Privacy Policy

1. Overview / Übersicht

This privacy policy explains how thecompoundfamily.com collects, uses, and protects your personal data in accordance with the EU General Data Protection Regulation (GDPR), the German TTDSG, and the German Federal Data Protection Act (BDSG).

Controller / Verantwortlicher:

2. Data We Collect / Erhobene Daten

2.1 Server Log Files (automatically collected)

When you visit our website, Cloudflare automatically collects standard server log data:

• IP address (anonymised after processing)
• Date and time of access
• Pages visited, files requested
• Browser type and version
• Operating system
• Referrer URL

Legal basis: Art. 6(1)(f) GDPR — legitimate interest in secure website operation. Log files are retained for a maximum of 30 days.

2.2 Cloudflare

This website is hosted via Cloudflare, Inc. (101 Townsend St., San Francisco, CA 94107, USA). Cloudflare may set technically necessary cookies (e.g. __cf_bm, cf_clearance) for bot protection — no consent required under TTDSG § 25(2).

Data transfer to the USA is based on Standard Contractual Clauses (SCCs) pursuant to Art. 46(2)(c) GDPR. See: cloudflare.com/privacypolicy

2.3 Fonts (self-hosted)

All fonts (Playfair Display, DM Sans, DM Mono, JetBrains Mono) are served locally from our own server. No requests are made to Google Fonts or any external font CDN.

2.4 No Analytics, No Tracking

We do not use Google Analytics, Meta Pixel, or any behavioural tracking or advertising technology.

2.5 Interactive Tools (Valuation, Calculator, BPS Analyzer, Stock Terminal)

All calculations run entirely in your browser. No input data is transmitted to our servers. The tools use localStorage solely to remember your theme and language preference. No financial data you enter is stored outside your browser session.

2.6 Contact via E-Mail

If you contact us by e-mail, we process your name and e-mail address solely for the purpose of responding to your inquiry. Legal basis: Art. 6(1)(f) GDPR. Data is deleted once the inquiry is resolved.

2.7 E-Mail Newsletter (MailerLite)

We offer an optional email subscription to notify you about new features and updates. If you subscribe, your email address is transmitted to and stored by MailerLite UAB (J. Basanavičiaus 15, LT-03108 Vilnius, Lithuania — EU-based).

Data collected:

• E-mail address
• Date and time of subscription
• IP address (for double opt-in confirmation)

Legal basis: Art. 6(1)(a) GDPR — your explicit consent. You may withdraw your consent at any time by clicking "Unsubscribe" in any email.

MailerLite uses a double opt-in process: you must confirm your subscription via a confirmation email before being added to any list. MailerLite is GDPR-compliant and processes data within the EU. See: mailerlite.com/legal/privacy-policy

Art. 6(1)(a) DSGVO · Verarbeitungsvertrag gemäß Art. 28 DSGVO mit MailerLite abgeschlossen.

2.8 Payment Processing (Stripe)

For paid subscriptions and services, payments are processed by Stripe Payments Europe, Ltd. (1 Grand Canal Street Lower, Grand Canal Dock, Dublin, D02 H210, Ireland).

When you make a payment, the following data is transmitted to Stripe:

• Payment card details (processed directly by Stripe — we never see or store your card number)
• Name and billing address
• E-mail address
• Transaction amount and currency

Legal basis: Art. 6(1)(b) GDPR — performance of a contract. Stripe may also use data for fraud prevention pursuant to Art. 6(1)(f) GDPR.

Stripe is PCI DSS Level 1 certified. Data is processed in the EU (Ireland). See: stripe.com/privacy

Art. 6(1)(b) DSGVO · Stripe Ireland Ltd. ist als Auftragsverarbeiter gemäß Art. 28 DSGVO tätig.

2.9 Voluntary Donations (Buy Me a Coffee)

We offer the option to support our work via Buy Me a Coffee (operated by Buy Me a Coffee, Inc., 340 S Lemon Ave #3717, Walnut, CA 91789, USA).

If you use this service, you are redirected to the Buy Me a Coffee platform. Any data you provide there (e-mail, payment details) is processed by Buy Me a Coffee under their own privacy policy. We receive only confirmation of a successful donation.

Legal basis: Art. 6(1)(a) GDPR — your voluntary action.

Data transfer to the USA is based on the EU-US Data Privacy Framework and Standard Contractual Clauses. See: buymeacoffee.com/privacy

2.10 User Authentication (Clerk)

User registration, login, and session management are handled by Clerk, Inc. (548 Market St, PMB 72878, San Francisco, CA 94104, USA).

When you create an account or sign in, the following data is transmitted to and stored by Clerk:

• E-mail address
• Name (if provided during registration)
• Encrypted password (hashed — we never see it)
• Session tokens (JWT) for maintaining your login state
• IP address and device/browser information (for security purposes)
• Date and time of login and logout events

Legal basis: Art. 6(1)(b) GDPR — performance of the contract (user account is required to access the service). Art. 6(1)(f) GDPR — legitimate interest in secure authentication and fraud prevention.

