Privacy Policy

Effective date: __EFFECTIVE_DATE__ · Last updated: __LAST_UPDATED__

Plain-language summary: PineX collects the minimum data needed to give you an account, bill you if you pay, and improve the product. We don't sell your data. Your trade history stays on your computer and at your broker — PineX never sees it.

1. Who this applies to

This Privacy Policy applies to users of the PineX desktop application and visitors to pinex.c21eservices.com. PineX is operated by c21eservices.

2. What we collect

We collect three categories of data:

2a. Account data (when you sign in)

• Email address — required for sign-in and billing.
• Display name and profile picture — pulled from your Google account when you use Google sign-in.
• Subscription tier and billing state — kept in sync with Stripe so the app knows what you have access to.

2b. Product telemetry (when the app talks to our backend)

• App version — so we know which version a bug report came from.
• Operating system and version — so we can reproduce platform-specific issues.
• IP address — automatically logged by our backend host (Supabase) for abuse prevention; not used for tracking.
• Feedback you submit — when you fill in the in-app feedback prompt, the text you type and the contextual fields (version, OS, tier) are stored so we can act on it.

We do NOT collect: your trade history, the contents of your Pine Scripts, your broker credentials, your chart data, your screen contents, or any keystrokes outside the PineX app itself. Those stay on your computer (and your broker's servers) — PineX never sees them, our backend never sees them.

2c. Payment data (when you subscribe)

Payment data (card number, billing address, etc.) is collected and processed by Stripe. We don't see or store your card number. We do store a Stripe customer ID and subscription ID so we can look up your billing state.

3. How we use this data

• To authenticate you and provide access to the features your tier includes.
• To bill you for paid plans (via Stripe) and send payment receipts.
• To respond to support requests you send us.
• To improve PineX — fix bugs, prioritize features, troubleshoot issues you report.
• To send service-critical communications (e.g. billing failure, security incident).

We do not send marketing email without your opt-in, and we do not sell or rent your data to anyone for any purpose.

4. Who we share data with

We share data only with these processors, and only as needed for them to do their job:

• Supabase (database, auth) — stores your account record, profile, and feedback. Supabase Privacy.
• Stripe (payments) — handles your subscription and card data. Stripe Privacy.
• Google (OAuth) — only if you choose Google sign-in; provides your email and basic profile to us. Google Privacy.
• Cloudflare (website hosting + CDN for pinex.c21eservices.com) — sees your IP when you visit the site. Cloudflare Privacy.

We may disclose data if compelled by law (subpoena, court order) or to protect our rights or the safety of others. We will notify you when we can.

5. How long we keep data

• Account data: as long as your account exists, plus up to 30 days after deletion for our backups to roll over.
• Billing records: 7 years, as required by US accounting and tax law.
• Feedback submissions: indefinitely, as part of our product-improvement record. You can request deletion (see below).
• Server logs: 30 days.

6. Your rights

Regardless of where you live, you may:

• Access the data we have about you — email us and we'll send a copy.
• Correct inaccurate data.
• Delete your account and associated data. Email us; we'll process within 30 days. (Billing records we're legally required to keep will be retained as the law requires.)
• Export your data in a portable format.
• Object to processing, or restrict it, in cases where you have a legal basis.

EU/EEA, UK, California, and other privacy-law residents have additional statutory rights (GDPR, UK GDPR, CCPA/CPRA). Contact us at the address below to exercise them.

7. Children

PineX is not for users under 18 and we do not knowingly collect data from anyone under 18. If you believe a child has provided us data, contact us and we'll delete it.

8. International transfers

Our backend (Supabase) is hosted in the United States. If you're outside the US, your data will be transferred to and stored in the US. By using PineX you consent to this transfer.

9. Security

We use industry-standard measures to protect data: TLS for all network traffic, encryption at rest for the database, row-level security so each user can only see their own data, and least-privilege access for our backend code. That said, no system is impenetrable. Tell us immediately at pinex.support@c21eservices.com if you suspect unauthorized access to your account.

10. Cookies and tracking

pinex.c21eservices.com does not use tracking cookies or third-party analytics. We may use Cloudflare's built-in security cookies to protect against abuse. The PineX desktop app stores authentication tokens and settings locally on your computer — these are not cookies and never leave your machine except when calling our backend with your auth token.

11. Changes to this policy

We may update this Policy from time to time. Material changes will be announced in the app and on the website. The "Last updated" date at the top will reflect the most recent change.

12. Contact

Privacy questions: pinex.support@c21eservices.com.

Placeholders __EFFECTIVE_DATE__ and __LAST_UPDATED__ need to be filled in before launch. This Policy has not been reviewed by an attorney; before going live publicly we strongly recommend a privacy-law specialist reviews this document, especially if you'll have EU/EEA or California users.