Can DonkyCapital access my broker accounts?

No. DonkyCapital never requires broker credentials and never accesses your accounts directly. Data is entered only through the user's direct action: manually or by uploading a CSV file.

Are portfolio tracking apps GDPR compliant?

It depends on the app. Apps based or with servers in Europe are generally GDPR compliant. DonkyCapital stores all data on EU servers and is fully compliant: you have the right of access, rectification, erasure and data portability.

What data does a portfolio tracking app collect?

The main categories are: identity data (email, name), portfolio financial data (assets, performance, average cost), behavioural data (pages visited, usage frequency), device data (IP, OS). Some apps also collect broker credentials — a significant risk that DonkyCapital avoids by design.

DonkyCapital Guide

Privacy in Portfolio Tracking: What Data Your Tools Really Collect

Millions of investors entrust their portfolio data to apps and online services without asking what happens to that information. Yet your portfolio contains some of the most sensitive data that exists: your financial situation, your saving habits, your goals.

This guide analyses what the main portfolio tracking tools actually collect, what the GDPR says about it, and how DonkyCapital manages your privacy by design.

What Portfolio Tracking Apps Actually Collect

Not all apps collect the same data. But most collect far more than seems necessary. Here are the main data categories and associated risk levels.

Identity data

Low

Full name
Email address
Date of birth
Phone number

Portfolio financial data

High

Assets held and quantities
Average purchase price
Realised and unrealised returns
Total portfolio value

Broker credentials (if required)

High

Broker username and password
OAuth access tokens
API keys with read/write permissions

Behavioural data

Medium

Pages visited in the app
Login frequency
Features used
Session duration

Device data

Medium

Device type and operating system
IP address
Advertising identifiers (IDFA/GAID)
Approximate geolocation

Data shared with third parties

High

Analytics (Google Analytics, Mixpanel)
Advertising networks
Commercial partners
Data brokers

The highest risk is not always in data collection, but in sharing it with third parties and combining it to create detailed financial profiles.

Privacy Comparison: Who Collects What

Comparative analysis of the main portfolio tracking apps based on data collected and privacy practices.

App	Broker access	Data sharing	GDPR	Open Source	Business model
DonkyCapital★	✗ Never	No sharing	✓ Compliant	Partial	Freemium / subscription
Delta App	Optional (API)	Third-party analytics	✓ Compliant	✗	Freemium + ads
Getquin	Optional	Analytics + partners	✓ Compliant	✗	Freemium + aggregated data
Portfolio Performance	✗	✗ None	N/A (local)	✓ Open source	Free (desktop)
Yahoo Finance	Optional	Extensive (Verizon Media)	Partial	✗	Advertising
Bank-integrated tools	✓ Direct	Internal to group	✓ Compliant	✗	Bundled with account

Data based on published privacy policies. Actual practices may vary. Always check the current privacy policy of the tool you use.

GDPR and Your Rights as a European Investor

The GDPR (General Data Protection Regulation) gives all European citizens precise rights over their data. Here's what you can demand from any service you use.

Right of access

You can request at any time a complete copy of all the data an app has collected on you.

Right to rectification

If your data is incorrect or incomplete, you have the right to have it corrected.

Right to erasure ("right to be forgotten")

You can request the deletion of all your data. The app must delete everything, including backups and copies held by third parties.

Right to data portability

You can request your data in machine-readable format to transfer it to another service.

Right to object to processing

You can object to your data being processed for marketing or profiling purposes.

Right not to be subject to automated decisions

If an app uses your data for automated decisions (e.g. financial profiling), you have the right to request human review.

Questions to ask before using an app

1.Where is my data physically stored? (EU or outside EU?)
2.Is my data shared with third parties? For what purposes?
3.How is data protected in transit and at rest?
4.How long is my data retained after account deletion?
5.Does the app require my broker credentials? Why?
6.Can I export all my data at any time?

The Risk of Direct Broker Access

Some portfolio tracking apps require your broker credentials — username, password or OAuth token — to automatically import transactions. This approach carries serious risks.

Expanded attack surface

If the app suffers a data breach, attackers gain not just your portfolio but also access to your broker account. A compromised database can expose the credentials of thousands of users.

Risk: direct capital loss

Excessive permissions via API

Broker APIs often grant access to more features than needed for read-only access. A dishonest or compromised app could execute unauthorised transactions.

Risk: unauthorised orders, withdrawals

Company acquisition or ownership change

Startups get acquired. If the app holding your credentials is bought by another company, who guarantees how your data is handled after the acquisition?

Risk: data transferred to third parties without explicit consent

Lack of revocation control

Do you always know where your credentials are? Can you revoke access at any time? Many users don't — leaving active access to discontinued apps.

Risk: ghost access indefinitely

🔒

The golden rule: a portfolio tracking app never needs your broker credentials. If it asks for them, ask yourself why. Manual tracking or CSV import is always more secure.

The DonkyCapital Privacy Approach

DonkyCapital was designed with privacy as a system constraint, not an added feature. Here are the concrete principles that guide how we handle your data.

Zero broker access

We never ask for your broker credentials. Ever. The only way to import data is via CSV files you export from the broker yourself and upload voluntarily.

Data minimisation

We collect only data strictly necessary for the service to function. No third-party data, no tracking pixels, no profiling.

No data selling

Your portfolio is never used to generate aggregated insights to sell to third parties, for advertising targeting or other commercial purposes.

EU data storage

All data is stored on European infrastructure, subject to GDPR. No transfer to non-EU countries without explicit consent.

Full export always available

You can export all your data at any time in CSV format. Your portfolio is yours — you can take it away whenever you want.

Real deletion

When you delete your account, data is actually deleted — not just hidden or archived.

What we collect and why

Email and password (hashed)	Account authentication	EU server, encrypted
Portfolio data (transactions, assets, manual prices)	Service functionality	EU server, encrypted in transit and at rest
Access logs (IP, timestamp)	Security and abuse prevention	Deleted after 90 days
UI preferences (language, theme)	Experience personalisation	Browser local / EU server

What we never collect

✗Broker credentials (username, password, tokens)
✗Biometric data
✗Advertising identifiers (IDFA, GAID)
✗Precise geolocation data
✗Content of private communications
✗Data shared with advertising networks or data brokers

Our choice not to request broker access is not a technical limitation — it's a deliberate design choice. We believe your portfolio is your business.

Privacy FAQ

Can DonkyCapital see my broker accounts?

No. DonkyCapital never has access to your broker accounts. We don't ask for credentials, don't use Open Banking, and don't connect directly to any broker. The only way to enter data is through your own direct action: manual entry or CSV file upload.

Is my portfolio data shared with third parties?

No. Your portfolio data is never shared with third parties for commercial, advertising or analytical purposes. We use third-party technical services (e.g. hosting, CDN) bound by GDPR-compliant data processing agreements, but they have no access to your portfolio contents.

Is DonkyCapital GDPR compliant?

Yes. DonkyCapital is GDPR compliant. Data is stored on EU servers, you have the right of access, rectification, erasure and portability, and you can exercise these at any time by contacting our support.

What happens to my data if I delete my account?

When you delete your account, all your data is permanently deleted from our systems within 30 days. We do not retain backups of your data after deletion, unless required by specific legal obligations.

Can I export my portfolio before deleting my account?

Yes. You can export all your portfolio data in CSV format at any time from the Settings section. Your portfolio is yours — you can take it wherever you want, whenever you want.

Your Portfolio, Your Privacy

Try DonkyCapital for free. Zero broker access, zero data sharing, zero privacy compromises.

Get Started Free