Data transfer to the USA is based on Standard Contractual Clauses (SCCs) pursuant to Art. 46(2)(c) GDPR. A Data Processing Agreement (DPA) pursuant to Art. 28 DSGVO has been concluded with Clerk. Clerk does not use your data for advertising or model training. See: clerk.com/legal/privacy

Session cookies set by Clerk (__session, __client_uat) are technically necessary for login functionality — no consent required pursuant to TTDSG § 25(2)(2).

Art. 6(1)(b) DSGVO · Art. 6(1)(f) DSGVO · Auftragsverarbeitungsvertrag gemäß Art. 28 DSGVO mit Clerk, Inc. abgeschlossen · Standardvertragsklauseln gemäß Art. 46(2)(c) DSGVO.

2.11 AI Analysis Feature (Anthropic Claude)

Our platform offers an optional AI-powered analysis feature ("AI Analysis") for premium subscribers. When you use this feature, the financial model outputs for the analyzed company (scores, metrics, sector data) are transmitted to Anthropic, PBC (548 Market St, PMB 90375, San Francisco, CA 94104, USA) to generate an AI interpretation.

Important: No personal data is transmitted to Anthropic.

Only anonymised financial model outputs (scores and public market data) are sent — no name, email, IP address, or any personally identifiable information.

Legal basis: Art. 6(1)(b) GDPR — performance of the premium service contract. Art. 6(1)(f) GDPR — legitimate interest in providing AI-enhanced analysis.

Data transfer to the USA is based on Standard Contractual Clauses pursuant to Art. 46(2)(c) GDPR. Anthropic's API does not use submitted data to train its models by default. See: anthropic.com/privacy

Art. 6(1)(b) DSGVO · Art. 6(1)(f) DSGVO · Standardvertragsklauseln gemäß Art. 46(2)(c) DSGVO.

2.12 Broker Connection (SnapTrade)

Users who choose to connect a brokerage account use the service of Passiv Technologies Inc. ("SnapTrade") (360 Bay St Suite 900, Toronto, ON M5H 2V6, Canada). SnapTrade acts as an OAuth aggregation layer — it facilitates the secure connection between your brokerage account and this platform.

Data processed by SnapTrade:

• Brokerage account holdings (positions, balances, transactions)
• An anonymised SnapTrade user ID linked to your TCF account
• OAuth tokens for your connected brokerage (encrypted, not stored in plain text)

No trading orders are placed. The connection is read-only by default. SnapTrade does not receive your TCF password or email address.

SnapTrade is SOC 2 Type II certified. Data is stored in Canada and the USA. Transfer to third countries is governed by SnapTrade's sub-processor agreements. See: snaptrade.com/privacy

Art. 6(1)(b) DSGVO (contract fulfilment) · Art. 6(1)(a) DSGVO (consent) · Data transfer: adequacy decision Canada (Art. 45 DSGVO) + Standard Contractual Clauses for US sub-processors.

2.13 Interactive Brokers Portfolio Sync (Claude Code MCP)

Users of Interactive Brokers may optionally synchronise their portfolio using Claude Code (Anthropic, PBC) in combination with the Interactive Brokers MCP (Interactive Brokers LLC, One Pickwick Plaza, Greenwich, CT 06830, USA). This is a voluntary, user-initiated action.

When syncing, the following data is transmitted from the user's own IBKR account to this platform:

• Position data (ticker symbols, quantities, market values, P&L)
• Option positions (strike, expiry, Greeks if available)
• Account summary (NAV, margin, buying power — no bank account numbers)

This data is transmitted directly from the user's device to The Compound Family API (Cloudflare Workers) over encrypted HTTPS and stored in our D1 database. It is not shared with third parties. The user controls when syncs occur.

Art. 6(1)(b) DSGVO · Art. 6(1)(a) DSGVO · Interactive Brokers privacy policy: interactivebrokers.com/privacy

3. Cookies

We do not set any marketing, analytics, or tracking cookies.

Gemäß TTDSG § 25 und Art. 6 DSGVO

4. Your Rights / Ihre Rechte

Under GDPR you have the following rights:

• Right of access (Art. 15 GDPR)
• Right to rectification (Art. 16 GDPR)
• Right to erasure (Art. 17 GDPR — "right to be forgotten")
• Right to restriction of processing (Art. 18 GDPR)
• Right to data portability (Art. 20 GDPR)
• Right to object (Art. 21 GDPR)

To exercise these rights: [email protected]

You may also lodge a complaint with the national supervisory authority. In Germany: Bundesbeauftragte für den Datenschutz (BfDI).

5. External Links

Our website contains links to external sites (YouTube, Yahoo Finance, etc.). The respective provider's privacy policy applies to those sites. Our YouTube channel (@TheCompoundFamily) is operated by Google Ireland Ltd. — Google Privacy Policy.

6. Data Security / Datensicherheit

This website is served exclusively over HTTPS (TLS encryption). Cloudflare provides additional DDoS protection and security filtering.

7. Changes to This Policy

We may update this policy if our data processing or legal requirements change. The current version is always available at thecompoundfamily.com/datenschutz.html.

Letzte Aktualisierung / Last updated: Mai 2026 · inkl. Clerk, Anthropic, Stripe, MailerLite, SnapTrade, IBKR MCP