Privacy Policy — StackerLive

Last updated: 19 May 2026 Effective from: 19 May 2026

This notice covers the StackerLive iOS app. It does not cover the stackerlive.com website — see our separate Website Privacy & Cookies for that.

1. Who we are

This app, StackerLive (the “App”), is provided by StackerLive Ltd, a company registered in England and Wales.

Company number: 17038539
Registered address: 44 High Street, Dartford, United Kingdom, DA1 1DE
Contact: contact@stackerlive.com

For the purposes of UK and EU data protection law, StackerLive Ltd is the data controller in respect of the limited personal data described in this policy.

2. What this policy covers

This policy explains:

What information the App collects, and how;
What we use it for, and what we never use it for;
Who we share it with (a very short list);
What rights you have over your data;
How to contact us.

It applies to your use of the StackerLive iOS app, distributed via the Apple App Store. It does not cover any third-party services you may use outside the App.

3. The short version

Most of your data never leaves your device. Your portfolio, item details, prices, photos, and settings are stored locally on your iPhone or iPad. We do not have user accounts, and we do not upload your portfolio to any server.
We use Supabase (a third-party platform) to deliver shared reference data — live precious-metals spot prices, an index of bullion products, and to power the optional AI-assisted CSV/photo import feature.
We use Sentry (a third-party platform) to receive anonymous crash and error diagnostics so we can fix bugs. You can turn this off in Settings → Diagnostics.
We do not show ads. We do not sell your data. We do not track you for marketing. There is no behavioural profiling.

If that’s enough for you, you can stop reading. The sections below explain each point in more detail.

4. Information stored on your device only

The App stores the following information locally on your device. None of it is uploaded to our servers or anyone else’s by default:

Your portfolio items (names, weights, purities, mints, categories, purchase prices, dates, notes).
Photos or receipts you attach to portfolio items.
Your sale records.
Your draft entries.
Your preferences (currency, weight display unit, tax rates, theme, date format).
Spot-price history cached for charting.

This information is stored in the App’s sandbox on your device using standard iOS storage (the App’s Documents directory and UserDefaults). It is included in iCloud Device Backups if you have iCloud Backup enabled in your iOS Settings — but that is between you and Apple. We do not have access to those backups.

If you delete the App, this information is deleted with it. We cannot recover it.

5. Information sent to our backend (Supabase)

We use Supabase (provided by Supabase Inc., 970 Toa Payoh North #07-04, Singapore) as our backend platform. Supabase hosts:

The bullion reference database — a public catalogue of precious-metals products. When you search for an item, your search query is sent to Supabase to return matches. The query is not linked to you personally.
A spot price service — when the App fetches current or historical metal prices, it makes a request to a Supabase Edge Function. These requests do not include any portfolio data.
An AI-assisted import feature — if you choose to import a CSV or photograph of a receipt, the file contents are sent to a Supabase Edge Function which forwards them to Anthropic’s Claude AI for structured extraction. The extracted data is returned to your device. We do not retain the contents of imported files or receipt images on our servers — they are processed in-memory for the duration of the request and discarded once the response is returned.

What we log for these calls

To prevent abuse and operate the service, we log the following for each request:

A randomly-generated device identifier (a UUID created the first time you use the App; not linked to your Apple ID, email, or any personal information).
The time of the request.
The type of operation (e.g. “AI parse”).
Success or failure status.

We do not log the contents of imported files, the resulting portfolio data, or your search terms beyond what is needed to fulfil the request.

Supabase processes data on our behalf as a processor under UK and EU GDPR. Supabase may process data in jurisdictions outside the UK and EU, with appropriate safeguards (Standard Contractual Clauses).

6. Crash and error diagnostics (Sentry)

If you leave the “Share Crash Reports” toggle enabled in Settings → Diagnostics (the default), the App sends anonymous diagnostic information to Sentry (Functional Software, Inc. trading as Sentry, 132 Hawthorne Street, San Francisco, CA 94107, USA) when it crashes or hits a known error path.

Sentry’s servers used by the App are located in the European Union (Frankfurt, Germany).

