Legal

Privacy Policy

Last updated: [EFFECTIVE DATE] · Operated by [BUSINESS NAME]

This policy explains what RevealLab collects, why, and what we do with it. We keep this simple because our data practices are simple: we collect the minimum needed to run honest backtests, the server pulls market data with our own key, and we never sell your data.

The short version. We store your account basics (email, username) and the backtest requests you submit. Our server fetches the market bars for your run using our own market-data key — we don't ask for your broker key, and we don't retain your bars beyond the run. We don't sell or rent your data to anyone, ever.

1.What we collect

Data	What it is	Why
Account info	Your email address and chosen username, plus authentication metadata.	To create your account, sign you in, and contact you about the Service.
Backtest requests	The symbols, strategy, look-back window, and exit profile you submit, plus the resulting run summary (win rate, R, ledger).	To run the backtest, show you the result, and enforce your plan's backtest cap.
Usage & quota	How many backtests you've used in the current period, basic timestamps, and error logs.	To enforce limits fairly, keep the Service reliable, and debug problems.
Billing info	Subscription status and plan. Card details are handled by our payment processor — we never see or store your full card number.	To manage paid plans and renewals.

We do not collect your brokerage trading credentials to run a backtest, and we do not need access to any live trading account.

2.The data model — how a backtest actually runs

When you submit a run, your request (symbols + strategy + settings) is sent to our backend. The server pulls the historical market bars it needs using our own market-data key, runs the sealed-reveal engine, and returns a summary to you. Two things matter for your privacy:

We use our key, not yours. The market data is fetched under our own credentials. You don't hand us a broker key to read bars.
We don't keep your bars beyond the run. The raw price bars pulled for a given backtest are used to compute that run and are not retained as a per-user dataset afterward. What persists is the lightweight run summary (the result you see) so you have a record of what you tested.

3.How we use your data

To provide, operate, and improve the Service and the honesty of its results.
To authenticate you and keep your account secure.
To enforce plan limits, including the backtest cap and rate limits.
To process payments and manage subscriptions (via our processor).
To respond to support requests and send essential service notices.
To comply with legal obligations and protect against fraud or abuse.

We do not use your strategies or backtest inputs to build a public product, and we do not share them with other users.

4.Service providers we rely on

We use a small number of trusted processors to run the Service. They process data on our behalf, under their own terms and privacy policies:

Supabase — authentication and database hosting (your account record, usage/quota, and run summaries).
Stripe — payment processing for paid plans. Stripe handles card data directly; we receive only subscription status, not your card number.
Market-data provider — we fetch historical bars from [MARKET DATA PROVIDER, e.g. "Alpaca"] using our own key to compute your run.
Hosting / infrastructure — [HOSTING / TUNNEL PROVIDER, e.g. "Cloudflare"] to serve the site and route requests.

We share the minimum necessary with each processor, only to provide the Service to you.

5.We never sell your data

We do not sell, rent, or trade your personal data, your strategies, or your backtest results to advertisers, data brokers, or anyone else. We do not run third-party advertising trackers on RevealLab. If that ever changes, we will update this policy and ask for consent where the law requires it.

6.Retention

We keep your account info and run summaries for as long as your account is active or as needed to provide the Service. Raw market bars pulled for a run are not retained beyond that run. Billing records are retained as required for accounting and legal purposes. When you delete your account, we remove or anonymize your personal data within a reasonable period, except where we must retain certain records by law.

7.Your rights & how to request deletion

Depending on where you live, you may have the right to access, correct, export, or delete your personal data, and to object to or restrict certain processing. To exercise any of these — including deleting your account and data — email us at [CONTACT EMAIL] from the address on your account, or use the controls in the app where available. We'll confirm and action verified requests within a reasonable time and in line with applicable law.

8.Security

We use reasonable technical and organizational measures to protect your data, including encrypted transport (HTTPS), authentication, and per-user API access. No method of transmission or storage is perfectly secure, so we can't guarantee absolute security — but we limit what we collect, which limits what's at risk.

9.Children

RevealLab is not directed to children. The Service is intended for users who are of legal age to enter a binding contract and to trade in their jurisdiction. We do not knowingly collect data from children under the age required by applicable law.

10.Changes & contact

We may update this policy from time to time. Material changes will be posted here with a new "last updated" date. For privacy questions or requests, contact [CONTACT EMAIL], write to [BUSINESS NAME / MAILING ADDRESS], or visit our support page. See also our Terms of Service.