Privacy Policy

Last updated: March 26, 2026

1. Data Controller

The data controller responsible for your personal data is:

State Prosperity s.r.o.

Starobrnenska 334/3, Brno-mesto, 602 00 Brno, Czech Republic

ICO: 22500481 | DIC: CZ22500481

Email: privacy@backtestic.com

2. What Data We Collect

2.1 Account Data

When you register an account, we collect:

  • Email address — for authentication, notifications, and account recovery
  • Display name — shown on leaderboards and battles
  • Password — stored as a bcrypt hash (we never store plaintext passwords)
  • Avatar URL — if you upload a profile picture

2.2 Usage Data

When you use the Platform, we automatically collect:

  • Trading session data — instruments traded, trade entries/exits, profit and loss, session settings
  • Platform interactions — pages visited, features used, time spent, button clicks
  • Device information — browser type, operating system, screen resolution
  • IP address — for security, fraud prevention, and approximate geolocation
  • Referral data — how you arrived at Backtestic (referral link, affiliate code, UTM parameters)

2.3 Payment Data

When you subscribe to a paid plan, our payment processor Stripe collects:

  • Full card number, expiration date, and CVC (processed and stored exclusively by Stripe)
  • Billing name and address
  • Transaction amounts and dates

We do NOT store your full card number. We receive from Stripe only: your name, email, the last 4 digits of your card, card brand (Visa, Mastercard, etc.), card country, subscription status, and payment history. This data is used for billing management and fraud prevention.

2.4 Affiliate Data

If you participate in our affiliate program, we additionally collect:

  • Referral statistics (clicks, signups, conversions)
  • Commission amounts and payout history
  • Payout details (bank account or payment method information you provide)

3. How We Use Your Data

We process your personal data for the following purposes:

PurposeLegal Basis (GDPR)
Providing and maintaining the PlatformContract performance (Art. 6(1)(b))
Processing payments and subscriptionsContract performance (Art. 6(1)(b))
Managing affiliate commissions and payoutsContract performance (Art. 6(1)(b))
Sending transactional emails (receipts, password reset)Contract performance (Art. 6(1)(b))
Fraud prevention and securityLegitimate interest (Art. 6(1)(f))
Analytics and Platform improvementLegitimate interest (Art. 6(1)(f))
Advertising measurement (Meta Pixel)Consent (Art. 6(1)(a))
Marketing emails and promotionsConsent (Art. 6(1)(a))
Legal compliance (tax records, UOOU)Legal obligation (Art. 6(1)(c))

4. Cookies and Tracking Technologies

4.1 Essential Cookies

Required for the Platform to function. These include:

  • Session cookie — maintains your login session (JWT token)
  • Affiliate referral cookie — tracks referral attribution for up to 30 days
  • CSRF token — protects against cross-site request forgery

4.2 Analytics and Advertising Cookies

With your consent, we use:

  • Meta Pixel (Facebook Pixel) — provided by Meta Platforms, Inc. The Meta Pixel is a JavaScript code snippet that tracks visitor activity on our Platform. It collects:
    • Page views and navigation patterns
    • Registration and subscription events (conversion tracking)
    • Device information, browser type, and IP address
    • Facebook user ID (if you are logged into Facebook)

    This data is sent to Meta and used for measuring advertising effectiveness, creating custom audiences, and serving targeted ads on Facebook and Instagram. Meta processes this data under its own privacy policy at facebook.com/privacy/policy.

You can opt out of Meta Pixel tracking at any time by adjusting your cookie preferences or using browser ad-blocking extensions. You can also opt out of Facebook ad targeting at facebook.com/adpreferences.

5. Data Sharing and Third Parties

We share your personal data with the following categories of recipients:

Stripe, Inc.

Payment processing. Stripe processes payment card data under PCI-DSS Level 1 compliance. Stripe's privacy policy: stripe.com/privacy

Data transferred: name, email, payment card details, IP address, billing address

Meta Platforms, Inc.

Advertising measurement and optimization via Meta Pixel.

Data transferred: page views, conversion events, device data, IP address, Facebook user ID

Hosting Provider

Our servers are hosted in Europe. Your data is stored on servers located within the European Union.

Data processed: all Platform data as part of hosting infrastructure

We do not sell your personal data to third parties. We may disclose your data if required by law, court order, or to protect our rights and safety.

6. International Data Transfers

Some of our third-party service providers (Stripe, Meta) are based in the United States. When your data is transferred outside the European Economic Area (EEA), we ensure appropriate safeguards are in place:

  • EU-US Data Privacy Framework certification (Stripe, Meta)
  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Adequacy decisions where applicable

7. Data Retention

  • Account data: Retained for as long as your account is active, plus 90 days after deletion
  • Trading sessions and trades: Retained for as long as your account is active
  • Payment records: Retained for 10 years as required by Czech accounting and tax law (Act No. 563/1991 Coll.)
  • Affiliate records: Retained for 10 years for tax compliance
  • Server logs: Retained for 90 days
  • Meta Pixel data: Retention managed by Meta per their data policy (typically up to 2 years)

8. Your Rights (GDPR)

Under the General Data Protection Regulation, you have the right to:

  • Access — Request a copy of the personal data we hold about you
  • Rectification — Request correction of inaccurate or incomplete data
  • Erasure ("Right to be forgotten") — Request deletion of your data, subject to legal retention requirements
  • Restriction — Request that we limit processing of your data
  • Portability — Receive your data in a structured, machine-readable format
  • Objection — Object to processing based on legitimate interests
  • Withdraw consent — Withdraw consent for analytics/marketing at any time without affecting prior processing

To exercise any of these rights, contact us at privacy@backtestic.com. We will respond within 30 days.

You also have the right to lodge a complaint with the Czech Data Protection Authority (UOOU):

Urad pro ochranu osobnich udaju (UOOU)

Pplk. Sochora 27, 170 00 Praha 7, Czech Republic

Web: uoou.cz

9. Data Security

We implement appropriate technical and organizational measures to protect your data, including:

  • HTTPS/TLS encryption for all data in transit
  • Bcrypt password hashing with salt
  • JWT-based authentication with secure token expiration
  • Database encryption at rest
  • Regular security updates and patching
  • Access controls limiting data access to authorized personnel only

While we take reasonable steps to protect your data, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security.

10. Children's Privacy

Backtestic is not intended for use by children under 18 years of age. We do not knowingly collect personal data from children under 18. If we become aware that a child under 18 has provided us with personal data, we will take steps to delete such information.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or through an in-app notification. The "Last updated" date at the top of this page indicates when the policy was last revised.

12. Contact

For privacy-related questions or to exercise your data rights:

State Prosperity s.r.o.

Starobrnenska 334/3, 602 00 Brno, Czech Republic

Email: privacy@backtestic.com

General support: support@backtestic.com