Privacy Policy
OnlyDividends Mobile Application
Last Updated: January 18, 2025
1. Introduction
At OnlyDividends, your privacy is our priority. We are committed to protecting your personal data and being transparent about how we collect, use, and safeguard your information.
OnlyDividends operates on a privacy-first principle. Unlike many financial applications, we do not require you to link your bank accounts, brokerage accounts, or provide access to your financial institutions. You maintain full control over your data by manually entering only the stock symbols and quantities you wish to track.
This Privacy Policy explains what personal data we collect, why we collect it, how we use it, and your rights regarding your data. It applies to all users of the OnlyDividends mobile application (the "Application").
2. Data Controller
The data controller responsible for your personal data is:
- Name: El Mourad Sroutou, entrepreneur individuel
- SIREN: [Pending registration]
- Address: 10 Rue de la Bourse, 75002 Paris, France
- Email: support@onlydividends.app
We process your personal data in accordance with Regulation (EU) 2016/679 (General Data Protection Regulation - "GDPR") and the French Data Protection Act (Loi Informatique et Libertés).
3. What Personal Data Do We Collect?
We collect only the data necessary to provide you with our services. We practice data minimization and do not collect more information than required.
3.1 Account Data
When you create an account, we collect:
- Email address
- Authentication credentials (encrypted password or OAuth tokens for Google/Apple Sign-In)
- Account creation date
3.2 Portfolio Data
When you use the Application, we collect the information you voluntarily provide:
- Stock ticker symbols you track
- Number of shares for each holding
- Date holdings were added
3.3 User Preferences
To personalize your experience, we store your preferences:
- Preferred currency (EUR, USD, GBP, CAD, CHF, AUD)
- Language preference (English, French, Spanish)
- Withholding tax rate setting
- Notification preferences
- Timezone setting
- Monthly income goal (if set)
3.4 Technical and Usage Data
We automatically collect certain technical information:
- Device type and operating system version
- Application version
- Anonymous usage statistics (screens visited, features used)
- Crash reports and error logs
- Push notification tokens (for delivering notifications)
- IP address (for security and fraud prevention)
3.5 Data We Do NOT Collect
To emphasize our privacy-first approach, we want to be clear about what we do not collect:
- Bank account credentials or access
- Brokerage account credentials or access
- Transaction history from financial institutions
- Purchase prices or cost basis of your investments
- Social security numbers or government IDs
- Payment card details (processed by Apple/Google)
4. Legal Bases for Processing
Under the GDPR, we process your personal data based on the following legal grounds:
| Purpose | Legal Basis | Data Categories |
|---|---|---|
| Providing the Service (portfolio tracking, dividend calendar, notifications) | Contract Performance (Art. 6(1)(b) GDPR) | Account Data, Portfolio Data, Preferences |
| Managing subscriptions and payments | Contract Performance (Art. 6(1)(b) GDPR) | Account Data, Subscription Status |
| Improving the Application and fixing bugs | Legitimate Interest (Art. 6(1)(f) GDPR) | Technical Data, Crash Reports |
| Sending marketing communications | Consent (Art. 6(1)(a) GDPR) | Email Address |
| Responding to GDPR rights requests | Legal Obligation (Art. 6(1)(c) GDPR) | Account Data, Request Details |
5. Who Do We Share Your Data With?
We do not sell your personal data. We share data only with trusted service providers necessary to operate the Application:
5.1 Service Providers
- Firebase (Google LLC): Authentication, database hosting, analytics, and crash reporting. Privacy Policy: https://firebase.google.com/support/privacy
- Financial Modeling Prep (FMP): Stock and dividend data provider. We send only stock symbols, not user identifiers. Privacy Policy: https://financialmodelingprep.com/developer/docs/terms
- RevenueCat: Subscription management. Privacy Policy: https://www.revenuecat.com/privacy
- Resend: Transactional email delivery. Privacy Policy: https://resend.com/legal/privacy-policy
- Sentry: Error tracking and monitoring. Privacy Policy: https://sentry.io/privacy/
- Apple App Store / Google Play Store: Payment processing for subscriptions. We do not receive or store payment card details.
