Privacy Policy

1. Introduction & Data Controller

CryptoRep ("we," "us," "our") is a cryptocurrency intelligence platform registered in France and accessible at cryptorep.io. We are committed to protecting your personal data and respecting your privacy in accordance with the General Data Protection Regulation (EU) 2016/679 ("GDPR") and the French Data Protection Act (Loi Informatique et Libertés).

This Privacy Policy explains how we collect, use, share, and protect your personal data when you use our Platform. As the data controller, CryptoRep determines the purposes and means of processing your personal data.

Data Controller: CryptoRep, France
Contact: contact@cryptorep.io

2. What Personal Data We Collect

We collect and process the following categories of personal data:

2.1 Account Data

• Email address
• Display name (if provided)
• Account preferences and settings
• Authentication credentials (securely hashed)

2.2 Usage Data

• Pages and features accessed
• Timestamps and frequency of visits
• Watchlist and portfolio configurations
• Alert preferences and notification history
• Search queries and interaction patterns

2.3 Payment Data

• Subscription plan and billing cycle information
• Payment transaction identifiers (processed and stored by Stripe; CryptoRep does not store full payment card details)
• Invoice and billing history

2.4 Device and Technical Data

• IP address
• Browser type and version
• Operating system
• Device type and screen resolution
• Referring URL
• Language preferences

2.5 Cookie Data

Information collected through cookies and similar tracking technologies. For details, see our Cookie Policy.

3. How We Collect Data

We collect personal data through the following means:

• Directly from you: When you create an account, update your profile, set preferences, contact us, or subscribe to a plan.
• Automatically: Through cookies, web server logs, and similar technologies when you browse or interact with the Platform.
• From third-party service providers: Including Supabase (authentication and data storage), Stripe (payment processing), and hosting providers.

4. Legal Bases for Processing

Under GDPR Article 6, we process your personal data on the following legal bases:

• Contract Performance (Art. 6(1)(b)): Processing necessary to provide and maintain your account, deliver the services you subscribe to, and manage your subscription.
• Legitimate Interest (Art. 6(1)(f)): Processing necessary for our legitimate interests, such as improving the Platform, ensuring security, preventing fraud, and conducting internal analytics, where these interests are not overridden by your rights.
• Consent (Art. 6(1)(a)): Where you have given explicit consent, such as for optional analytics cookies or marketing communications. You may withdraw consent at any time.
• Legal Obligation (Art. 6(1)(c)): Processing required to comply with applicable laws, including tax regulations, anti-money laundering requirements, and responses to legal requests.

5. How We Use Your Data

We use the personal data we collect for the following purposes:

• Service Delivery: Providing, maintaining, and improving the Platform and its features. — Contract Performance
• Account Management: Creating and managing your account, authenticating your identity, and personalizing your experience. — Contract Performance
• Payment Processing: Processing subscription payments, managing billing, and providing invoices through Stripe. — Contract Performance
• Analytics: Understanding how users interact with the Platform to improve our services, features, and user experience. — Consent / Legitimate Interest
• Security: Detecting, preventing, and responding to fraud, abuse, security incidents, and other harmful activities. — Legitimate Interest
• Communication: Sending transactional emails (account confirmations, password resets, billing notifications), service updates, and, where you have opted in, marketing communications. — Contract Performance / Consent
• Legal Compliance: Fulfilling our legal and regulatory obligations. — Legal Obligation

Automated Decision-Making

CryptoRep does not use automated decision-making or profiling that produces legal effects or similarly significant effects on you. Our Platform may use automated tools (such as AI-generated news summaries) to present information, but these do not make decisions about your access, account, or rights.

6. Cookies

CryptoRep uses cookies and similar technologies to operate the Platform, remember your preferences, understand how you use our services, and improve your experience. Essential cookies are required for the Platform to function and cannot be disabled.

For comprehensive information about the types of cookies we use, their purposes, retention periods, and how to manage them, please see our Cookie Policy.

7. Data Sharing

We do not sell your personal data. We share your data only with the following categories of recipients, and only to the extent necessary:

• Supabase: For authentication, database storage, and user session management. Supabase processes data in accordance with its own privacy policy and applicable data protection laws.
• Stripe: For payment processing and subscription management. Stripe is a PCI DSS Level 1 certified payment processor. See Stripe's Privacy Policy.
• Hosting Providers: Our Platform is hosted on Vercel (frontend) and Amazon Web Services (backend), which process data as part of delivering our infrastructure.
• Legal Requirements: We may disclose personal data if required by law, regulation, legal process, or governmental request, or when we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

We do not sell, rent, or trade your personal data to third parties for their marketing purposes.

