Privacy Policy

1. Introduction

CryptoBipto ("we," "our," or "us") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, and protect your information when you use our Service.

2. Information We Collect

We collect the following types of information:

Account Information

• Email address (required for account creation)
• Full name (optional)
• Password (encrypted, we never see your actual password)

Payment Information

• Payment is processed securely by Stripe
• We do NOT store your full credit card number
• We receive only transaction confirmations from Stripe

Usage Information

• Pages visited and features used
• Device type and browser information
• IP address (for security purposes)

3. What We Do NOT Collect

We do NOT collect or have access to:

• Your cryptocurrency holdings or transactions
• Your accounts on third-party exchanges or wallets
• Your private keys or seed phrases
• Your financial account information beyond subscription billing

4. How We Use Your Information

We use your information to:

• Provide and maintain our Service
• Process your subscription payments
• Send you important account notifications
• Respond to your support requests
• Improve our Service based on usage patterns
• Protect against fraud and unauthorized access

5. Information Sharing

We do NOT sell your personal information. We may share your information only in the following circumstances:

• Stripe: For payment processing.
• Supabase: For authentication and secure data storage.
• Resend: For transactional email delivery (welcome, password reset, onboarding, learning reminders).
• Sentry: For error monitoring. May capture error payloads including the URL, device information, and a sanitized stack trace.
• Upstash (Redis): For rate-limiting abuse protection. Stores short-lived request counters keyed by user ID or IP.
• Vercel: Our hosting provider. Receives standard web traffic logs and your IP for network-level security.
• Legal requirements: When required by law, regulation, or valid legal process.

6. Data Security

We implement industry-standard security measures to protect your data:

• All data is encrypted in transit (HTTPS) and at rest
• Passwords are hashed and never stored in plain text
• Regular security audits and updates
• Limited employee access to user data

7. Data Retention

We keep your personal data only as long as we have a legitimate reason to:

• Account data (email, name, hashed password): retained for as long as your account is active.
• Subscription records: retained while your subscription is active and for up to 7 years after cancellation, to meet tax and financial record-keeping obligations.
• Learning progress: retained for as long as your account is active; deleted with your account.
• Error monitoring data (Sentry): retained for up to 90 days.
• Rate-limit counters (Upstash): retained for seconds to minutes — only long enough to enforce limits.

When you delete your account, we delete or anonymize your personal data within 30 days, except records we are required by law to retain.

8. Your Rights

You have the right to:

• Access your personal data
• Correct inaccurate data
• Request deletion of your data
• Export your data in a portable format
• Opt out of marketing communications
• Withdraw consent where processing is based on consent
• Lodge a complaint with your local data protection authority

To exercise any of these rights, email us at privacy@cryptobipto.com from the email address associated with your account. We will respond within 30 days.

9. EU/UK Residents (GDPR)

If you are located in the European Economic Area or the United Kingdom, you have additional rights under the General Data Protection Regulation, including the rights of access (Article 15), rectification (Article 16), erasure (Article 17), restriction (Article 18), data portability (Article 20), and objection (Article 21). Our legal basis for processing your personal data is (a) performance of the contract between you and CryptoBipto for the Service you have subscribed to, (b) our legitimate interests in securing and operating the Service, and (c) your consent where explicitly required. You may lodge a complaint with your local data protection authority at any time.

10. California Residents (CCPA)

If you are a California resident, the California Consumer Privacy Act (CCPA) gives you the right to know what personal information we collect about you, the right to delete it, and the right to opt out of any "sale" of personal information. We do not sell or share your personal information for advertising. To exercise your CCPA rights, email privacy@cryptobipto.com. We will not discriminate against you for exercising your rights.

11. Cookies

We use essential cookies to maintain your login session and preferences. We do not use advertising or tracking cookies.

12. Children's Privacy

Our Service is not intended for users under 18 years of age. We do not knowingly collect personal information from children. If we learn that we have collected personal information from a person under 18, we will delete it and close the account.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by email or through the Service and update the "Last updated" date at the top of this page.

14. Contact Us

If you have any questions about this Privacy Policy, please contact us at:
Email: privacy@cryptobipto.com