Privacy Policy
Last updated: May 3, 2026
Table of Contents
1. Introduction and Scope
BacktestPilot ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website, services, and related applications (collectively, the "Service"). Please read this Privacy Policy carefully. By accessing or using the Service, you acknowledge that you have read, understood, and agree to be bound by all the terms of this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access the Service.
2. Information We Collect
We collect information about you in various ways when you use our Service. The information we collect includes:
- Account Information: name, email address, username, password, and profile information you provide during registration.
- Payment Information: billing address, credit/debit card numbers, and payment processor information (processed securely through Stripe).
- Usage Data: information about your interactions with the Service, including backtest configurations, results, EA programs, broker credentials, and terminal usage patterns.
- Device Information: IP address, browser type, operating system, device identifiers, and hardware specifications.
- Cookie Data: as described in detail in Section 6 below.
3. How We Use Your Information
We use the information we collect for the following purposes:
- Service Provision: to provide, maintain, and improve our Service, including processing your backtest jobs and storing your results.
- Account Management: to manage your account, process payments, and communicate with you about your subscription.
- Communications: to send you technical notices, security alerts, support messages, and administrative communications.
- Marketing: with your consent where required, to send you promotional emails about our products, special offers, and updates.
- Analytics: to understand how users interact with our Service and improve user experience.
- Legal Compliance: to comply with applicable laws, regulations, and legal processes.
4. Legal Basis for Processing (GDPR/CCPA Compliance)
If you are located in the European Economic Area (EEA) or California, we process your personal data based on the following legal grounds:
- Contractual Necessity: processing necessary to perform our contract with you, such as providing the Service you requested.
- Consent: where you have given clear consent for specific processing activities.
- Legitimate Interests: processing necessary for our legitimate business interests, provided these interests are not overridden by your rights.
- Legal Obligation: processing necessary to comply with our legal obligations.
- California Residents: Under the California Consumer Privacy Act (CCPA), you have additional rights including the right to know what personal information is collected, the right to delete personal information, and the right to opt-out of the sale of personal information.
5. Information Sharing and Third Parties
We do not sell your personal information. We may share your information with the following categories of third parties:
- Service Providers: companies that provide services on our behalf, including payment processing (Stripe), cloud hosting (AWS/Vercel), email delivery (SendGrid), and customer support (Zendesk).
- Analytics Partners: as described in Section 6, we share anonymized usage data with Google Analytics.
- Marketing Partners: with your consent, we may share limited data with advertising platforms for targeted advertising purposes.
- Legal Requirements: when required by law, court order, or governmental authority, or when necessary to protect our rights, privacy, safety, or property.
- Business Transfers: in connection with a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.
7. Marketing and Advertising Tracking
We use various marketing and advertising technologies to measure the effectiveness of our campaigns and deliver targeted advertisements. These include:
- Google Ads: We use Google Ads conversion tracking to measure the effectiveness of our advertising campaigns. Google Ads may collect data about your interactions with our ads and website. You can opt out of Google Ads personalization at
- Bing Ads: We use Bing Ads conversion tracking to measure campaign effectiveness on Bing and Microsoft advertising networks. Opt out at
- Facebook Pixel: We use the Facebook Pixel to track conversions from Facebook advertisements and to build targeted audiences for future campaigns. Facebook's data usage is governed by Facebook's Data Policy
- Reddit Ads: We use Reddit Ads conversion tracking to measure the effectiveness of advertising campaigns on Reddit. Opt out of Reddit personalized advertising at
- X (Twitter) Ads: We use X Ads for advertising and analytics purposes. Your data usage is governed by X's Privacy Policy
- Opt-Out Information: You can opt out of targeted advertising from these platforms by visiting the respective opt-out pages linked above. You can also manage your advertising preferences through the Digital Advertising Alliance's opt-out portal
8. Data Retention
We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. Specifically:
- Account Data: retained while your account is active and for 30 days after account deletion.
- Backtest Results: retained according to your subscription plan, typically for the duration of your subscription.
- Usage Data: anonymized and aggregated for analytics purposes, retained for up to 26 months.
- Payment Records: retained for 7 years as required by financial regulations.
- Upon account deletion, we will delete or anonymize your personal information within 30 days, except where retention is required by law.:
9. Data Security
We implement appropriate technical and organizational security measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. Our security measures include:
- Encryption: All data transmitted to and from our Service is encrypted using TLS 1.3. Sensitive data, including broker credentials, is encrypted at rest using AES-256 encryption.
- Access Controls: Strict access controls limit who can access your data. Only authorized personnel with legitimate business needs have access.
- Monitoring: We continuously monitor our systems for security threats and vulnerabilities.
- Backup: Regular automated backups with encryption ensure data can be recovered in case of incidents.
- Data Breach: In the event of a data breach, we will notify affected users within 72 hours in accordance with GDPR requirements.
10. International Data Transfers
Your information may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws. When we transfer your information internationally, we ensure appropriate safeguards are in place, including:
- Standard Contractual Clauses (SCCs) approved by the European Commission for transfers from the EEA.:
- Adequacy decisions by the European Commission for countries deemed to provide adequate protection.:
- Certification mechanisms and binding corporate rules where applicable.:
11. Your Rights
You have the following rights regarding your personal information:
- Access: Request a copy of the personal information we hold about you.
- Correction: Request correction of inaccurate or incomplete personal information.
- Deletion: Request deletion of your personal information, subject to certain exceptions.
- Portability: Request a machine-readable copy of your personal information.
- Object: Object to processing of your personal information for certain purposes.
- Restrict: Request restriction of processing in certain circumstances.
- Withdraw Consent: Where processing is based on consent, withdraw your consent at any time.
- File Complaint: Lodge a complaint with your local data protection authority.
To exercise these rights, contact us at @backtestpilot.com. We will respond to your request within 30 days.
12. Children's Privacy
Our Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children under 18. If you become aware that a child has provided us with personal information, please contact us at @backtestpilot.com. Upon verification, we will take steps to delete such information from our systems.
13. Third-Party Links
Our Service may contain links to third-party websites, services, or applications that are not operated by us. We have no control over and assume no responsibility for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party sites or services you visit.
14. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. We will notify you of any material changes by:
- Posting the revised Privacy Policy on this page with an updated "Last updated" date.:
- Sending an email notification to the address associated with your account.:
- Posting a notice within the Service for 30 days before the changes take effect.:
- Your continued use of the Service after the effective date of the revised Privacy Policy constitutes your acceptance of the updated terms.:
15. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us at:
- Email: @backtestpilot.com
- Mailing Address: BacktestPilot, [Address]
We aim to respond to all inquiries within 30 days. For urgent matters, please indicate "URGENT" in your subject line.