything being stored in your browser.

When you sign in, we set an authentication session cookie to keep you logged in, and PostHog (product analytics) becomes active and tied to your account. Both are necessary for the signed-in product to function and improve over time.

We do not use advertising cookies, third-party tracking pixels, or cross-site identifiers. The full breakdown lives on the Cookie Policy page.

5. Third-Party Service Providers

We rely on a small set of third parties to operate the site. Each receives only the data necessary for the specific task:

  • Google: Sign-in with Google (authentication) and optional Google Calendar integration for earnings reminders.
  • Plaid: Securely connects your brokerage or investment accounts when you opt in, so we can display your holdings. Plaid handles your financial institution credentials directly — we never see or store them.
  • PostHog: Product analytics for signed-in users only. We use it to understand how the product is used and where to improve it.
  • Resend: Transactional email delivery (account emails, earnings alerts you opt into).
  • Vercel: Website hosting and infrastructure.

These providers have access to your information only to perform tasks on our behalf and are obligated to protect it. We do not sell personal data to advertisers or data brokers.

6. Google Calendar Integration

OpenCapital offers optional integration with Google Calendar to help you track earnings announcements. When you choose to use this feature:

  • Permission Request: We request permission (calendar.events scope) to create events in your Google Calendar. This permission is only used to add earnings reminder events that you explicitly request.
  • Limited Access: We only create and manage calendar events you request; we do not read, modify, or delete your existing calendar events.
  • Data Storage: We store a reference to created calendar events to allow you to view and remove them. We do not store the contents of your calendar.
  • No Data Sharing: We do not sell, rent, or share your Google Calendar data with any third parties, advertisers, or data brokers.
  • Employee Access: Our team does not access your Google Calendar data except for security investigations, legal compliance, or with your explicit consent.
  • Revocation: You can revoke calendar access at any time through your Google Account settings.

OpenCapital's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

7. Plaid and Financial Account Connections

OpenCapital offers an optional feature that lets you connect a brokerage or other investment account so you can view your holdings alongside our research. To enable this, we use Plaid Inc. ("Plaid"). When you use this feature:

  • What we access: With your authorization, Plaid retrieves account and institution names, account balances, investment holdings, securities information, and investment transactions from the financial institution you select.
  • Credentials: You enter your financial institution login credentials directly with Plaid. OpenCapital never receives, sees, or stores those credentials.
  • How we use it: We use this data solely to display your holdings and related insights within OpenCapital. We do not sell it, rent it, or share it with advertisers or data brokers.
  • Plaid's role: Plaid processes your data as described in the Plaid End User Privacy Policy. We encourage you to review it to understand how Plaid handles your information.
  • Employee access: Our team does not access your connected account data except for security investigations, legal compliance, or with your explicit consent.
  • Disconnecting and deletion: You can disconnect a linked account at any time from your OpenCapital account settings, which revokes our ongoing access. You may also request deletion of previously retrieved financial data by contacting us at support@opencapital.sh.

8. Data Security

We implement appropriate technical and organizational security measures to protect your personal information. However, no method of transmission over the internet or electronic storage is 100% secure, and we cannot guarantee absolute security.

9. Your Privacy Rights

Depending on your location, you may have certain rights regarding your personal information:

  • Access: Request a copy of the personal information we hold about you
  • Correction: Request correction of inaccurate or incomplete information
  • Deletion: Request deletion of your personal information
  • Object: Object to our processing of your personal information
  • Portability: Request transfer of your information to another service
  • Withdraw Consent: Withdraw consent for data processing where consent is the legal basis

To exercise these rights, please contact us at support@opencapital.sh.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that differ from your country. We ensure appropriate safeguards are in place to protect your information.

11. Data Retention and Deletion

We retain personal information only for as long as necessary to provide the Service, unless a longer retention period is required or permitted by law. In practice:

  • Account and authentication data is retained while your account is active and deleted within 30 days of account closure or a verified deletion request.
  • Connected financial account dataretrieved via Plaid is retained only while the connection is active. Disconnecting a linked account revokes our ongoing access and triggers deletion of that account's data, completed within 30 days.
  • Product usage analytics are tied to your account and deleted when your account is deleted.
  • Billing records may be retained for up to 7 years as required by tax and accounting law, even after account closure.
  • Server logs are retained briefly (no more than 90 days) for security and abuse prevention.

We maintain a documented data retention and deletion policy that is reviewed at least annually. To request deletion of your data, contact us at support@opencapital.sh.

12. Children's Privacy

Our services are not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us immediately.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date. Your continued use of our services after changes are posted constitutes your acceptance of the revised policy.

14. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us at:

Email: support@opencapital.sh

Website: opencapital.sh