Privacy Policy

Last updated: 6/26/2026

1. What we collect

• Account: email, display name, optional avatar, password hash (or Google OAuth identifier).
• Usage: watchlist, price alerts, holdings, AI signal usage counters, Telegram link metadata.
• Payments: transaction status, amount, provider, provider order/payment ID. We do not store full card numbers or crypto private keys — those are handled by Razorpay, PayPal, Binance Pay, or NOWPayments.
• Operational logs: error logs, email send logs, request metadata for security and debugging.

2. How we use it

• To provide and operate the service (alerts, signals, portfolio).
• To process payments and manage your subscription tier.
• To send app emails (account changes, alerts, receipts). We do not send marketing emails.
• To monitor abuse, errors, and rate limits.
• To comply with legal obligations.

3. Legal basis

We process data under (a) contract — to deliver the service you signed up for, (b) legitimate interests — security and product improvement, and (c) consent — where required.

4. Sharing

We share data with service providers strictly to operate CryptoX:

• Supabase — database, authentication, storage.
• CoinGecko — market data (no personal data sent).
• Razorpay, PayPal, Binance Pay, NOWPayments — payment processing.
• Telegram — alert delivery (only if you opt in).
• Email infrastructure — delivery of app emails.

We do not sell your personal data.

5. Retention

Account data is kept while your account is active. Payment records are retained for at least 7 years for tax and accounting. You can request deletion of your account at any time; we will erase or anonymise data not required for legal compliance.

6. Your rights

Subject to your jurisdiction (GDPR, UK GDPR, CCPA, India DPDP, etc.) you may have rights to access, rectify, delete, port, or object to processing of your data. Email privacy@cryptox.app to exercise them.

7. Security

We use row-level security, encrypted connections, strict server-side secrets handling, and signature verification on all payment webhooks. No method is 100% secure, but we follow industry best practice.

8. Cookies

We use strictly necessary cookies and local storage for authentication and preferences. We do not use third-party advertising cookies.

9. Children

CryptoX is not directed to anyone under 18.

10. International transfers

Your data may be processed in countries other than your own. We rely on standard contractual clauses or equivalent safeguards where required.

11. Changes

We will announce material changes in-app or by email.

12. Contact

Data controller: CryptoX. Contact: privacy@cryptox.app