8. International Data Transfers

Some of our third-party service providers (including Supabase, Stripe, and Vercel) may process your personal data outside of the European Economic Area (EEA). In such cases, we ensure that appropriate safeguards are in place, including:

• EU adequacy decisions recognizing the destination country as providing an adequate level of data protection.
• Standard Contractual Clauses (SCCs) approved by the European Commission.
• The service provider's certification under an approved framework (e.g., EU-US Data Privacy Framework).

You may request information about the specific safeguards in place for international transfers by contacting us.

9. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected and to comply with our legal obligations:

• Account Data: Retained for the duration of your active account. Upon account deletion, we will delete or anonymize your data within 30 days, except where retention is required by law.
• Usage Logs: Retained for up to 12 months for analytics and security purposes, then anonymized or deleted.
• Payment Records: Retained for a minimum period as required by French tax law (currently 10 years for accounting records under the French Commercial Code).
• Cookie Data: Retained in accordance with the retention periods described in our Cookie Policy.

10. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

• Encryption of data in transit (TLS/SSL) and at rest.
• Secure authentication mechanisms including password hashing and optional CAPTCHA verification.
• Role-based access controls limiting data access to authorized personnel only.
• Regular security assessments and monitoring.
• Use of established, security-certified third-party providers (Supabase, Stripe, Vercel).

While we strive to protect your personal data, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security, but we are committed to maintaining industry-standard protections.

11. Your Rights Under GDPR

As a data subject, you have the following rights under the GDPR:

• Right of Access (Art. 15): You have the right to obtain confirmation of whether we process your personal data and to receive a copy of that data.
• Right to Rectification (Art. 16): You have the right to request correction of inaccurate personal data or completion of incomplete data.
• Right to Erasure (Art. 17): You have the right to request deletion of your personal data under certain circumstances ("right to be forgotten").
• Right to Restriction of Processing (Art. 18): You have the right to request that we restrict the processing of your personal data in certain situations.
• Right to Data Portability (Art. 20): You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit that data to another controller.
• Right to Object (Art. 21): You have the right to object to the processing of your personal data based on legitimate interests or for direct marketing purposes.
• Right to Withdraw Consent: Where processing is based on consent, you may withdraw your consent at any time without affecting the lawfulness of processing performed before withdrawal.
• Right to Lodge a Complaint: You have the right to lodge a complaint with a supervisory authority, in particular the CNIL (Commission Nationale de l'Informatique et des Libertés) in France (see Section 15).

12. How to Exercise Your Rights

To exercise any of the rights described above, please contact us at:

contact@cryptorep.io

Please include sufficient information to verify your identity and specify the right you wish to exercise. We will respond to your request within 30 days. In complex cases, we may extend this period by an additional 60 days, in which case we will notify you of the extension and the reasons for it.

We will not charge a fee for processing your request unless the request is manifestly unfounded or excessive. In such cases, we may charge a reasonable fee or refuse to act on the request.

13. Children

CryptoRep is not intended for use by individuals under the age of 16. We do not knowingly collect personal data from children under 16. If we become aware that we have collected personal data from a child under 16, we will take steps to delete such data promptly. If you believe that a child under 16 has provided us with personal data, please contact us at contact@cryptorep.io.

14. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes, we will update the "Last updated" date at the top of this page and, where appropriate, notify you by email or through a prominent notice on the Platform.

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your data.

15. Contact & Supervisory Authority

If you have any questions, concerns, or requests regarding this Privacy Policy or the processing of your personal data, please contact us:

• Email: contact@cryptorep.io
• Website: cryptorep.io

Supervisory Authority

If you are unsatisfied with our response to a privacy concern, you have the right to lodge a complaint with the French data protection authority:

• CNIL (Commission Nationale de l'Informatique et des Libertés)
• 3 Place de Fontenoy, TSA 80715, 75334 Paris Cedex 07, France
• Website: www.cnil.fr
• Phone: +33 1 53 73 22 22

If you reside in another EU/EEA member state, you may also contact your local data protection authority.