TenachineAI-Powered BacktestingSign in

Privacy notice

Last updated: April 19, 2026

We try to be straightforward. This notice explains what personal data we collect, why we collect it, who we share it with, and the controls you have. If anything is unclear, write to privacy@tenachine.com.

1. The short version

  • We collect the minimum we need to run the Service.
  • We never sell your data and never use it to train third-party models.
  • We use Supabase for auth, Stripe for billing, and a small set of analytics tools listed below.
  • You can export or delete your data at any time by emailing privacy@tenachine.com.

2. Who we are

Tenachine (“we”, “us”) is the data controller for personal data processed through this website. For privacy questions, write to privacy@tenachine.com.

3. What we collect

Account data

  • Your email address and the OAuth provider you signed in with (Google, X).
  • Your display name, if your provider shares one.
  • A unique user ID generated by Supabase Auth.
  • Account creation time and last sign-in time.

Product data

  • Backtests you run (strategy text, tickers, date range, output metrics).
  • Saved screens and alerts you create.
  • Match history for alerts that fire.

Billing data

  • Subscription status, plan, trial start/end, and renewal dates.
  • A Stripe customer ID. We do not store your card details. Stripe does.

Technical data

  • IP address, browser/device type, and pages requested (standard server logs).
  • Aggregate usage analytics from Google Analytics 4.

4. Why we collect it

We process your data to:

  • Authenticate you and keep your session secure.
  • Run the backtests, screens, and alerts you ask for.
  • Bill you and prevent payment fraud.
  • Investigate bugs, abuse, or service degradation.
  • Send transactional emails (alert matches, billing receipts, important account notices).
  • Measure aggregate product usage so we can improve it.

Legal bases under GDPR: performance of contract (running the Service), legitimate interest (security, analytics, abuse prevention), and consent (where applicable, e.g. optional analytics).

5. Sub-processors

We rely on the following service providers:

  • Supabase — authentication and database hosting (EU region).
  • Stripe — payment processing and Customer Portal (US, with EU SCCs).
  • Railway — application hosting (US).
  • Google Analytics 4 — anonymised aggregate usage analytics.
  • Gmail (Google Workspace) — outbound transactional email.

We will update this list when sub-processors change. Each provider has its own privacy notice that governs the data they process on our behalf.

6. Retention

  • Account data: kept while your account is active. Deleted on request, or 30 days after account deletion.
  • Backtests and saved screens: kept while your account is active.
  • Alert match history: kept for 12 months, then pruned.
  • Billing records: kept for the period required by tax law (typically 10 years in the EU).
  • Server logs: 30 days, then aggregated.

7. Your rights

If you're in the EU/EEA, UK, or California, you have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate data.
  • Delete your data (“right to be forgotten”).
  • Export your data in a portable format.
  • Object to processing based on legitimate interest.
  • Withdraw consent for optional processing.

To exercise any of these, email privacy@tenachine.com. We respond within 30 days.

You also have the right to lodge a complaint with a data protection authority. In France that's the CNIL.

8. Cookies

We use a small set of cookies:

  • tenachine_sb_access — your authenticated session. Strictly necessary; cannot be disabled.
  • tenachine_csrf — CSRF protection for write actions. Strictly necessary.
  • _ga / _ga_* — Google Analytics 4. Set only if you accept analytics.

9. International transfers

Some of our sub-processors are based in the United States. Where personal data is transferred outside the EU/EEA, we rely on Standard Contractual Clauses approved by the European Commission, plus any supplementary measures the provider has put in place.

10. Security

Auth tokens are stored as httpOnly cookies and verified server-side. We use HTTPS everywhere, scoped Supabase row-level security policies, and short-lived API keys. No system is perfectly secure; if you spot something concerning, write to security@tenachine.com.

11. Children

Tenachine is not intended for anyone under 18. We do not knowingly collect data from minors. If you believe a minor has signed up, contact us and we'll delete the account.

12. Changes

We may update this notice as the Service evolves. Material changes will be announced in-app or by email. The “Last updated” date at the top reflects the current revision.