Privacy Policy
Last updated: April 2026
InvestStack is an investing website focused on educational content for European investors. This Privacy Policy explains how we collect, use, store, share and protect personal data when you visit our website, contact us, or interact with our content and services.
We are committed to handling personal data in accordance with the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and other applicable data protection laws.
Who We Are
InvestStack is the controller responsible for the processing of personal data described in this Privacy Policy.
If you have any questions about this Privacy Policy or about how personal data is handled, you can contact us at:
hello@investstack.io
What Data We Collect
Depending on how you interact with InvestStack, we may collect the following categories of personal data:
a) Information you provide directly
– Name
– Email address
– Any information you include when contacting us through the contact form
b) Technical and usage data
– IP address
– Browser type and version
– Device information
– Operating system
– Referral source
– Website usage data
– Log data and similar technical information
c) Cookie and consent data
– Cookie identifiers
– Consent preferences
– Information collected through cookies and similar technologies where applicable
d) Security-related data
– Technical logs
– Activity signals used to protect the website and prevent abuse
How We Collect Data
We may collect personal data through:
– The contact form on the website
– Direct communications you send to us
– Your use of the website
– Cookies and similar technologies
– Third-party tools used to operate, secure, analyse or monetise the website
Why We Process Personal Data
We process personal data only where we have a valid legal basis to do so.
a) To respond to enquiries
If you contact us through the contact form, we process your name, email address and message content to respond to your enquiry.
Legal basis: Consent and legitimate interest
Retention: Up to 12 months after the last relevant interaction, unless a longer retention period is necessary for legal or operational reasons
b) To operate and secure the website
We process technical and security-related data to maintain website functionality, protect the website, prevent abuse and troubleshoot issues.
Legal basis: Legitimate interest
Retention: As long as reasonably necessary for security, maintenance and operational purposes
c) To analyse and improve website performance
Where applicable and where required by law, we may process usage data, analytics data and cookie-related data to understand how the website is used and to improve performance and content.
Legal basis: Consent, where required, and legitimate interest for strictly necessary technical improvement
Retention: Generally up to 24 months, depending on the nature of the data and the tools used
d) To display advertising
We may use advertising tools, including Google AdSense, to display advertising on the website. Advertising-related cookies and similar technologies will only be used where appropriate consent has been obtained.
Legal basis: Consent
Retention: Depending on the relevant tool, settings and applicable legal requirements
e) To comply with legal obligations
We may process personal data where necessary to comply with applicable laws, regulations, legal requests or to establish, exercise or defend legal claims.
Legal basis: Legal obligation or legitimate interest, depending on the context
Retention: For as long as required by applicable law or necessary for the relevant purpose
Cookies and Similar Technologies
We use cookies and similar technologies to:
– Ensure the website functions properly
– Support security and performance
– Understand website usage and traffic patterns
– Support analytics
– Support advertising, where applicable
– Non-essential cookies should only be used with your prior consent where required by law.
For more information, please refer to our Cookie Policy.
Sharing Data with Third Parties
We may share personal data with trusted third-party service providers where necessary to operate and support InvestStack, including providers involved in:
– Website hosting and infrastructure
– Website security
– Contact form processing
– Analytics
– Tag management
– Advertising
– Cookie consent management
We require service providers to process personal data only where necessary and to apply appropriate safeguards.
International Data Transfers
Some third-party service providers may process personal data outside your country of residence and, in some cases, outside the European Economic Area.
Where this happens, we aim to ensure that appropriate safeguards are in place, such as adequacy decisions or other lawful transfer mechanisms recognised under applicable data protection law.
Your Rights
Under the GDPR, you may have the right to:
– Access your personal data
– Correct inaccurate or incomplete personal data
– Request deletion of your personal data
– Request restriction of processing
– Object to certain processing
– Request data portability, where applicable
– Withdraw consent at any time, where processing is based on consent
– Lodge a complaint with a competent data protection authority
To exercise any of these rights, please contact us at: hello@investstack.io
Data Security
We implement reasonable technical and organisational measures designed to protect personal data against unauthorised access, disclosure, alteration, loss or misuse.
While we take security seriously, no method of transmission or storage is completely secure.
Children
InvestStack is intended for adults and is not directed to children. We do not knowingly collect personal data from children.
Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in legal requirements, website functionality or data practices. Any updates will be posted on this page together with a revised “Last updated” date.
Contact
If you have any questions about this Privacy Policy or about how your personal data is handled, please contact:
hello@investstack.io