PortfolioUp

Data Processing Agreement

Last updated: December 2024

1. Definitions

This Data Processing Agreement ("DPA") governs the processing of personal data by PortfolioUp on behalf of our users in connection with our services.

For the purposes of this agreement:

  • "Data Controller" means the user who determines the purposes and means of processing personal data
  • "Data Processor" means PortfolioUp, which processes personal data on behalf of the Data Controller
  • "Personal Data" means any information relating to an identified or identifiable natural person

2. Scope and Purpose

This DPA applies to all processing of personal data carried out by PortfolioUp in the course of providing our portfolio tracking and management services.

The purpose of data processing includes:

  • Providing portfolio tracking and analytics services
  • Managing user accounts and authentication
  • Processing investment transactions and calculations
  • Generating reports and insights

3. Data Processing Obligations

PortfolioUp agrees to:

  • Process personal data only in accordance with your instructions
  • Implement appropriate technical and organizational measures to ensure data security
  • Not disclose personal data to third parties except as required by law or with your consent
  • Assist you in responding to data subject requests
  • Notify you promptly of any data breaches

4. Security Measures

We implement comprehensive security measures to protect your data, including:

  • Encryption of data in transit and at rest
  • Access controls and authentication mechanisms
  • Regular security audits and assessments
  • Employee training on data protection
  • Incident response procedures

5. Sub-processors

We may engage sub-processors to assist in providing our services. We ensure that all sub-processors are bound by similar data protection obligations and maintain appropriate security measures.

6. Data Subject Rights

We will assist you in responding to requests from data subjects to exercise their rights under applicable data protection laws, including:

  • Right of access
  • Right to rectification
  • Right to erasure
  • Right to restrict processing
  • Right to data portability
  • Right to object

7. Data Retention

We will retain personal data only for as long as necessary to provide our services and comply with legal obligations. Upon termination of your account, we will delete or anonymize your personal data in accordance with our data retention policies.

8. International Transfers

If personal data is transferred outside the European Economic Area, we ensure that appropriate safeguards are in place, such as standard contractual clauses or adequacy decisions.

9. Contact

For questions about this Data Processing Agreement, please contact us at support@portfolioup.com.