Stocklore

Security & Trust

This page summarizes how Stocklore stores and protects your data, and how you can control your own account and data. We believe trust comes not from saying “it’s safe,” but from being transparent about what we actually do.

This English text is a reference translation provided for your convenience. The Korean version is the official text.

1. Data Storage and Transmission

  • Passwords are never stored in plain text. They are stored encrypted (hashed) by the authentication processor (Supabase); not even the operator can see your password.
  • Encryption in transit (HTTPS): all connections are encrypted over HTTPS and routed through Cloudflare so the origin server address is not exposed.
  • Database: your account, watchlists, portfolios, and similar data are stored on Supabase (USA). See the Privacy Policy for details on cross-border transfer and processing.

2. Your Data Is Yours by Default

Data you save — watchlists, filter presets, tags, portfolio holdings, and stock notes — is viewable and editable only from your own account. Row Level Security (RLS) at the database level enforces that no other user can read it, and portfolios and watchlists are private by default (we do not offer sharing or public-profile features).

3. Account and Infrastructure Security

  • Automated sign-up protection: Cloudflare Turnstile blocks bot registrations at sign-up.
  • API key isolation: API keys for external data providers are used only on the server and are never exposed to the browser.
  • Server-side authorization: admin and paid privileges are verified on the server, not merely by what the UI shows.
  • Access control (Cloudflare): abnormal bulk requests and known scanners are blocked.

4. Reporting a Vulnerability

If you find a security vulnerability, please report it to [email protected]. The standard disclosure policy is available at /.well-known/security.txt. We will not pursue legal action against good-faith reporters and will respond in good faith after review.

5. Controlling Your Data and Account

  • Edit or delete directly: watchlists, tags, filters, portfolios, and notes can be edited or deleted at any time within the Service.
  • Access and correction: for how to exercise rights such as access, correction, and suspension of processing, see the Privacy Policy.

Log in to delete your account and all linked data directly here, or contact us at the address below.

6. Change Log

You can review improvements and changes to the Service on the Changelog page.

This page summarizes the security measures the Service actually applies; no system can guarantee 100% safety. Please keep your password secure and log out on shared devices.

Not an investment adviser and not personalized investment advice; not a discretionary management service. No trade recommendations, no target prices, no execution or brokerage. We do not recommend or guarantee any purchase, sale, or returns. Investment decisions and their outcomes are your own.

스톡로어 · CEO 이승재 · Business reg. no. 764-36-01607 · E-commerce permit 제2026-전주완산-0476호 · Tel 070-7954-4939 · 전북특별자치도 전주시 완산구 중산중앙로 21, 3층 302호 S120호