Privacy Policy

Last updated: September 24, 2025

Backtesting.dev ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered backtesting platform and services (collectively, the "Service").

By using our Service, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access the Service.

1. Information We Collect

1.1 Personal Information

We collect information you provide directly to us, including:

Name and email address
Account credentials (username and encrypted password)
Profile information (trading experience, investment goals)
Payment and billing information (processed securely through PayPal)
Google account information (if using Google OAuth)

1.2 Trading Strategy Data

We collect and store:

Trading strategies you create and save
Backtesting results and performance metrics
Strategy configurations and parameters
Generated Python code for strategies
Chat conversations with our AI assistant

1.3 Usage Information

We automatically collect:

Log data (IP address, browser type, pages visited)
Device information (operating system, device type)
Usage patterns (features used, time spent, actions taken)
Performance data (load times, errors, API calls)
Session information and authentication tokens

1.4 Market Data Access

We access historical market data from our InfluxDB database to execute your backtests. This data includes stock prices, volumes, and other market indicators but does not include any personal trading history from external sources.

2. How We Use Your Information

We use the collected information for:

Providing and maintaining our Service
Processing your backtesting requests
Managing your account and authentication
Processing payments and managing credits
Sending important service updates and notifications
Improving our AI models and backtesting algorithms
Analyzing usage patterns to enhance user experience
Preventing fraud and ensuring platform security
Complying with legal obligations
Providing customer support

3. Data Sharing and Disclosure

We do not sell, trade, or rent your personal information. We may share your information only in the following circumstances:

3.1 Service Providers

Anthropic (Claude AI): For processing natural language strategy descriptions
PayPal: For secure payment processing
Google OAuth: For authentication services
Resend: For email verification and notifications
AWS: For cloud infrastructure and data storage

3.2 Legal Requirements

We may disclose your information if required by law, court order, or government regulation, or if we believe disclosure is necessary to protect our rights, property, or safety.

3.3 Business Transfers

In the event of a merger, acquisition, or asset sale, your information may be transferred. We will provide notice before your information is transferred and becomes subject to a different privacy policy.

4. Data Security

We implement industry-standard security measures to protect your information:

SSL/TLS encryption for all data transmission
Encrypted storage of sensitive information
Secure password hashing using industry-standard algorithms
Regular security audits and vulnerability assessments
Access controls and authentication mechanisms
Secure API endpoints with rate limiting
Isolated execution environment for backtesting code
Regular backups with encrypted storage

While we strive to protect your information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

5. Data Retention

We retain your information for as long as necessary to provide our services and fulfill the purposes outlined in this Privacy Policy:

Account Information: Retained while your account is active
Strategy Data: Retained until you delete it or close your account
Backtest Results: Retained for 90 days for performance analysis
Transaction Records: Retained for 7 years for tax and legal compliance
Usage Logs: Retained for 30 days for security and debugging

Upon account deletion, we will delete or anonymize your personal information within 30 days, except where retention is required by law.

6. Your Rights and Choices

You have the following rights regarding your information:

6.1 Access and Portability

You can access, review, and download your strategies and backtesting data through your account dashboard.

6.2 Correction

You can update your account information at any time through your profile settings.

6.3 Deletion

You can request deletion of your account and associated data by contacting support. Some information may be retained as required by law.

6.4 Communication Preferences

You can opt-out of promotional emails but will continue to receive essential service communications.

7. Cookies and Tracking Technologies

We use cookies and similar technologies to:

Maintain your session and authentication state
Remember your preferences and settings
Analyze usage patterns and improve our Service
Prevent fraud and enhance security

You can control cookies through your browser settings, but disabling cookies may limit your ability to use certain features of our Service.

8. Third-Party Services

Our Service integrates with third-party services that have their own privacy policies:

Google OAuth: Subject to Google's Privacy Policy
PayPal: Subject to PayPal's Privacy Policy
Anthropic Claude: Subject to Anthropic's Privacy Policy

We are not responsible for the privacy practices of these third-party services. We encourage you to review their privacy policies.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws. By using our Service, you consent to such transfers.

10. Children's Privacy

Our Service is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children under 18. If we discover that we have collected information from a child under 18, we will delete it immediately.

11. California Privacy Rights

California residents have additional rights under the California Consumer Privacy Act (CCPA):

Right to know what personal information is collected
Right to know if personal information is sold or disclosed
Right to opt-out of the sale of personal information
Right to delete personal information
Right to non-discrimination for exercising privacy rights

We do not sell personal information. To exercise your rights, contact us at privacy@backtesting.dev.

12. European Privacy Rights (GDPR)

If you are located in the European Economic Area (EEA), you have additional rights:

Right to access your personal data
Right to rectification of inaccurate data
Right to erasure ("right to be forgotten")
Right to restrict processing
Right to data portability
Right to object to processing
Right to withdraw consent

Our legal basis for processing includes consent, contractual necessity, and legitimate interests. To exercise your rights, contact us at privacy@backtesting.dev.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date. Material changes will be communicated via email or prominent notice on our Service.

14. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us:

Email: support@backtesting.dev

Support: support@backtesting.dev

Website: https://backtesting.dev

Data Protection Officer: support@backtesting.dev

Your Consent

By using Backtesting.dev, you acknowledge that you have read and understood this Privacy Policy and agree to its terms. If you do not agree with our policies and practices, please do not use our Service.