1. Who We Are
SigmaGrid is a web-based platform for backtesting investment strategies. When this policy refers to "we," "us," or "our," it means the operator of SigmaGrid.
This policy applies to all users of sigmagrid.io and the services offered through it.
2. Data We Collect
Account information — When you sign up, we collect:
- Email address
- Full name (if provided)
- Password (hashed, stored by our authentication provider)
- Google account identifier (if you sign in with Google)
Subscription & billing data — When you subscribe to a paid plan:
- Stripe customer ID and subscription status
- Plan type (Explorer, Analyst, Strategist) and billing cycle
- Payment status (success, failure)
We never see or store your credit card number, CVV, or full billing address. All payment processing is handled directly by Stripe.
Usage data — When you use the platform:
- Backtest parameters (strategy, dates, assets, investment amount)
- Backtest results (P&L, metrics, trade logs)
- Saved strategies (name, configuration, results)
- User preferences (currency, number format, default benchmark, notification settings)
- Total number of backtests run and exports made
Contact form data — When you contact us:
- Name, email, subject, and message content
Technical data — Automatically collected:
- IP address (for rate limiting only, not stored long-term)
- Browser type and device information (via standard HTTP headers)
3. Why We Collect It
We collect and process your data for the following purposes:
- Provide the service — Run backtests, save strategies, display results, manage your account
- Process payments — Manage subscriptions, enforce plan limits, handle upgrades and downgrades
- Improve the platform — Understand usage patterns to prioritize features and fix issues
- Communicate with you — Respond to support requests, send product updates (only if you opted in)
- Prevent abuse — Rate limiting, credit enforcement, and security protections
We do not sell your personal data to third parties. We do not use your data for advertising.
4. Third-Party Services
We rely on the following third-party services to operate SigmaGrid. Each has its own privacy policy:
- Supabase — Authentication and database hosting. Stores your account, preferences, and saved strategies. Hosted in the EU.
- Stripe — Payment processing. Handles credit card data, invoices, and subscription management. We never access your full card details.
- Google — OAuth sign-in (optional). If you choose to sign in with Google, we receive your email and name from your Google profile.
- Twelve Data — Market data provider. We send asset ticker symbols to fetch price data. No personal user data is shared with Twelve Data.
- Umami — Privacy-focused web analytics. Collects anonymous usage statistics (page views, referrers, country, device type) without cookies and without collecting personal data. No data is shared with third parties.
5. Cookies & Local Storage
SigmaGrid uses minimal browser storage:
- Authentication session — Stored in your browser's IndexedDB by our authentication provider (Supabase). Contains your access token and refresh token to keep you logged in. This is essential for the service to function.
- Analytics — We use Umami, a cookieless analytics tool. It does not store cookies, does not track you across sites, and does not collect personal data. Only aggregate page-level statistics are recorded.
- No tracking cookies — We do not use advertising cookies or third-party tracking scripts of any kind.
6. Data Retention
- Account data — Retained as long as your account is active.
- Saved strategies — Retained until you delete them or delete your account.
- Backtest results — Cached temporarily on our servers (up to 10 minutes) for performance. Not stored permanently unless you explicitly save a strategy.
- Contact messages — Retained for up to 12 months to track support history.
- On account deletion — We delete your saved strategies, preferences, subscription data, and authentication record. This action is irreversible.
7. Your Rights
Under GDPR and similar privacy laws, you have the right to:
- Access — Request a copy of the personal data we hold about you
- Rectification — Correct inaccurate data (you can update your name and preferences directly in your account)
- Erasure — Delete your account and all associated data (available in Account settings under "Danger Zone")
- Withdraw consent — Opt out of product update and marketing emails at any time in your notification preferences
- Object — Object to processing of your data for specific purposes
To exercise any of these rights, contact us at the address below or use the self-service options in your account settings.
8. Security
We take reasonable measures to protect your data:
- All connections use HTTPS/TLS encryption
- Passwords are hashed (never stored in plain text)
- Authentication uses JWT tokens with asymmetric keys (ES256)
- API endpoints are rate-limited to prevent abuse
- Row-level security ensures you can only access your own data
- Payment data is handled entirely by Stripe (PCI DSS compliant)
No system is 100% secure. If we become aware of a data breach that affects your personal information, we will notify you promptly.
9. Children's Privacy
SigmaGrid is not intended for users under the age of 18. We do not knowingly collect personal data from minors. If you believe a minor has created an account, please contact us and we will delete it.
10. Changes to This Policy
We may update this privacy policy from time to time. When we do, we will update the "Last updated" date at the top of this page. For significant changes, we will notify users with active accounts via email.