Privacy Policy
Plain-language summary. PineX collects the minimum data needed to give you an account, bill you if you pay, deliver service-critical email, and improve the product. We do not sell your personal data. Your trade history, Pine Scripts, broker credentials, chart data, and any activity outside the PineX window stay on your computer — we never see them. (If you switch on the optional Discord forwarding, trade summaries go from your machine straight to your own Discord channel — never to us.)
1. Scope
This Privacy Policy ("Policy") describes how c21eservices LLC ("PineX", "we", "us", "our") collects, uses, shares, and protects personal information of users of the PineX desktop application, visitors to pinex.c21eservices.com, and recipients of email from us (collectively, the "Service"). It applies wherever you are located.
2. Information We Collect
2a. Information you provide directly
- Account data — your email address (always), display name and profile picture (when you sign in with Google), email-verified preference, and the password you choose if we add email/password sign-in in the future.
- Payment data — collected and processed directly by Stripe, Inc. when you subscribe. We do not see or store your card number. We do store a Stripe customer identifier and subscription identifier so we can look up your plan state.
- Feedback you submit — when you fill in the in-app feedback prompt, the text you type and contextual fields (app version, OS, plan tier) are stored so we can act on it. When you email support, the contents of your email and any attachments are stored.
- Marketing opt-in — if you check the "send me product updates" box on the download page, your email is added to our mailing list with a record of consent (timestamp, IP, source).
2b. Information collected automatically (product telemetry)
- App version — sent with each backend call so we know which version a bug came from.
- Operating system and version — sent with each backend call for compatibility tracking.
- IP address — logged automatically by our hosting providers (Supabase, Cloudflare) for security and abuse prevention. Not used to build a behavioral profile.
- Country code — derived from your IP at page load on the download page to determine whether to default the marketing opt-in checkbox checked or unchecked (GDPR compliance). Not stored.
2c. Information we do NOT collect
The following stay on your computer (or with your broker) and never reach us:
- Your trade history at your Broker;
- The contents of your Pine Scripts or Strategies;
- Your TradingView account credentials;
- Your Broker credentials;
- Chart data, market data, or order book data;
- Any input or activity outside of the PineX application window itself;
- Your screen contents, file system contents, or contents of any other application;
- Microphone, camera, or location data.
2d. Optional Discord trade forwarding
If you enable Discord forwarding — a feature you turn on and configure yourself by supplying a webhook URL — PineX sends a summary of each trade (direction, price, slippage, and pane) from your computer directly to the Discord channel you specified. This data goes straight to your own Discord; it does not pass through, and is not stored on, any server we operate. Once delivered, it is processed by Discord, Inc. under its own Privacy Policy. If you do not enable this feature, no trade data leaves your machine.
3. Legal Bases for Processing (GDPR / UK GDPR)
If you are in the European Economic Area, the United Kingdom, or another jurisdiction with similar data protection laws, we rely on the following lawful bases (GDPR Article 6):
- Performance of a contract — to provide the Service you signed up for (Article 6(1)(b)). Used for: account data, plan/subscription data, support communications.
- Legitimate interests — to keep the Service secure, prevent fraud, fix bugs, and improve the product (Article 6(1)(f)). Used for: server logs, IP, app version telemetry, in-app feedback you submit.
- Consent — for marketing emails (Article 6(1)(a)). You can withdraw consent at any time by clicking unsubscribe in any marketing email or emailing us.
- Legal obligation — to keep records required by tax, accounting, or other law (Article 6(1)(c)). Used for: billing records (7-year retention).
4. How We Use Information
- To authenticate you and provide access to the features your tier includes;
- To process subscription payments via Stripe and send payment receipts;
- To respond to support requests you send us;
- To send service-critical communications (billing failure, security advisory, breaking change);
- To send marketing communications, only if you opted in;
- To improve PineX — fix bugs, prioritize features, prevent abuse, troubleshoot issues you report;
- To comply with legal obligations (taxes, lawful requests from authorities).
5. How We Share Information
We share data only with the third-party processors listed below, only as needed for them to do their job, and only under contractual data-protection terms.
- Supabase, Inc. — hosts our database and authentication. Stores your account record, profile, subscription state, and feedback. US-hosted. Privacy Policy.
- Stripe, Inc. — processes payments and stores card data on PCI-DSS compliant infrastructure. US-hosted. Privacy Policy.
- Google LLC — only if you choose Google sign-in. Provides your email, display name, and profile picture to us. Privacy Policy.
- Cloudflare, Inc. — hosts the website (Cloudflare Pages) and provides CDN and DNS services. Sees your IP when you visit the site. Privacy Policy.
- Resend, Inc. — delivers transactional email (sign-in codes, billing receipts, security advisories). Processes your email address. Privacy Policy.
- Loops Email Inc. — delivers marketing email (only if you opted in). Stores your email address and engagement metrics. Privacy Policy.
We may disclose personal data if compelled by law (subpoena, court order, lawful government request), to protect our rights or the safety of users or the public, or in connection with a merger, acquisition, or sale of assets (in which case we will notify you and provide an opportunity to delete your account before the transfer).
