A- Logo
Backtest

Privacy Policy

Effective: July 10, 2026 · Prepared with Thailand’s PDPA (B.E. 2562) in mind

1. Data We Collect

  • Account — email, display name, one-way-hashed password (bcrypt). With Google sign-in we receive your Google email and name.
  • Usage — practice sessions, simulated trades, journal entries, chart snapshots, preferences, computed statistics.
  • Payments — processed entirely by Lemon Squeezy (our merchant of record); we store only your plan status and subscription reference. We never store card numbers.
  • Technical — server logs (IP, timestamps) for security and troubleshooting.

2. Purposes & Legal Bases

  • Contract — operating your account, storing practice results, billing.
  • Legitimate interest — security, abuse prevention, service improvement.
  • Consent — marketing communication (if any), withdrawable at any time.

3. Sharing

We never sell personal data. We share only what is necessary with: Google (sign-in), Lemon Squeezy (payments, invoices and subscription management as merchant of record), infrastructure providers (hosting/database) and error tracking (e.g. Sentry), and authorities where legally required.

4. Cookies & Browser Storage

We use localStorage for your sign-in token and preferences (language, drawing tools). No advertising trackers. If product analytics (e.g. PostHog) is enabled, it only runs after you click "Allow" in the consent banner, and is used to improve the product — never for advertising or selling data.

5. Retention

Data is kept for the life of your account. On deletion, personal and practice data are removed, except records we must keep by law (e.g. accounting).

6. Your Rights (PDPA)

You may request access/copies, correction, deletion or restriction, object to processing, request portability, withdraw consent, and lodge complaints with Thailand’s PDPC. Contact us below; we respond within 30 days. You can also delete your account and all data instantly yourself from Account settings.

EU/UK and California users: we honour equivalent rights under GDPR/UK GDPR (access, rectification, erasure, restriction, portability, objection, and complaint to your local supervisory authority) and CCPA/CPRA (right to know, delete, correct and opt out — we do not sell or share your personal information) through the same contact below.

7. Security

Passwords are bcrypt-hashed, every request is authorised server-side per account, production traffic uses HTTPS, and the database is backed up regularly.

8. Controller & Contact

The A-Backtest operator is the data controller. Contact: ai2.techlegend@gmail.com

9. Changes

Material changes will be announced by email or in-app notice before taking effect.