Privacy Policy

This Privacy Policy applies to vcpscanner.com and all subdomains operated under it (“the Platform”). The Platform is operated by VCP Scanner, founded by Anish Das (“we,” “us,” or “our”).

By using the Platform, you agree to the practices described in this policy. If you do not agree, please do not use the Platform.

Account Information (Google Sign-In)

When you sign in via Google OAuth, Google shares the following with us and we store it in your account record:

• Your name as it appears on your Google account
• Your email address
• Your profile photo URL (hosted by Google)

We never receive or store your Google password. Sign-in through Google is optional — you can browse all public screener features without an account.

Newsletter & Email

If you subscribe to our newsletter via the footer form, we collect your email address for that purpose only. You can unsubscribe at any time using the link in every email or by emailing us directly. We process newsletter emails through a third-party email delivery service (see Section 5).

User-Generated Content

Signed-in users can create watchlists, save custom screens, and set screen alerts. This content is tied to your account and stored in our database so it persists across devices and sessions.

Usage & Analytics Data

We collect anonymized, aggregated data about how the Platform is used — such as which screens are run, which tickers are researched, and which features generate errors. This data cannot be used to personally identify you and is used only to improve the product.

Technical & Device Data

Our server infrastructure automatically logs standard technical data including your IP address, browser type, operating system, referral URL, and timestamp of requests. This is standard for any web server and is used primarily for security monitoring, abuse prevention, and debugging. Log files are rotated and are not retained indefinitely.

• Platform functionality — to authenticate your account, persist your watchlists and saved screens, and deliver personalized features.
• Newsletter delivery — to send the weekly stock ideas newsletter you opted into. You can unsubscribe at any time.
• Platform improvement — to understand usage patterns, identify bugs, and prioritize feature development.
• Security & abuse prevention — to detect unauthorized access, scraping, or other misuse of the Platform.
• Support — to respond to questions or reports sent to our contact email.

We do not sell, rent, or share your personal data with third parties for marketing or advertising purposes. We do not run ads. We do not build advertising profiles.

We use the following third-party services to operate the Platform. Your data is shared with them only to the extent necessary to provide the service.

• Google (Sign-In) — handles OAuth authentication. Subject to Google’s Privacy Policy.
• Cloudflare — provides hosting, CDN, and security (DDoS protection, bot filtering). Cloudflare processes request traffic on our behalf. Subject to Cloudflare’s Privacy Policy.
• Email delivery service — we use a third-party transactional email provider to send welcome emails and newsletters. Only your email address is shared for delivery purposes.
• Database infrastructure — your account data, saved screens, watchlists, and alerts are stored in hosted database services operating on US-based servers.

We do not share data with data brokers, social media platforms for tracking, or any analytics providers that build cross-site user profiles.

We use a minimal, functional set of cookies. We do not use third-party advertising or cross-site tracking cookies.

• Session / authentication cookie — a JWT-backed HttpOnly cookie that keeps you signed in. This cookie is essential for account functionality and expires when you sign out or after an inactivity period.
• Preference cookie — stores lightweight UI preferences (e.g., your last-used screen state). This is a first-party cookie and contains no personally identifiable information.

We do not use Google Analytics, Meta Pixel, or any similar third-party tracking script. We do not respond to Do Not Track (DNT) browser signals because we do not run cross-site behavioral tracking in the first place.

We take reasonable technical and organizational measures to protect your data, including:

• HTTPS encryption for all data in transit
• HttpOnly, Secure session cookies (not accessible via JavaScript)
• Access-controlled database infrastructure with no public endpoints
• Authentication handled via Google OAuth — we never handle passwords

No method of internet transmission or electronic storage is 100% secure. While we use commercially reasonable security practices, we cannot guarantee absolute security. If you believe your account has been compromised, contact us immediately at [email protected].

Your account data (name, email, watchlists, saved screens, alerts) is retained for as long as your account is active. Server access logs are retained for a limited period for security purposes and then purged.

Account deletion: To delete your account and all associated personal data, email [email protected] with the subject “Delete My Account.” We will process your request within 30 days and confirm deletion. Note: anonymized, aggregated usage statistics that cannot identify you are not subject to deletion.

Newsletter unsubscribe: Click the unsubscribe link in any newsletter email or email us. We will remove you from the mailing list promptly.

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

• Right to Know — You may request a disclosure of the categories and specific pieces of personal information we have collected about you.
• Right to Delete — You may request deletion of personal information we have collected, subject to certain exceptions.
• Right to Correct — You may request correction of inaccurate personal information.
• Right to Opt Out of Sale or Sharing — We do not sell or share your personal information with third parties for cross-context behavioral advertising. No opt-out is required because this activity does not occur.
• Non-Discrimination — We will not discriminate against you for exercising your CCPA rights.

To submit a California rights request, contact us at [email protected]. We may need to verify your identity before processing your request.

Regardless of your location, you may contact us to:

• Request a copy of the personal data we hold about you
• Request correction of inaccurate data
• Request deletion of your account and all associated data
• Withdraw consent for communications (newsletter unsubscribe)

Email [email protected] to exercise any of these rights. We will respond within 30 days.

User account data is stored on servers located in the United States. By using the Platform, you consent to the transfer and processing of your data in the United States.

VCP Scanner is not directed at individuals under the age of 13 and does not knowingly collect personal information from children under 13 in compliance with the Children’s Online Privacy Protection Act (COPPA). Users must be at least 18 years of age to create an account, consistent with our Terms of Service.

If we learn that we have inadvertently collected personal information from a child under 13, we will delete that information promptly. If you believe a child has provided us with personal information, please contact us at [email protected].

We may update this Privacy Policy from time to time. When we make material changes, we will update the “Effective Date” at the top of this page. For significant changes affecting your rights, we will notify newsletter subscribers by email. Continued use of the Platform after changes are posted constitutes acceptance of the revised policy.

For privacy questions, rights requests, or data deletion, contact us at:

This policy is governed by the laws of the United States. Disputes relating to this Privacy Policy are subject to the dispute resolution terms in our Terms of Service.