What is sent

The stack trace of the crash or error.
Your iOS version, device model, locale, and amount of free memory.
The App version and build number.
A trail of recent App activity (“breadcrumbs”): which screens you visited, which network requests were made (URLs only, never request or response bodies), and lifecycle events such as the App moving to the background.
A randomly-generated device identifier (a UUID generated by Sentry; not the same one used for Supabase, and not linked to your Apple ID, email, or any personal information).

What is NOT sent

Your portfolio items, item names, weights, prices, P&L figures, or any other portfolio data.
Photos or attachments.
Your tax settings, currency, or any preferences.
Your IP address (this is explicitly disabled).
Screenshots or the view hierarchy.
Any credentials, tokens, or API keys.

How to turn it off

Go to Settings → Diagnostics and switch Share Crash Reports off. The App stops sending immediately.

Sentry processes data on our behalf as a processor under UK and EU GDPR.

7. Permissions we ask for

The App may request the following iOS permissions. We never use them for anything other than the stated purpose.

Camera — to photograph receipts or certificates that you choose to attach to portfolio items. Photos are stored on your device only.
Photo Library — to attach existing photos to portfolio items. Photos are stored on your device only.

You can revoke either permission at any time in iOS Settings → Privacy & Security.

8. What we do not do

For clarity:

We do not show advertising.
We do not sell, rent, or share your information with advertisers.
We do not track you across other apps or websites.
We do not use cookies or web tracking (the App is a native iOS app).
We do not require an account, an email address, or a phone number to use the App.
We do not read your contacts, location, microphone, or any other sensitive iOS data sources.

9. Children’s privacy

The App is not directed at children under 13 and we do not knowingly collect data from children. If you believe a child has provided information to us, contact us at contact@stackerlive.com and we will assist.

10. Your rights

If you are in the UK or EU, you have the following rights under GDPR in respect of personal data we hold (which, for most users, is limited to the device identifiers described above and any crash reports we have received):

The right to be informed (this policy).
The right of access (a copy of what we hold).
The right to rectification (correction of inaccurate data).
The right to erasure (“right to be forgotten”).
The right to restrict processing.
The right to data portability.
The right to object.
Rights related to automated decision-making (we do not engage in this).

To exercise any of these rights, contact us at contact@stackerlive.com. We will respond within one month.

If you believe we are processing your data unlawfully, you can complain to the UK Information Commissioner’s Office (https://ico.org.uk) or your local supervisory authority.

11. International users

The App is initially marketed to users in the United Kingdom but is available worldwide via the Apple App Store. If you are using the App outside the UK or EU, please note:

Some processors we use (e.g. Sentry) are based in the United States. Where personal data is transferred outside the UK/EU, we rely on Standard Contractual Clauses or equivalent mechanisms.
Your local laws may give you additional rights. Contact us at contact@stackerlive.com if you have specific requests under your local data protection law.

If we materially expand into other jurisdictions, this policy will be updated to reflect any additional disclosures required there (for example, California Consumer Privacy Act notices, or Brazilian LGPD).

12. Retention

On-device data is retained until you delete it from within the App, or until you delete the App.
Supabase service logs (request metadata) are retained for 30 days for abuse-prevention and debugging purposes.
Sentry crash reports are retained for 30 days under our current plan, after which they are automatically deleted.

13. Security

We take reasonable technical and organisational measures to protect the limited data we process. In particular:

Communications between the App and our backend are encrypted in transit using HTTPS / TLS.
We do not use a password-based account system, so there are no user credentials for us to lose.
Our backend providers (Supabase, Sentry) are SOC 2 / ISO 27001 certified or equivalent.

No system is perfectly secure, and we cannot guarantee absolute security. If a data breach affects you, we will notify you in line with our legal obligations.

14. Changes to this policy

We may update this policy from time to time. When we do, we will:

Update the “Last updated” date at the top.
For significant changes, notify users via an in-app message or a release note in the App’s changelog on the App Store.

Your continued use of the App after the effective date of any change constitutes acceptance of the updated policy.

15. Contact us

For any questions, requests, or concerns about this policy or your data:

Email: contact@stackerlive.com
Post: StackerLive Ltd, 44 High Street, Dartford, United Kingdom, DA1 1DE