Privacy Policy

Effective 2026-05-28 · Pancake / Nusantara Ventures LLC

What we collect

Pancake collects the minimum data necessary to operate the Service:

  • Account credentials — email address and hashed password, managed by Supabase Auth. Pancake never sees your plaintext password.
  • Strategy specs and evidence data — rows you upload via the API or MCP tools to run a backtest. Stored in Supabase (Postgres) under your account.
  • Backtest receipts — computed results, metrics, and the verification boundary envelope. Stored per your chosen visibility setting.
  • OAuth tokens — access and refresh tokens issued to agents you authorize. Stored encrypted; scoped to the permissions you approved.

Authentication

Authentication is handled by Supabase Auth. Your email and hashed password are stored in Supabase's managed infrastructure (AWS us-east-1). Pancake does not store passwords or session secrets outside Supabase.

Receipt visibility

Backtest receipts have two visibility states:

  • Public (visibility=public) — the receipt, its metrics, and its verification boundary are accessible to anyone with the URL and indexed by search engines. Public receipts are published under CC-BY 4.0. Do not make a receipt public if it contains sensitive strategy details you do not wish to share.
  • Private (visibility=private) — the receipt is accessible only to your account. It is not indexed or shared.

Agent-supplied evidence

Evidence rows you upload via register_evidence_dataset are user-owned data. Pancake stores them to power your backtests and does not use them for any other purpose. Evidence rows are not sold, shared, or used to train models.

Tracking and analytics

Pancake does not use third-party behavioral tracking. There are no client-side analytics libraries (no Google Analytics, Mixpanel, Segment, PostHog, or equivalent) on the public site or in the application. Server-side access logs are retained by our hosting infrastructure (Vercel) for operational purposes only.

Data sharing

Pancake does not sell your data. We do not share personal data with third parties except as required to operate the Service (Supabase for database and auth, Vercel for hosting) or as required by applicable law.

Data deletion

To request deletion of your account and associated data, email hi@usepancake.com. We will process deletion requests within 30 days. Public receipts that have been shared may remain accessible at their URLs as CC-BY content.

Governing law

This Privacy Policy is governed by the laws of the Republic of Indonesia.

Contact

Privacy questions: hi@usepancake.com