PineconeX (“we”, “us”, “our”) operates the PineconeX platform at pineconex.com. This policy explains what personal data we collect, why we collect it, and who we share it with. If you have questions, email us at info@pineconex.com.
| Account information | Name, email address, profile picture | Google or GitHub OAuth sign-in |
| GitHub identity | GitHub user ID, encrypted OAuth access token, linked repository name | GitHub sign-in and strategy file sync (only if you use GitHub) |
| Strategy code | Pine Script source you paste or type | Running backtests and live bots |
| Job configuration | Symbol, timeframe, parameter ranges, broker choice | Executing and displaying your results |
| Job results | Trade logs, equity curves, performance metrics | Displaying backtest and sweep output |
| Live bot activity | Lifecycle events (started, stopped, crashed, restarted) and the bot's own session output file (trade log and metrics) | Showing your bots' status and history |
| Broker credentials | API keys / OAuth tokens for Saxo Bank, Lightspeed, or Alpaca | Placing live orders on your behalf |
| Billing information | Payment method, invoice history | Processed by Stripe — we never see your card number |
| Usage data | Pages visited, features used, error logs | Improving the platform and diagnosing bugs |
| Security & abuse monitoring | Strategy-validation outcomes (pass/fail counts) and interpreter crash or timeout events linked to your account | Detecting and preventing attempts to exploit, fuzz, or overload the platform |
| Auth session | HTTP-only session cookie | Keeping you signed in |
We do not continuously track, stream, or store your live trading profit and loss. Your strategy runs in your own connected broker account; we retain only the bot's lifecycle events and its session output file, both deleted when you delete the job or your account. If you want ongoing P&L tracking, your strategy can send it to a destination of your choice (for example a Telegram alert).
We process your data under the following bases:
We do not sell your data. We share it only with the following sub-processors, each bound by their own data processing agreements:
| Sub-processor | Purpose | Privacy info |
|---|---|---|
| OAuth sign-in (identity only — we do not access your Drive, Gmail, or Calendar) | google.com/privacy | |
| GitHub | OAuth sign-in and strategy file sync from a linked repository. We store your GitHub user ID, an encrypted OAuth access token, and the name of any repo you choose to link. We only read repository content — we never write to your repos. | docs.github.com/site-policy/privacy-policies/github-general-privacy-statement |
| Stripe | Payment processing and invoicing | stripe.com/privacy |
| Massive | Historical market data for backtesting | massive.com |
| Saxo Bank | Live order execution (only when you connect your Saxo account) | home.saxo/privacy |
| Lightspeed | Live order execution (only when you connect your Lightspeed account) | lightspeed.com/privacy |
| Alpaca | Live order execution (only when you connect your Alpaca account) | alpaca.markets/privacy |
| Telegram | Delivering live-bot signal and lifecycle notifications (only when you enable Telegram notifications) | telegram.org/privacy |
We run our own infrastructure for backtest and live-bot execution — no third-party cloud provider processes your strategy code or trading results.
If you configure a webhook for notifications, your bot's signals and lifecycle events are sent to the URL you choose. That endpoint is under your control, not ours, and is not a PineconeX sub-processor — you are responsible for how the data is handled once it arrives there.
When you connect a broker, we encrypt your credentials at rest using ChaCha20-Poly1305 with a master key that never leaves our servers. Credentials are decrypted only at job launch time and are passed directly to the isolated job container. No credential is logged or retained beyond the lifetime of the job.
You can disconnect a broker at any time from the Live page, which permanently deletes the stored credentials from our database.
| Data | Retention |
|---|---|
| Account and profile | Until you delete your account |
| Strategies | Until you delete them or delete your account |
| Job results | Until you delete them or delete your account |
| Broker credentials | Until you disconnect the broker or delete your account |
| Billing records | 7 years (legal requirement) |
| Error and usage logs | 90 days, then automatically purged |
| Security & abuse monitoring | Anonymised when you delete your account; aggregate counts may be retained for security analysis |
If you are in the EEA or UK, you have the right to:
To exercise any of these rights, email privacy@pineconex.com or use the account deletion feature in your account settings (once available). We will respond within 30 days.
You also have the right to lodge a complaint with your local supervisory authority (in Belgium: the Gegevensbeschermingsautoriteit).
We use a single HTTP-only session cookie to keep you signed in. We do not use advertising cookies, tracking pixels, or third-party analytics scripts. No cookie consent banner is shown because the only cookie is strictly necessary for the service to function.
Credentials are encrypted at rest. Communication between your browser and our servers uses TLS. Job containers are isolated and have no network access beyond what is required to connect to your broker. We keep dependencies updated and run regular security reviews.
We may update this policy as the platform evolves. If we make material changes, we will notify you by email or by a notice in the app at least 14 days before the change takes effect. The effective date at the top of this page always reflects the current version.
PineconeX — questions: privacy@pineconex.com
© 2026 PineconeX.
This site is maintained by © 2026 Dalidophe B.V. All rights reserved.