Privacy Policy

1. Introduction

Crypteers ("we", "us", "our") is committed to protecting your personal data. This Privacy Policy explains what data we collect, how we use it, with whom we share it, and your rights under the General Data Protection Regulation (GDPR) and other applicable privacy laws. By using the Service, you acknowledge this policy.

2. Data We Collect

3. How We Use Your Data

• To provide and improve the Service, including generating personalised signals and alerts.
• To process payments and manage your subscription via Stripe.
• To send transactional emails (account confirmation, alerts, invoices) and, with consent, product updates.
• To detect and prevent fraud, abuse, and security incidents.
• To comply with legal obligations.
• To conduct aggregated, anonymised analytics to improve our ML models (no individual identifiers are used).

Our legal bases are: contract performance (providing the Service you subscribed to), legitimate interests (security, fraud prevention, analytics), and consent (marketing emails, push notifications).

4. Data Sharing

We do not sell your personal data. We share it only with:

• Supabase — database and authentication (EU region, GDPR compliant).
• Stripe — payment processing (PCI-DSS Level 1 certified).
• SendGrid / Resend — transactional email delivery.
• Firebase Cloud Messaging — push notifications (only if you opt in).
• Law enforcement or regulators when required by law.

5. Data Retention

• Account data is retained for the life of your account plus 30 days after deletion.
• Payment records are retained for 7 years to satisfy financial regulations.
• Usage logs are retained for 90 days then permanently deleted.
• Push notification tokens are deleted immediately upon opt-out or account deletion.

6. Your Rights (GDPR)

If you are in the EU/EEA or UK, you have the right to:

• Access — request a copy of your personal data.
• Rectification — correct inaccurate or incomplete data.
• Erasure — request deletion of your data; we will action this within 30 days.
• Portability — receive your data in a machine-readable format (JSON/CSV).
• Restriction — ask us to pause processing while a dispute is resolved.
• Objection — opt out of processing based on legitimate interests.
• Withdraw consent — for marketing emails or push notifications at any time.

To exercise any right, email [email protected]. You also have the right to lodge a complaint with your local data protection authority.

7. Cookies

We use the following cookies:

• Strictly necessary — session tokens and CSRF protection. Cannot be disabled.
• Functional — theme preference, dashboard layout settings.
• Analytics — aggregated, anonymised page-view counts. No third-party trackers.

We do not use advertising or cross-site tracking cookies.

8. Security

We use industry-standard measures including TLS encryption in transit, AES-256 encryption at rest, row-level security policies in Supabase, and regular penetration testing. However, no method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.

9. Children

The Service is not directed at individuals under 18. We do not knowingly collect personal data from minors. If you believe we have inadvertently collected data from a minor, contact us and we will delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy periodically. We will notify registered users by email at least 14 days before material changes take effect. The "Last updated" date at the top always reflects the current version.

11. Contact

For privacy enquiries or to exercise your rights, contact our Data Protection contact at [email protected].