Privacy Policy

This policy outlines how we handle your data with the highest standards of financial confidentiality and security.

Compliance: GDPR & International Standards Last updated: 21/06/2026
Section 01

Data Controller

The party responsible for processing your personal data is Rubén Pérez Aledo, with Tax ID 55092745V. For any inquiries regarding your data management, contact us at support@twentyoneportfolio.com.

Section 02

Data Collection

To provide our financial analysis services, we collect the following minimum data:

01
Identification: Full name and email address.
02
Authentication: Unique identifier provided by Google (Social Login).
03
Payment Management: Stripe customer identifier (we do not store credit card info).
04
User Content: Encrypted journal entries, portfolio data, notes, and goals.
Section 03

Legal Basis

Under the GDPR, we process your personal data relying on the following legal bases:

  • Contract Execution: Necessary to provide you with the TwentyOne platform, create your account, and manage your subscription.
  • Consent: For processing non-essential analytics (like Microsoft Clarity or GA4) and marketing communications. You can withdraw this at any time.
  • Legal Obligation: To comply with tax, accounting, and financial regulations regarding your billing history.

Privacy Proxy & Anti-Recording Shield

To maintain absolute financial confidentiality, TwentyOne utilizes RudderStack as a privacy gateway. This technology acts as a filter between our secure infrastructure and third-party analytics services.

Sensitive Data Protection

We implement Strict Masking protocols. Third-party tools are strictly prohibited from viewing or recording financial figures, balances, or private journal text.

Anonymous Analytics

We only share anonymous usage patterns to improve the tool, never your identity or net worth.

Section 04

Service Providers

To operate with professional standards, we share limited and filtered data with:

Microsoft Clarity Disclosure

"We partner with Microsoft Clarity and Microsoft Advertising to capture how you use and interact with our website through behavioral metrics, heatmaps, and session replay to improve and market our products/services... For more information visit the Microsoft Privacy Statement."

TwentyOne Layer: Per our "Anti-Recording Shield", all session replays captured by Microsoft Clarity are subject to Strict Masking.

Stripe
Payment Infrastructure
Google Auth
Authentication
MongoDB
Encrypted Storage
GA4
Usage Metrics
Clarity
UX Behavior

Journal Protection: We implement a zero-access architecture. Private entries are encrypted client-side and remain unreadable to our systems and providers.

* Note: Google Analytics and Microsoft Clarity will only process data upon the user's explicit consent.

International Data Transfers

Some of our service providers are located outside the European Economic Area (EEA), specifically in the United States. When your data is transferred internationally, we ensure it is protected by implementing strict safeguards, such as the EU-US Data Privacy Framework or using Standard Contractual Clauses (SCCs) approved by the European Commission.

05. Data Retention

We retain data as long as your account is active. Upon deletion, all personal data is permanently removed within 30 days, except for legal requirements (invoices).

06. Your Rights

You have the right to access, rectify, restrict, port, or delete your data at any time via settings or by emailing support@twentyoneportfolio.com.

If you believe your data protection rights have been violated, you have the right to lodge a complaint with the relevant Data Protection Authority in your country (e.g., the AEPD in Spain).

07. Policy Changes

This Privacy Policy may be updated periodically. The latest version will apply immediately. If significant changes are made regarding how we handle your personal or financial data, we will notify you via email.

Section 08

Children's Privacy

The TwentyOne platform, including its Q-Core 21 algorithm and suite of financial tracking tools, is designed and intended strictly for adult professionals, individual investors, and corporate entities. Our services are exclusively directed at individuals who are at least 18 years of age, or the legal age of majority in their respective jurisdiction of residence.

We do not intentionally, knowingly, or purposefully collect, solicit, maintain, or process personal information, financial records, or behavioral analytics from children under the age of 18. We recognize the paramount importance of protecting children's online privacy and strictly adhere to international data protection frameworks, including the European General Data Protection Regulation (GDPR) and the U.S. Children's Online Privacy Protection Act (COPPA).

Account Termination & Data Purge: If we become aware—either through our own routine security audits, identity verification processes, or by direct notification from a parent or legal guardian—that an account has been unlawfully created by a minor, we will take immediate and irreversible action. This includes the unilateral termination of the unauthorized account and the permanent, secure cryptographic deletion of all personal identification, journal entries, and financial portfolio data associated with that user from our servers.

If you are a parent or guardian and you believe we might have inadvertently collected personal data from or about a child without valid consent, please contact our compliance and security team immediately at support@twentyoneportfolio.com so we can take swift corrective measures.

Privacy is a fundamental pillar at TwentyOne. Thank you for trusting us.

Privacy & Cookies Preference

We use anonymous analytics to improve your experience. No financial data is ever shared. Read Policy.