Privacy Policy

1. Data We Collect

We collect the following categories of personal data when you use StratBase.ai:

• Account information: email address, username, password (hashed), avatar URL
• Profile data: bio, social links, language preference
• Usage data: backtests created, strategy configurations, AI chat messages, subscription status, login history
• OAuth data: provider account IDs (Google, Telegram) when you use social login
• Payment data: transaction IDs and subscription status (card details are stored by our payment processors, not by us)
• Technical data: IP address, browser type, device information, collected automatically for security and analytics

2. How We Use Your Data

Your data is used to:

• Provide, maintain, and improve our backtesting platform services
• Process payments and manage subscriptions
• Send transactional notifications about your account, backtests, and subscription changes
• Personalize your experience (language, preferences, recommendations)
• Detect and prevent fraud, abuse, and security incidents
• Comply with legal obligations

We do not sell your personal data or use it for advertising purposes.

3. Data Storage

Your data is stored on secured servers hosted in EU/US data centers. We implement industry-standard security measures including:

• PostgreSQL database with encryption at rest
• TLS/SSL encryption for all data in transit
• Regular automated backups with encryption
• Access controls limiting data access to authorized personnel only

4. Third Parties

We share data only with the following service providers, strictly for the purposes described:

• Paddle — subscription and card payment processing
• NowPayments — cryptocurrency payment processing
• Anthropic — AI chat and backtest analysis (conversation data is processed but not stored permanently by Anthropic)
• Resend — transactional email delivery
• Plausible — privacy-friendly website analytics (no personal data collected)

We do not share your data with any other third parties unless required by law.

5. Your Rights (GDPR)

Under the General Data Protection Regulation and applicable privacy laws, you have the right to:

• Access your data — use the Export Data feature in Settings → Profile
• Delete your account and all associated data — use the Delete Account feature in Settings
• Rectify inaccurate data — edit your profile at any time
• Portability — export your data in machine-readable JSON format
• Restrict processing — contact us to limit how we use your data
• Object to processing — contact us if you believe we are processing your data unlawfully
• Withdraw consent — where processing is based on consent, you may withdraw it at any time

To exercise any of these rights, use the self-service features in Settings or contact us at support@stratbase.ai. We will respond within 30 days.

6. Data Retention

We retain your data for the following periods:

• Account data: for the lifetime of your account, deleted within 30 days of account deletion request
• Backtest results: retained as long as your account is active
• AI chat history: retained for 12 months, then automatically deleted
• Payment records: retained for 7 years as required by tax and accounting regulations
• Server logs: retained for 90 days for security monitoring
• Verification codes: automatically expired and purged after 15 minutes

7. International Transfers

Your data may be transferred to and processed in countries outside your country of residence, including the United States and European Union. We ensure that appropriate safeguards are in place, including:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Data processing agreements with all third-party service providers
• Compliance with applicable data transfer frameworks

8. Children's Privacy

StratBase.ai is not intended for use by individuals under the age of 16. We do not knowingly collect personal data from children. If you believe that a child has provided us with personal data, please contact us at support@stratbase.ai and we will delete such data promptly.

9. Data Security

We take the security of your data seriously and implement the following measures:

• SHA-256 hashed verification codes for all sensitive operations
• Two-step password change process with email verification
• Account lock mechanism for suspicious activity
• Session invalidation upon password change
• Rate limiting and cooldown periods for security-sensitive operations
• Regular security audits and vulnerability assessments

While we strive to protect your data, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.

10. Cookies & Browser Storage

Essential Cookies

We use only essential cookies required for the platform to function:

• Session token — authentication and session management (browser session)
• CSRF token — cross-site request forgery protection (browser session)
• Language preference — remembers your chosen interface language (1 year)

Functional Cookies

• Referral code — tracks affiliate referrals when you arrive via a partner link (30 days)

The referral cookie is set only when you click an affiliate referral link. It is used solely to attribute your registration to the referring partner. See our Affiliate Program Terms for details.

What We Do NOT Use

We do not use tracking cookies, advertising cookies, third-party marketing cookies, or browser fingerprinting. There are no Google Analytics, Facebook Pixel, or similar tracking tools on this website.

Analytics

• Plausible Analytics — a privacy-friendly, cookie-free analytics service. It collects anonymous aggregate data (page views, referrer, country) without setting any cookies or collecting personal information.
• Internal pageview counter — we count page views on our server using anonymized, aggregated data. IP addresses are processed only for unique visitor counting via a probabilistic data structure (HyperLogLog) that cannot reconstruct individual IP addresses. This data is retained for 90 days.

Browser Storage

We use your browser's local storage (localStorage and sessionStorage) to improve your experience. This data is stored only on your device and is never sent to our servers unless you explicitly submit it:

• Strategy draft (sessionStorage) — saves your in-progress backtest configuration so you don't lose it if you accidentally close the tab. Cleared when you close the tab.
• Chat history (sessionStorage) — preserves AI chat messages during your current session. Cleared when you close the tab.
• UI preferences (localStorage) — remembers table column settings and scroll positions. No personal data.
• Referral code (localStorage) — same affiliate referral code as the cookie above, used as a fallback.

No consent banner is required for these technologies because all cookies are essential or functional, and our analytics are fully anonymous and cookie-free, in accordance with the ePrivacy Directive and GDPR Recital 47.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we make significant changes, we will:

• Post the updated policy on this page with a new "Last updated" date
• Notify registered users via email if changes are material
• Provide at least 14 days' notice before significant changes take effect

Your continued use of StratBase.ai after changes are posted constitutes your acceptance of the revised policy.

12. Contact

For privacy-related questions, concerns, or data requests:

• Email: support@stratbase.ai
• Response time: within 48 hours for general inquiries, within 30 days for GDPR requests

If you believe your privacy rights have been violated, you also have the right to lodge a complaint with your local data protection authority.