We do not sell your personal data. We do not engage in "sharing" of personal data for cross-context behavioral advertising as defined under California law.
6. Data Retention
- Account data — for the life of your Account, plus up to 30 days after deletion for our backups to roll over.
- Billing records — 7 years, as required by US accounting and tax law.
- Feedback submissions — retained for up to 24 months from submission to act on and track product improvements, then deleted or anonymized. You may request earlier deletion (see Section 8).
- Server logs (IP, access timestamps) — 30 days.
- Marketing-list entries — until you unsubscribe, then we retain a minimal suppression record (email address + opt-out timestamp) indefinitely to ensure we don't email you again.
7. Security
We use industry-standard measures to protect personal data:
- TLS 1.2+ for all network traffic between the app, website, and our backend;
- Encryption at rest for the database (provided by Supabase);
- Row-level security so each user can only read and write their own rows;
- Least-privilege access to production data within our team;
- Auth tokens stored encrypted on disk in the desktop app (via Electron's
safeStorageAPI, which uses the OS keychain); - Webhook signature verification for all incoming Stripe events.
No system is impenetrable. If you suspect unauthorized access to your account, contact us immediately at pinex.support@c21eservices.com. If we experience a personal data breach affecting your information, we will notify you and applicable regulators in accordance with applicable law.
8. Your Rights
Regardless of where you live, you may exercise the following rights by emailing pinex.support@c21eservices.com:
- Access — request a copy of the personal data we hold about you;
- Correction — request that inaccurate data be corrected;
- Deletion — request that we delete your account and associated data (subject to retention obligations for billing records);
- Portability — request a copy in a structured, machine-readable format;
- Withdrawal of consent — for any processing that relies on your consent (e.g., marketing).
We will respond to verified requests within 30 days, or sooner if required by law. We may request additional information to verify your identity before fulfilling a rights request.
8a. Additional rights under GDPR / UK GDPR
If you are in the EEA or UK, you also have the right to:
- Object to processing based on legitimate interests;
- Restrict processing in certain circumstances;
- Lodge a complaint with your local data protection authority. In the UK, that is the Information Commissioner's Office (ICO).
8b. Additional rights under California law (CCPA / CPRA)
If you are a California resident, you have the right to:
- Right to know what personal information we have collected, used, disclosed, and (if we did) sold or shared in the prior 12 months;
- Right to delete personal information we collected from you;
- Right to correct inaccurate personal information;
- Right to opt out of the sale or sharing of personal information for cross-context behavioral advertising — we do neither, so there is nothing to opt out of, but the right exists;
- Right to limit the use of sensitive personal information — we do not collect sensitive personal information as defined by California law;
- Right to non-discrimination — we will not deny you the Service, charge you a different price, or provide a different level of service because you exercised your privacy rights.
California residents may designate an authorized agent to make requests on their behalf.
9. Children's Privacy
The Service is not directed to children under 18 years of age. We do not knowingly collect personal data from anyone under 18. If we learn that we have collected personal data from a person under 18, we will delete it as soon as possible. If you believe a child has provided us with personal data, contact us at pinex.support@c21eservices.com.
We do not knowingly collect personal data from anyone under 13 in compliance with the US Children's Online Privacy Protection Act (COPPA).
10. International Data Transfers
Our backend (Supabase) and most of our processors are hosted in the United States. If you are located outside the United States, your personal data will be transferred to and processed in the United States, which may have data protection laws that differ from those of your country.
For transfers of personal data from the EEA, UK, or Switzerland, we rely on appropriate safeguards — including the European Commission's Standard Contractual Clauses (and the UK International Data Transfer Addendum where applicable), together with supplementary measures where needed — rather than relying on your consent alone.
11. Cookies, Tracking, and Do Not Track
The pinex.c21eservices.com website does not use tracking cookies, third-party analytics, or advertising pixels. Cloudflare may set security cookies to protect against abuse. The PineX desktop application stores authentication tokens and your settings locally on your computer; these are not cookies and never leave your machine except when calling our backend with your auth token.
We honor the Global Privacy Control (GPC) signal where applicable. Because we do not sell or share personal data for cross-context behavioral advertising, there is no opt-out for those practices to honor — but if you send a GPC signal, we will treat it as an opt-out preference for any future practice that may become applicable.
12. Third-Party Links
The Service may contain links to third-party websites (TradingView, broker sites, payment processors, etc.). We are not responsible for the privacy practices of those sites. Review their privacy policies before providing them with personal data.
13. Changes to This Policy
We may update this Policy from time to time. Material changes will be announced via the in-app Account tab and the website at least 30 days before taking effect, except where a shorter period is required by law. The "Last updated" date at the top will reflect the most recent change. Continued use of the Service after the effective date constitutes acceptance.
14. Contact
Privacy questions, rights requests, or complaints: pinex.support@c21eservices.com.
Postal address: c21eservices LLC, 300 Witherspoon Street, Suite 201, Princeton, NJ 08542, USA