Privacy Policy
Last updated: July 14, 2026
1. Scope and controller
This notice explains how Open Backtest processes personal data when you use the website, dashboard, APIs, documentation, support, and organization features.
The data controller is the publisher identified in the Legal Notice. The service is not directed at children under 15, and we do not knowingly collect their data.
2. Data we process
- account data, including name, email, profile image, language, authentication methods, and security settings;
- product data, including projects, sessions, simulated trades, chart state, feedback, and organization membership;
- technical data, including IP address, browser, device, logs, API usage, and security events; optional automatic error reports are collected only when you enable diagnostic sharing;
- billing data handled with our payment provider, such as subscription status and transaction identifiers.
3. Why we use data
We use data to provide and secure the service, authenticate users, restore saved work, process subscriptions, enforce limits, communicate service messages, answer support requests, diagnose errors, and improve the beta.
4. Legal bases
Depending on the context, processing is based on performance of our agreement, legitimate interests in operating and securing the service, compliance with legal obligations, or your consent where required.
5. Service providers
We use specialized providers for hosting, databases, authentication, email delivery, object storage, monitoring, documentation, and payments. They may process only the data needed to provide their service under contractual safeguards.
- hosting and infrastructure: [hosting provider name];
- transactional email delivery: Resend;
- payments and billing: Polar Software Inc., our merchant of record, which processes checkout, invoicing, and taxes under its own privacy policy;
- optional sign-in providers: Google and Microsoft, only when you choose to authenticate with them.
6. International transfers
Some providers process data outside the European Economic Area, notably in the United States. Where that happens, transfers rely on safeguards such as the EU-US Data Privacy Framework or the European Commission's standard contractual clauses.
7. Retention and beta resets
We retain data only as long as needed for the purposes above and applicable obligations. Closed-beta environments may be reset, so beta content is not guaranteed to be preserved. Security, billing, and legal records may follow longer retention periods.
Automatic diagnostic reports are retained for no more than 90 days after their latest occurrence and are deleted with the reporting account. Their page route excludes query parameters, fragments, credentials, and opaque identifiers.
8. Cookies and local storage
We use essential cookies and browser storage for sessions, security, language, theme, sidebar preferences, and dismissed notices. Optional analytics or marketing technologies will require an appropriate consent mechanism before public use.
The full inventory, purposes, and lifetimes are described in the Cookie Policy.
Automatic diagnostic sharing is optional, disabled by default, and can be enabled or withdrawn at any time in Account settings.
9. Security
We apply reasonable technical and organizational safeguards, including access controls and encrypted transport. No system is completely secure, especially during beta testing, so report suspected incidents promptly.
10. Your rights
Depending on your location, you may request access, correction, deletion, restriction, portability, or objection, and may withdraw consent. You may also complain to your data-protection authority.
In France and the EU these rights come from the GDPR, and complaints can be addressed to the CNIL (cnil.fr). Residents of US states with privacy laws, such as California, may exercise the equivalent rights to know, correct, delete, and opt out of the sale or sharing of personal information — we do not sell personal information.
11. Changes and contact
We will update this notice as the beta, providers, and legal details are finalized. Privacy requests can be submitted through Get Help or the feedback form, or sent to [contact email].