How Tradeback handles account, usage, and payment-related data for the SaaS product.
Source docs: docs/08_SECURITY_AND_COMPLIANCE.md. Draft for beta signoff review; not legal approval.
Data we process
Tradeback processes account, authentication, wallet, backtest job, report, and admin audit data needed to operate the service.
Account email, display name, and authentication metadata
Wallet ledger, credit holds, and payment reconciliation records
Backtest and optimization job metadata and generated reports
Admin audit logs for privileged actions
Data we do not collect for trading
Tradeback does not connect user broker accounts and does not store live trading credentials for order placement.
Secrets and environment
Secrets remain in server environment configuration only. Production configuration rejects placeholder secrets and unsafe payment modes.
Browser-exposed configuration is limited to public frontend variables and must not include backend secrets.
Retention and deletion
User data deletion and retention policies must be finalized before production launch. Beta evidence tracks current controls but does not claim final legal approval.
Tradeback supports historical backtesting only. No live trading, paper trading, broker execution, or investment advice.