1. Introduction
Welcome to TradeTest.ai ("we," "our," or "us"). TradeTest.ai is a SaaS platform operated by TradeTest AI that enables users to describe trading strategies in natural language, generates backtesting code using artificial intelligence, runs historical backtests, and provides detailed performance reports with charts and metrics.
This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website at tradetest.ai, our application at app.tradetest.ai, and related services (collectively, the "Service"). Please read this policy carefully. By using the Service, you consent to the practices described herein.
2. Information We Collect
2.1 Account Information
When you create an account, we collect:
- Email address
- Password (stored in hashed form only)
- Google account information if you sign in via Google OAuth (name and email address)
2.2 Strategy Data
When you use the Service to build and test trading strategies, we collect:
- Strategy descriptions you provide in natural language
- Chat messages exchanged with our AI assistant during strategy development
- AI-generated strategy code
- Strategy parameters and configuration settings
2.3 Backtest Data
When you run backtests, we collect and store:
- Backtest configuration (exchange, trading pair, timeframe, date range)
- Backtest results including performance metrics, trade history, and equity curves
- Optimization results and parameter tuning data
- Market data used for backtesting (sourced from public exchanges)
2.4 Payment Information
We use Paddle as our Merchant of Record for payment processing. We do not directly collect or store your credit card numbers or bank account details. When you purchase credits:
- Paddle collects and processes your payment information directly
- We receive transaction confirmations, credit amounts, and billing identifiers from Paddle
- We maintain a record of credit transactions and balance history for your account
2.5 Usage Data
We automatically collect certain information when you access the Service:
- IP address and approximate geographic location
- Browser type, version, and operating system
- Pages visited, features used, and time spent on the Service
- Referring website or source
- Device identifiers and screen resolution
3. How We Use Your Information
We use the information we collect for the following purposes:
- Providing the Service: To generate strategy code, run backtests, deliver results, and manage your account and credits
- AI Processing: To send your strategy descriptions and chat messages to our AI provider (Anthropic Claude) for code generation and strategy refinement
- Service Improvement: To analyze usage patterns, diagnose technical issues, and improve our platform
- Communication: To send you account-related notifications, service updates, and respond to your inquiries
- Security: To detect, prevent, and address fraud, abuse, and security threats
- Legal Compliance: To comply with applicable laws, regulations, and legal processes
4. Data Sharing and Third-Party Services
We share your information with the following third parties, strictly for the purposes of operating the Service:
4.1 Anthropic (AI Provider)
Your strategy descriptions and chat messages are sent to Anthropic's Claude API for AI-powered code generation and strategy analysis. Anthropic processes this data according to their privacy policy. We do not share your personal account information with Anthropic — only the content necessary for AI processing.
4.2 Paddle (Payment Processor)
Paddle acts as our Merchant of Record and handles all payment processing. When you make a purchase, your payment details are collected and processed directly by Paddle under their privacy policy.
4.3 Amazon Web Services (Infrastructure)
Our Service is hosted on Amazon Web Services (AWS). All data is stored and processed on AWS infrastructure. AWS operates as a data processor under their privacy policy.
4.4 Backtesting Engine
Our backtesting engine runs within our isolated infrastructure to execute historical strategy simulations. No strategy code or user data leaves our servers during backtesting.
We do not sell, rent, or trade your personal information to any third parties for marketing or advertising purposes.
5. Data Security
We implement appropriate technical and organizational measures to protect your information, including:
- Encryption of data in transit (TLS/HTTPS) and at rest
- Password hashing using industry-standard algorithms
- Isolated execution environments for backtesting (containerized sandboxes)
- Regular security assessments and monitoring
- Access controls and authentication for all internal systems
- Rate limiting to prevent abuse
While we strive to protect your data, no method of electronic transmission or storage is completely secure. We cannot guarantee absolute security but are committed to maintaining industry-standard protections.
6. Data Retention
We retain your data as follows:
- Account data: Retained for as long as your account is active, plus 30 days after account deletion
- Strategy and backtest data: Retained for as long as your account is active. You can delete individual strategies and their associated data at any time
- Chat history: Retained as part of your strategy data for as long as the associated strategy exists
- Payment records: Retained for 7 years for tax and legal compliance purposes
- Usage logs: Retained for up to 90 days for debugging and security purposes
7. Your Privacy Rights
Depending on your jurisdiction, you may have the following rights regarding your personal data:
- Access: Request a copy of the personal data we hold about you
- Rectification: Request correction of inaccurate personal data
- Erasure: Request deletion of your personal data ("right to be forgotten")
- Data Portability: Request your data in a structured, machine-readable format
- Restriction: Request restriction of processing of your personal data
- Objection: Object to certain processing of your personal data
- Withdraw Consent: Withdraw your consent at any time where processing is based on consent
To exercise any of these rights, please contact us at support@tradetest.ai. We will respond to your request within 30 days.
8. International Data Transfers
Your data may be processed and stored in countries outside your country of residence, including the United States and the European Union (where our AWS infrastructure is located). When we transfer data internationally, we ensure appropriate safeguards are in place, including:
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Compliance with applicable data transfer mechanisms
- Adequate security measures at all processing locations
9. Children's Privacy
The Service is not intended for individuals under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal data from a child under 16, we will take steps to delete that information promptly. If you believe we have inadvertently collected data from a child under 16, please contact us at support@tradetest.ai.
10. Cookies and Similar Technologies
We use the following types of cookies and local storage:
- Essential cookies: Required for authentication, session management, and security (e.g., JWT tokens)
- Preference cookies: To remember your language preference and display settings
- Analytics cookies: To understand how the Service is used and to improve the user experience
You can control cookies through your browser settings. Disabling essential cookies may prevent you from using certain features of the Service.
11. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. When we make material changes, we will:
- Update the "Last updated" date at the top of this page
- Notify you via email or a prominent notice on the Service
- Where required by law, obtain your consent before applying changes
We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your data.
12. GDPR Compliance (European Economic Area)
If you are located in the European Economic Area (EEA), the following additional provisions apply:
Legal Basis for Processing
We process your personal data based on the following legal grounds:
- Contract Performance: Processing necessary to provide the Service you have requested (account management, backtesting, credit system)
- Legitimate Interests: Processing for service improvement, security, and fraud prevention, where our interests do not override your rights
- Consent: Processing based on your explicit consent (e.g., marketing communications), which you can withdraw at any time
- Legal Obligation: Processing necessary to comply with applicable laws
Data Protection Officer
For GDPR-related inquiries, please contact us at support@tradetest.ai.
Supervisory Authority
If you are in the EEA, you have the right to lodge a complaint with your local data protection supervisory authority.
13. KVKK Compliance (Turkey)
If you are located in Turkey, the following provisions apply under the Turkish Personal Data Protection Law No. 6698 (KVKK):
- Data Controller: TradeTest AI is the data controller responsible for processing your personal data
- Purpose of Processing: Your personal data is processed for the purposes described in Section 3 of this policy
- Your Rights under KVKK Article 11: You have the right to learn whether your data is processed, request information about processing, learn the purpose of processing, know third parties to whom data is transferred, request correction of incomplete or inaccurate data, request deletion or destruction of data, object to automated decisions, and request compensation for damages arising from unlawful processing
- Data Transfer: Your data may be transferred abroad in accordance with KVKK provisions and with appropriate safeguards
To exercise your rights under KVKK, please contact us at support@tradetest.ai.
14. Contact Us
If you have any questions about this Privacy Policy or our data practices, please contact us: