Privacy Policy

Last updated: April 17, 2026

1. Introduction

Crypteers ("we", "us", "our") is committed to protecting your personal data. This Privacy Policy explains what data we collect, how we use it, with whom we share it, and your rights under the General Data Protection Regulation (GDPR) and other applicable privacy laws. By using the Service, you acknowledge this policy.

2. Data We Collect

Account data

Email address, hashed password, display name, and plan tier — collected when you register.

Usage data

Pages visited, features used, API request logs, and session timestamps — collected automatically via our servers and Supabase.

Payment data

Billing address and last-four card digits are stored by Stripe. We never store full card numbers on our servers.

Device and technical data

IP address, browser type, operating system, and push notification tokens (if you opt in to alerts).

User-generated data

Watchlist coins, custom price alert thresholds, and backtesting parameters you save on the platform.

3. How We Use Your Data

  • To provide and improve the Service, including generating personalised signals and alerts.
  • To process payments and manage your subscription via Stripe.
  • To send transactional emails (account confirmation, alerts, invoices) and, with consent, product updates.
  • To detect and prevent fraud, abuse, and security incidents.
  • To comply with legal obligations.
  • To conduct aggregated, anonymised analytics to improve our ML models (no individual identifiers are used).

Our legal bases are: contract performance (providing the Service you subscribed to), legitimate interests (security, fraud prevention, analytics), and consent (marketing emails, push notifications).

4. Data Sharing

We do not sell your personal data. We share it only with:

  • Supabase — database and authentication (EU region, GDPR compliant).
  • Stripe — payment processing (PCI-DSS Level 1 certified).
  • SendGrid / Resend — transactional email delivery.
  • Firebase Cloud Messaging — push notifications (only if you opt in).
  • Law enforcement or regulators when required by law.

5. Data Retention

  • Account data is retained for the life of your account plus 30 days after deletion.
  • Payment records are retained for 7 years to satisfy financial regulations.
  • Usage logs are retained for 90 days then permanently deleted.
  • Push notification tokens are deleted immediately upon opt-out or account deletion.

6. Your Rights (GDPR)

If you are in the EU/EEA or UK, you have the right to:

  • Access — request a copy of your personal data.
  • Rectification — correct inaccurate or incomplete data.
  • Erasure — request deletion of your data; we will action this within 30 days.
  • Portability — receive your data in a machine-readable format (JSON/CSV).
  • Restriction — ask us to pause processing while a dispute is resolved.
  • Objection — opt out of processing based on legitimate interests.
  • Withdraw consent — for marketing emails or push notifications at any time.

To exercise any right, email [email protected]. You also have the right to lodge a complaint with your local data protection authority.

7. Cookies

We use the following cookies:

  • Strictly necessary — session tokens and CSRF protection. Cannot be disabled.
  • Functional — theme preference, dashboard layout settings.
  • Analytics — aggregated, anonymised page-view counts. No third-party trackers.

We do not use advertising or cross-site tracking cookies.

8. Security

We use industry-standard measures including TLS encryption in transit, AES-256 encryption at rest, row-level security policies in Supabase, and regular penetration testing. However, no method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.

9. Children

The Service is not directed at individuals under 18. We do not knowingly collect personal data from minors. If you believe we have inadvertently collected data from a minor, contact us and we will delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy periodically. We will notify registered users by email at least 14 days before material changes take effect. The "Last updated" date at the top always reflects the current version.

11. California Residents (CCPA / CPRA)

If you are a California resident, the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA) gives you additional rights over your personal information.

  • Right to Know — you may request the categories and specific pieces of personal information we have collected about you, and how it is used and shared.
  • Right to Delete — you may request deletion of personal information we have collected, subject to certain exceptions.
  • Right to Correct — you may request correction of inaccurate personal information.
  • Right to Opt Out of Sale or Sharing — we do not sell or share your personal information for cross-context behavioural advertising. No opt-out action is required.
  • Right to Limit Sensitive Data Use — we do not use or disclose sensitive personal information beyond the purposes required to provide the Service.
  • Right to Non-Discrimination — we will not discriminate against you for exercising any of these rights.

To submit a verifiable consumer request, email [email protected]. We will respond within 45 days. You may designate an authorised agent to make a request on your behalf; we will require written proof of authorisation and may verify your identity directly.

Categories of personal information collected (prior 12 months): identifiers (email, IP address), commercial information (subscription tier, payment records), internet or electronic network activity (page views, feature usage), and inferences drawn from the above to generate service recommendations. We do not collect sensitive personal information as defined by CPRA.

12. Canadian Residents (PIPEDA / Quebec Law 25)

If you are a resident of Canada, your personal information is governed by the Personal Information Protection and Electronic Documents Act (PIPEDA) and, for Quebec residents, by Law 25 (Act to modernise legislative provisions as regards the protection of personal information).

  • Consent — we collect, use, and disclose your personal information with your knowledge and consent, or as permitted by law. Implied consent applies where the purpose is obvious and would reasonably be expected.
  • Limiting Collection — we collect only the information necessary to provide the Service.
  • Access and Correction — you may request access to your personal information and ask us to correct any inaccuracies. Email [email protected].
  • Withdrawal of Consent — you may withdraw consent at any time, subject to legal or contractual restrictions, by contacting us. Withdrawing consent to core processing will require account deletion.
  • Privacy Officer — our Privacy Officer can be reached at [email protected].

For Quebec residents: under Law 25, you have the right to data portability and the right to de-indexation (removal of publicly available personal information). You may also lodge a complaint with the Commission d'accès à l'information (CAI) at www.cai.gouv.qc.ca.

13. Contact

For privacy enquiries or to exercise your rights, contact our Data Protection contact at [email protected].