Legal

Privacy Policy

Last updated: 10 July 2026

AlphaBack is a backtesting tool. We need very little about you to run it, so we collect very little. This page explains exactly what we store, who else touches it, and how to get rid of it.

1. Who we are

AlphaBack (“we”, “us”) operates alphaback-2o8.pages.dev. For any privacy question, or to exercise the rights described in section 7, email privacy@alphaback.app.

2. What we collect

Account data

If you create an account we store your email address and an authentication identifier. Passwords are hashed by our authentication provider — we never see or store your plaintext password. If you sign in with Apple or X, we receive only the email address and account identifier that provider releases to us.

Strategy and backtest data

When you run a backtest we store the plain-English strategy you wrote, the Python code generated from it, and the resulting metrics. This is what powers your strategy history. Treat your strategy text the way you would treat any note you save to a cloud service.

Data we deliberately do not collect

Stored in your browser, not on our servers

A few keys live in your browser’s localStorage and never leave your device: ab_prefs and ab_settings (your interface preferences), ab_perf (a rendering-performance flag), and ab_demo_runs (a counter for demo usage). Clearing your browser storage removes them.

3. Why we process it

We process account data to authenticate you, and strategy data to deliver the product feature you asked for. Where the GDPR applies, our lawful basis is performance of a contract for both. We do not process your data for marketing or profiling.

4. Who else processes it

We keep the list of sub-processors as short as the product allows. Each one receives only what it needs:

ProcessorPurposeWhat it receives
Supabase Authentication and database Email, auth identifier, saved strategies and backtest results
Groq Generating Python from your prompt Your strategy prompt text only — never your email or account identifier
Render Running the backtest engine The generated code and the ticker being tested
Cloudflare Serving this website Standard request logs, including IP address
Yahoo Finance Historical market data The ticker symbol and date range. Nothing about you.

On the AI step. Your strategy prompt is sent to Groq to be turned into Python. We send the prompt and nothing that identifies you. Do not paste secrets, credentials, or anything you would not want processed by a third party into the strategy box.

5. Retention

Account data is kept until you delete your account. Strategies and backtest results are kept until you delete them individually or delete your account. Cloudflare request logs are retained on Cloudflare’s own schedule and are not under our control.

6. Security

Traffic is served over HTTPS. Backend endpoints that execute generated code require an authenticated request and refuse to run when authentication is not configured. No system is perfectly secure, and we will not pretend otherwise; if we discover a breach affecting your data we will notify you at the email address on your account.

7. Your rights

Depending on where you live, you may have the right to access, correct, export, or delete your personal data, and to object to or restrict its processing. To exercise any of these, email privacy@alphaback.app. We aim to respond within 30 days. You may also lodge a complaint with your local data protection authority.

8. Children

AlphaBack is not directed at anyone under 16, and we do not knowingly collect data from them. If you believe a child has given us data, email us and we will delete it.

9. Changes

If we change this policy materially we will update the date at the top of this page and, where the change affects how we handle data you have already given us, notify account holders by email.

10. Not financial advice

AlphaBack produces historical simulations. Past performance does not guarantee future results, and nothing this product outputs is investment advice. See the Terms of Service for the full disclaimer.