Privacy Policy

This policy outlines how we handle your data with the highest standards of financial confidentiality and security.

Compliance: GDPR & International Standards Last updated: 08/02/2026
Section 01

Data Controller

The party responsible for processing your personal data is Rubén Pérez Aledo, with Tax ID 55092745V. For any inquiries regarding your data management, contact us at soporte@twentyoneportfolio.com.

Section 02

Data Collection

To provide our financial analysis services, we collect the following minimum data:

01
Identification: Full name and email address.
02
Authentication: Unique identifier provided by Google (Social Login).
03
Payment Management: Stripe customer identifier (we do not store credit card info).
04
User Content: Encrypted journal entries, portfolio data, notes, and goals.

Privacy Proxy & Anti-Recording Shield

To maintain absolute financial confidentiality, TwentyOne utilizes RudderStack as a privacy gateway. This technology acts as a filter between our secure infrastructure and third-party analytics services.

Sensitive Data Protection

We implement Strict Masking protocols. Third-party tools are strictly prohibited from viewing or recording financial figures, balances, or private journal text.

Anonymous Analytics

We only share anonymous usage patterns to improve the tool, never your identity or net worth.

Section 04

Service Providers

To operate with professional standards, we share limited and filtered data with:

Microsoft Clarity Disclosure

"We partner with Microsoft Clarity and Microsoft Advertising to capture how you use and interact with our website through behavioral metrics, heatmaps, and session replay to improve and market our products/services... For more information visit the Microsoft Privacy Statement."

TwentyOne Layer: Per our "Anti-Recording Shield", all session replays captured by Microsoft Clarity are subject to Strict Masking.

Stripe
Payment Infrastructure
Google Auth
Authentication
MongoDB
Encrypted Storage
GA4
Usage Metrics
Clarity
UX Behavior

Journal Protection: We implement a zero-access architecture. Private entries are encrypted client-side and remain unreadable to our systems and providers.

* Note: Google Analytics and Microsoft Clarity will only process data upon the user's explicit consent.

05. Data Retention

We retain data as long as your account is active. Upon deletion, all personal data is permanently removed within 30 days, except for legal requirements (invoices).

06. Your Rights

You have the right to access, rectify, or delete your data at any time via settings or by emailing soporte@twentyoneportfolio.com.

Privacy is a fundamental pillar at TwentyOne. Thank you for trusting us.