Privacy Notice (GDPR Draft)

Last updated: February 17, 2026

This notice explains how Cherry Terminal processes personal data when you use the web app. It is written for a product that stores portfolio records in your browser and does not run advertising trackers.

1. Controller And Contact

• Controller: Cherry Terminal (independent developer project).
• Contact for privacy requests: privacy@cherryterminal.com.
• EU representative: Not appointed at this stage (to be added if required by Article 27 GDPR).
• Data Protection Officer: Not appointed at this stage (to be added if required by Article 37 GDPR).

2. Data We Process

• Data you enter manually: ticker symbols, quantity, average cost, and display preferences.
• Client-side settings: sort mode, baskets, watchlists, and local chart history.
• Technical request data handled by hosting/security infrastructure (for example IP address and user agent).
• Quote and symbol-search request metadata needed to query Yahoo Finance endpoints.

3. Purpose, Legal Basis, And Legitimate Interests

• Provide portfolio tracking features you request (Article 6(1)(b) GDPR).
• Operate, secure, and defend the app against abuse (Article 6(1)(f) GDPR legitimate interests).
• Maintain reliable hosting, caching, and delivery through Cloudflare (Article 6(1)(f) GDPR).
• Comply with legal obligations where applicable (Article 6(1)(c) GDPR).

4. Recipients

• Cloudflare (hosting, edge delivery, security services for the web app).
• Yahoo Finance endpoints (market data retrieval for symbols and quotes).

5. International Transfers

Infrastructure and data providers may process data outside the EEA. Where GDPR applies, transfers rely on provider safeguards and transfer mechanisms described in provider documentation.

6. Retention

• Portfolio entries and app settings stay in your browser storage until you delete them.
• Cherry Terminal does not maintain a central user portfolio database at this stage.
• Operational/security logs are retained by infrastructure providers under their own retention schedules.

7. Cookies And Similar Technologies

• The app uses local browser storage for core functionality requested by you.
• No advertising or analytics trackers are intentionally deployed by Cherry Terminal.
• If non-essential tracking is introduced later, consent tooling and a dedicated cookie notice will be added (ePrivacy Article 5(3)).

8. Is Data Mandatory?

• Entering portfolio fields is optional.
• If you do not provide portfolio fields, related calculations and monitoring features cannot operate.

9. Automated Decision-Making

Cherry Terminal does not use automated decision-making or profiling that produces legal or similarly significant effects under Article 22 GDPR.

10. Your Rights Under GDPR

• Right of access, rectification, erasure, restriction, objection, and portability where applicable.
• Right to withdraw consent at any time where processing is based on consent.
• Right to lodge a complaint with your EU/EEA supervisory authority.
• You can also erase locally stored portfolio data directly from your browser/app storage.

11. Contact And Complaints

Privacy questions and rights requests: privacy@cherryterminal.com.

12. Changes To This Notice

This notice may be updated when infrastructure, data flows, or legal requirements change.

Draft text for product setup. It should be reviewed by qualified counsel in each launch jurisdiction.