Holdary

Privacy Policy

Last updated: 2026-05-08

What data we collect

Holdary does not collect, store, or transmit your financial data to our servers. The app runs entirely on your device. We do not have user accounts, sign-in, or any back-channel that would let us see your balances, account names, holdings, or trade notes.

The only data that ever leaves your device is anonymous market-data lookups (described in Backend proxy scope below) and crash diagnostics (described in Crashlytics below).

How data is stored

All Holdary data — accounts, snapshots, holdings, trade notes — is stored locally on your device using Apple’s SwiftData framework, which is a typed wrapper over a private SQLite database in the app’s sandbox.

If you choose to back up your data, Holdary writes a snapshot file to your own iCloud Drive (under a Holdary container in your personal iCloud account). We do not own this storage; only you and Apple can access it. Holdary never uploads your backup to any third party.

Backend proxy scope

Holdary uses a small backend, hosted on Vercel, as a proxy for two narrow tasks:

  1. Market price and currency lookups. When the app refreshes a price or exchange rate, it sends the ticker symbol or currency pair (e.g. AAPL, USD/TWD) to our backend, which forwards the request to Yahoo Finance and returns the response. The request body contains only the symbols. No account names, balances, holdings, or any user identifier is included.

  2. Optional screenshot parsing for quick-add. When you choose to import a holdings snapshot from a brokerage screenshot, the image is sent to Google Gemini Vision via our backend solely for OCR and structure extraction. The image is processed and discarded; nothing is stored on our backend or Google’s beyond Google’s standard transient processing window.

Our backend logs are limited to anonymous request volume and error diagnostics — no payload contents are persisted.

Third-party services

Holdary relies on the following third parties, each scoped to a specific narrow purpose:

  • Apple iCloud (your own iCloud account) — Optional storage of your Holdary backup file. Only you and Apple can access it. Apple’s privacy policy applies: https://www.apple.com/legal/privacy/.
  • Yahoo Finance via yahoo-finance2 — Source of stock, ETF, and currency price data. Requests carry only ticker symbols, no PII.
  • Google Gemini Vision API — Invoked only when you choose to import a brokerage screenshot. The image is processed for OCR; nothing is stored beyond Google’s standard transient processing window. Google’s API privacy terms apply: https://ai.google.dev/terms.
  • Firebase Crashlytics (Google) — Anonymous crash diagnostics; see Crashlytics below.

Crashlytics

Holdary uses Firebase Crashlytics (a Google service) to receive anonymous crash diagnostics. When the app crashes, Crashlytics may report:

  • The crash stack trace
  • Device model and iOS version
  • App version
  • Anonymous breadcrumb logs of the actions immediately preceding the crash

Crashlytics does not receive any of your financial data — no account names, balances, holdings, or trade notes. The breadcrumb logs are deliberately scoped to operation milestones (e.g. “backup started”, “import completed”) and never include user-supplied content.

Children

Holdary is not directed at children under 13, and we do not knowingly collect any data from children.

Contact

Questions about this policy or about the data Holdary handles? Email support@holdary.app.

Last updated

The date at the top of this page is the source of truth for when this policy was last revised.