Privacy PolicyHow PineTester handles your data

1. Controller and contact

The controller responsible for the processing of personal data in connection with PineTester is:

H13 Consulting und Beteiligungsgesellschaft UG
Häuserdickstraße 13
63628 Bad Soden-Salmünster
Germany

VAT ID: DE363712302

If you have any questions regarding this Privacy Policy or our processing of personal data, you can contact us via the contact details provided in the Imprint / Legal Notice or via the support contact in the app.

2. Scope of this Privacy Policy

This Privacy Policy applies to the use of the PineTester web application and related services (collectively, the "Service"). It explains which personal data we process when you visit our website, register for an account, run backtests, or otherwise interact with us.

Additional or different privacy notices may apply for specific integrations or third-party services, such as payment providers or analytics tools. In such cases, we will inform you separately where required.

3. Categories of personal data we process

We process the following categories of personal data, depending on how you use the Service:

• Account data: e-mail address, password hash, account ID, subscription status, credit balance, and settings associated with your account.
• Usage and log data: IP address, browser type and version, device information, timestamps of logins and actions within the app, technical logs (e.g. error logs) and similar usage information.
• Billing data: data required for subscription billing and payments (e.g. billing address, last four digits of card, invoice information), processed primarily via our payment provider (e.g. Stripe).
• Content and backtest data: uploaded Pine Script files, parameter configurations, backtest definitions, backtest results and generated export files (e.g. XLSX).
• Support / communication: content of support requests and messages you send us via contact forms, e-mail or in-app support.

4. Purposes and legal bases of processing

We process personal data only to the extent permitted by the EU/EEA General Data Protection Regulation (GDPR) and applicable national law. The main purposes and legal bases are:

• Provision of the Service and performance of the contract (Art. 6(1)(b) GDPR): to create and manage user accounts, run backtests, allocate and charge credits, provide results and exports, and handle your requests.
• Billing and compliance with legal obligations (Art. 6(1)(b) and (c) GDPR): to process subscription payments, issue invoices and comply with statutory retention obligations under tax and commercial law.
• Security, error analysis and abuse prevention (Art. 6(1)(f) GDPR): to monitor and protect the technical operation of the Service, detect and fix errors, prevent misuse and enforce our Terms of Service.
• Communication and support (Art. 6(1)(b) or (f) GDPR): to respond to your requests, provide support and send you information which is necessary for the operation of the Service (e.g. security notices, important changes).
• Optional analytics or marketing (Art. 6(1)(a) GDPR): where we use analytics or marketing tools that are not strictly necessary, we do so only based on your consent, which you can withdraw at any time with effect for the future.

5. Backtests and Pine Scripts

When you upload Pine Script strategies and create backtests, we process the scripts and configuration data solely to provide the backtesting functionality:

• Your Pine Script and parameter configuration are stored in our database (Supabase / PostgreSQL or similar).
• To execute backtests, scripts are converted to Python and run on our Google Cloud Platform (GCP) Batch infrastructure.
• Result data and export files (e.g. Excel /.xlsx) are stored in Google Cloud Storage in regions used by our setup (e.g. europe-west4, europe-west10 or similar).

We do not use your scripts or backtest results to build user profiles for marketing purposes or to trade on our own account. You are responsible for ensuring that your scripts do not contain personal data. If they do, you must ensure that this is compliant with applicable data protection law.

6. Processors and third-party services

We use processors and third-party services to operate PineTester. These service providers process personal data on our behalf and are bound by data processing agreements (DPAs) where required by law:

• Supabase: user authentication, database and storage of account and backtest data.
• Google Cloud Platform: Batch processing and storage (e.g. compute, Cloud Storage) for executing backtests and storing results.
• Vercel: hosting of the PineTester frontend and related infrastructure.
• Payment provider (Stripe): processing of subscription fees, one-off purchases, and related billing data.
• Optional e-mail / support / analytics tools: as listed in the current version of this Privacy Policy or the app, where applicable.

Some of these providers may be located outside the EU/EEA. In such cases, we ensure an adequate level of data protection, for example through EU Standard Contractual Clauses or other recognized safeguards, where required by law.

7. Storage locations and retention periods

Personal data is stored primarily in data centers of our infrastructure providers (e.g. Supabase and GCP) in the regions used by our setup (for example, EU regions such as europe-west4/europe-west10).

We retain personal data only for as long as necessary for the purposes for which it was collected or as required by law:

• Account and usage data: for the duration of your account and for a reasonable period thereafter (e.g. for resolving disputes or enforcing our rights).
• Billing and invoice data: in accordance with applicable tax and commercial law retention periods (typically up to 10 years).
• Logs: for a limited period required for security and error analysis, after which they are deleted or anonymized.
• Backtest data and exports: for as long as your account exists or until you delete them or close your account, unless legal retention obligations require a longer period.

8. Cookies and tracking technologies

We may use cookies and similar technologies to operate the Service, for example to keep you logged in, secure sessions, and remember settings. These technically necessary cookies are processed on the basis of our legitimate interests in providing a secure and user-friendly Service.

If we use additional cookies or tracking tools for analytics or marketing that are not strictly necessary, we will obtain your consent where required (e.g. via a cookie banner). You can withdraw your consent at any time with effect for the future, for example by changing your cookie settings.

9. Security measures

We take appropriate technical and organizational measures to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. These measures include, for example, the use of encryption (TLS), access controls, role-based permissions, and regular updates of our systems and dependencies.

However, no system can be completely secure. We cannot guarantee absolute security of the Service or data transmitted over the internet.

10. Your rights under data protection law

Depending on your jurisdiction and subject to applicable law, you have the following rights with regard to your personal data:

• Right of access to your personal data.
• Right to rectification of inaccurate data.
• Right to erasure ("right to be forgotten") under the conditions of Art. 17 GDPR.
• Right to restriction of processing under Art. 18 GDPR.
• Right to data portability under Art. 20 GDPR, where applicable.
• Right to object to certain processing activities based on Art. 6(1)(e) or (f) GDPR.
• Where processing is based on consent, the right to withdraw your consent at any time with effect for the future.

You also have the right to lodge a complaint with a data protection supervisory authority, in particular in the EU/EEA member state of your habitual residence, place of work, or place of the alleged infringement.

11. Obligation to provide data

You are not legally obliged to provide personal data to us. However, some data is necessary to create an account, process payments, or operate the Service (for example, your e-mail address for account creation). Without this data, you may not be able to use all features of PineTester.

12. Changes to this Privacy Policy

We may update this Privacy Policy from time to time, for example to reflect changes in our processing activities, legal requirements, or the Service. The current version is always available in the app under "Privacy Policy".

Where required by law, we will inform you of material changes, for example via the app or by e-mail. If you continue to use the Service after changes take effect, the updated Privacy Policy will apply to your continued use.