Legal · Privacy Policy

Privacy Policy.

We collect only what we need to run Backcandle. We don't sell your data, we don't run ads, and we don't share your information with third parties except as described below.

Effective 2026-01-01 Last updated 2026-04-21

01 What We Collect

When you use Backcandle, we collect and store the following:

  • Account data — your email address and display name, obtained via Google OAuth at sign-in.
  • Session data — replay sessions you create: instrument, date range, timeframe, start/end time, status.
  • Trade data — orders placed, fills, positions opened and closed, PnL, fees.
  • Journal data — notes, tags, and ratings you add to trades.
  • Analytics snapshots — aggregated performance metrics computed from your trade history.
  • Server logs — standard HTTP access logs (IP address, user agent, timestamp, route) retained for up to 30 days for debugging and abuse prevention.

We do not collect payment information (there is no payment processing at this time), precise geolocation, or any biometric data.

02 How We Use Your Data

  • To authenticate you and maintain your session across visits.
  • To store and display your replay sessions, trades, journal, and analytics.
  • To compute performance statistics shown on your dashboard.
  • To debug errors and investigate abuse reports.

We do not use your data to train machine learning models, profile you for advertising, or sell insights to third parties.

03 Third-Party Services

  • Google OAuth — used for authentication. When you sign in with Google, Google shares your email and name with us under Google's own privacy policy. We do not receive your Google password or payment data.
  • Google Fonts & Font Awesome CDN — font assets loaded from Google CDN and cdnjs.cloudflare.com. These services may log your IP as part of standard CDN operation.
  • Hosting provider — your data is stored on servers operated by our hosting provider. We have a data processing agreement in place with them.

04 Data Retention

  • Your account and associated data are retained for as long as your account is active.
  • If you delete your account, all associated sessions, trades, journal entries, and analytics snapshots are deleted within 30 days.
  • Server logs are retained for up to 30 days then purged automatically.
  • Backups may retain data for up to 90 days after deletion before being overwritten.

05 Your Rights

You have the right to:

  • Access — request a copy of all data we hold about you.
  • Export — download your trades and journal via the Export function in the app at any time.
  • Correction — request correction of inaccurate data.
  • Deletion — request deletion of your account and all associated data.
  • Portability — receive your data in a structured, machine-readable format (JSON or CSV).

To exercise any of these rights, use the account settings page or contact us directly.

06 Cookies & Local Storage

Backcandle uses a server-side session cookie for authentication. No third-party tracking cookies are set. We use localStorage in your browser to remember chart preferences (active indicators, speed setting) between visits. This data never leaves your device.

07 Changes to This Policy

If we make material changes to this policy, we will update the "Last updated" date above and, where appropriate, notify you via in-app message. Continued use of Backcandle after a change constitutes acceptance of the revised policy.