PineProof Privacy Policy

Effective date: 2026-04-19

This Privacy Policy explains how PineProof handles personal data.

Data We Collect

• Uploaded files: TradingView CSV files, optional Pine source, strategy names, generated reports, charts, and summary JSON.
• Usage logs: product events, timestamps, route names, status codes, error logs, user agent strings, and operational metadata.
• IP hash: a one-way hash of IP address plus salt for anonymous audit limits, abuse prevention, security review, and debugging.
• Billing data: Stripe handles checkout, customer IDs, subscription status, receipts, and payment events. We do not need full card numbers.
• Email address: if collected later for receipts, support, saved history, or account recovery.
• Leaderboard metadata: only if you opt in, PineProof publishes display name, overfit score, out-of-sample Sharpe, Monte Carlo max drawdown, paid verification badge, week, publish timestamp, and public audit link. Uploaded CSV files and Pine source are not published to the leaderboard.

Purposes

We use data to provide audits, generate PDFs and charts, maintain public audit pages, prevent abuse, debug errors, secure the product, process payments, maintain paid-access status, honor deletion requests, and understand aggregate product usage.

Public Leaderboard

Leaderboard publishing is off by default. You can opt in during upload or from a public audit page after the audit finishes. If you leave the display name blank, PineProof uses an anonymous label such as "Anonymous Trader #abc123". Display names are limited to 30 characters and sanitized before storage.

Leaderboard entries contain non-sensitive metadata only: overfit score, out-of-sample Sharpe, Monte Carlo max drawdown, paid verification status, week, timestamp, and the public audit link. PineProof does not publish raw CSV files, Pine code, private strategy files, or full report internals as leaderboard data.

You can remove a leaderboard entry later from the original browser using the opt-out cookie or by using a private signed opt-out link. Removing an entry deletes it from leaderboard pages and regenerates weekly social images without that row.

Legal Bases

For GDPR purposes, we rely on Article 6(1)(b) contract where processing is needed to provide requested audits, downloads, paid access, and support. We rely on Article 6(1)(f) legitimate interest for security, fraud prevention, debugging, service analytics, rate limiting, and reliability work. Where consent is required, such as some marketing or cookie uses, we will request consent.

Processors

PineProof may use these processors:

• Stripe for checkout, billing, customer IDs, receipts, and webhook events.
• Hosting infrastructure for app hosting, logs, storage, and backups.

Processor lists may change as the product matures. We choose processors that support reasonable security and data-processing terms.

Retention

Uploaded strategy files are retained for 30 days. Audit PDFs are retained indefinitely for paid users and 14 days for anonymous users. IP hashes and usage logs may be retained as needed for rate limits, security, legal compliance, support, dispute handling, backup integrity, or abuse prevention.

User Rights

Depending on your location, you may request access, deletion, correction, export, restriction, objection, or unsubscribe. California residents may also request information about categories of personal information collected, purposes, sources, and disclosures. We do not sell personal information. For requests, contact @publicmargin until a product support email is configured.

International Transfers

PineProof and processors may operate in countries other than yours. Where required, transfers should use appropriate safeguards such as data-processing agreements or standard contractual clauses.

Children

PineProof is not directed to children under 13, and we do not knowingly collect personal data from children.

Cookies and Local Storage

PineProof may use essential cookies or local storage for paid-access status, sessions, abuse controls, and user preferences. If analytics are added, we will keep them privacy-preserving where practical and update this policy.

Contact

Privacy requests: contact @publicmargin until a product support email is configured.