5.2 Legal Requirements
We may disclose your data if required by law, court order, or government request, or to protect our rights, property, or safety.
6. International Data Transfers
Your data is processed and stored on Firebase servers located in the United States (us-central1 region). This means your personal data is transferred outside the European Economic Area (EEA).
For transfers to the United States, we rely on:
- EU-US Data Privacy Framework: Google LLC (Firebase) is certified under the EU-US Data Privacy Framework.
- Standard Contractual Clauses (SCCs): Where applicable, we ensure appropriate safeguards through SCCs approved by the European Commission.
7. How Long Do We Keep Your Data?
We retain your data only for as long as necessary to provide our services or comply with legal obligations:
| Data Type | Retention Period |
|---|---|
| Account Data | Deleted immediately upon account deletion |
| Portfolio Data | Deleted immediately upon account deletion |
| User Preferences | Deleted immediately upon account deletion |
| Analytics Data | 14 months (Firebase Analytics default) |
| Crash Reports | 90 days (Firebase Crashlytics default) |
| Legal/Compliance Records | Up to 5 years as required by French law |
8. Your Rights Under GDPR
As a data subject under the GDPR, you have the following rights:
- Right of Access (Art. 15): Request a copy of the personal data we hold about you.
- Right to Rectification (Art. 16): Request correction of inaccurate or incomplete data.
- Right to Erasure (Art. 17): Request deletion of your personal data ("right to be forgotten").
- Right to Restriction (Art. 18): Request limitation of processing in certain circumstances.
- Right to Data Portability (Art. 20): Receive your data in a structured, machine-readable format.
- Right to Object (Art. 21): Object to processing based on legitimate interests.
- Right to Withdraw Consent (Art. 7): Withdraw consent at any time for processing based on consent.
8.1 How to Exercise Your Rights
To exercise any of these rights, contact us at support@onlydividends.app. We will respond within one (1) month. We may request proof of identity before processing your request.
8.2 Right to Lodge a Complaint
If you believe your data protection rights have been violated, you have the right to lodge a complaint with the French data protection authority:
- CNIL (Commission Nationale de l'Informatique et des Libertés)
- Website: https://www.cnil.fr
- Address: 3 Place de Fontenoy, TSA 80715, 75334 Paris Cedex 07, France
9. Data Security
We implement appropriate technical and organizational measures to protect your personal data:
- Encryption: Data is encrypted in transit (TLS/SSL) and at rest.
- Authentication: Secure authentication via Firebase Authentication with support for Google Sign-In and Apple Sign-In.
- Access Controls: Database security rules ensure users can only access their own data.
- Regular Updates: We keep our systems and dependencies up to date with security patches.
While we strive to protect your data, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.
10. Children's Privacy
The Application is not intended for users under 18 years of age. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us at support@onlydividends.app, and we will delete such data promptly.
11. Push Notifications
With your consent, we send push notifications to inform you of dividend payments. These notifications are a core feature of OnlyDividends and display tax-adjusted dividend amounts based on your settings.
You can manage notification preferences within the Application settings or through your device's system settings at any time.
12. Third-Party Links
The Application may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any personal data.
13. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes via email or in-app notification. The "Last Updated" date at the top of this policy indicates when it was last revised.
Continued use of the Application after changes become effective constitutes acceptance of the revised Privacy Policy.
14. Language
This Privacy Policy is available in English, French, and Spanish. In the event of any discrepancy between language versions, the French version shall prevail.
15. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
- Email: support@onlydividends.app
- Address: El Mourad Sroutou, 10 Rue de la Bourse, 75002 Paris, France
- Website: https://onlydividends.app