Privacy Policy

1. What this tool does with your data

XRay My Portfolio is a static, client-side web application. When you upload a Fidelity portfolio CSV export, the file is read and parsed using JavaScript running locally in your web browser. All calculations — exposure analysis, sector breakdowns, stress testing, correlation matrices, and every other feature — happen on your own device.

At no point does your portfolio data leave your browser. There is no backend server receiving your file. We have built this deliberately: the application would function identically if you disconnected your device from the internet immediately after the page finished loading (with the exception of the optional live data features described in Section 3).

2. Information we do not collect

We do not collect, store, transmit, or have access to:

• Your portfolio holdings, balances, or any data contained in your uploaded CSV file
• Your name, account numbers, Social Security number, or any personally identifiable financial information
• Your brokerage login credentials (we never ask for these, and you should never enter them anywhere other than your brokerage's own website)
• Any record of which files you've uploaded or what the contents were

There is no user account system. There is no database. We have nothing to hand over even if compelled to, because nothing is ever sent to us in the first place.

3. Optional third-party data — Finnhub

The "Live Data" and "Ratings" features are optional. If you choose to use them, you provide your own free API key from Finnhub.io, a third-party financial data provider. When enabled, your browser sends direct requests to Finnhub's servers to retrieve public market data (stock prices, dividend yields, fundamental metrics) for the ticker symbols in your portfolio.

Finnhub's use of any data sent to them is governed by their own terms of service and privacy practices, which we do not control. If you prefer not to share even ticker symbols with a third party, simply don't enter an API key — every other feature of the tool works fully offline.

4. Cookies and tracking

This site does not use tracking cookies, advertising pixels, or third-party analytics scripts that profile your behavior across the web. Your browser's local storage may be used solely to remember your Finnhub API key (if you choose to provide one) and your last-used display preferences, purely for convenience between visits. This data stays on your device and is never transmitted to us.

5. Hosting infrastructure

This website is hosted on Cloudflare Pages, a static-site hosting service. Cloudflare may log standard, anonymized web server metadata (such as IP address, browser type, and timestamp) for security and performance purposes, consistent with their role as our hosting provider. We do not have access to your uploaded portfolio data through this infrastructure, because that data is never part of any network request — it stays in your browser's memory. See Cloudflare's privacy policy for details on their hosting-level practices.

6. Children's privacy

This tool is intended for use by adults managing their own investment portfolios. It is not directed at children under 13, and we do not knowingly collect information from children, consistent with the fact that we do not collect personal information from any user.

7. Changes to this policy

If this policy changes, we will update the "Last updated" date at the top of this page. Because we collect no contact information from users, we are unable to notify you directly of changes — we encourage checking this page periodically if you have concerns.

8. Contact

This is an independent project. For privacy questions, you can reach out through the contact information listed on the About page.

This privacy policy describes the practices of the XRay My Portfolio website and tool only. It does not apply to Fidelity Investments, Finnhub, Cloudflare, or any other third-party service you may interact with separately. We are not affiliated with Fidelity Investments.