Privacy Policy

1. Scope & Applicability

This Privacy Policy applies globally and is intended to comply with:

• EU GDPR
• UK GDPR
• US CCPA / CPRA
• Other applicable data-protection laws

2. Information We Collect

2.1 Account Information

• Email address
• OAuth identifiers (Google, X)
• Account settings and notification preferences

Authentication is handled via Auth0, which securely manages identity credentials.

2.2 Exchange & Risk Data

If you connect exchange accounts, we may retrieve:

• Balances, positions, orders
• Risk metrics derived from this data

⚠️ We do not execute trades or hold custody of assets.

2.3 API Keys

• Stored encrypted at rest
• Used only for data retrieval
• Users are responsible for permissions granted

2.4 Communications Data

• Email address
• Telegram chat ID (if connected)
• Discord user ID (if connected)
• Phone number (if SMS or phone alerts enabled)

2.5 Billing Information

Payments are processed by third-party providers. CoinRiskManager does not store full payment credentials.

3. How We Use Data

We use personal data to:

• Authenticate users
• Provide risk monitoring and alerts
• Send transactional communications
• Manage subscriptions and billing
• Maintain security and platform reliability

4. Notifications & Messaging

We may send transactional notifications, including:

• Risk alerts
• System messages
• Trial expiration notices
• Subscription and payment reminders

Delivery channels (user-configurable):

• Email
• Telegram
• Discord
• SMS / automated phone calls

5. Third-Party Service Providers

Authentication

• Auth0 – identity and authentication (Privacy Policy)

Payments

• Stripe – Privacy Policy
• Coinbase Commerce – Privacy Policy

Analytics

• PostHog – Privacy Policy

Infrastructure & Data Storage

• Amazon Web Services (AWS) – Privacy Policy
• MongoDB Atlas – Privacy Policy
• Redis – Privacy Policy

Notifications & Messaging

• Telegram – Privacy Policy
• Discord – Privacy Policy
• Twilio (SMS / phone calls) – Privacy Policy
• Resend (email delivery) – Privacy Policy

Only the minimum data required is shared with these providers.

6. International Data Transfers

Data may be processed in jurisdictions outside your country of residence, including the United States and EU, with appropriate safeguards in place.

7. User Rights & Exercising Your Rights

EU / UK (GDPR)

• Access: Request a copy of your personal data
• Correction: Update inaccurate or incomplete data
• Deletion: Request deletion of your personal data (subject to legal retention requirements)
• Restriction: Limit processing of your data in certain circumstances
• Objection: Object to processing based on legitimate interests
• Data Portability: Receive your data in a structured, machine-readable format
• Withdraw Consent: Withdraw consent for processing at any time

United States (CCPA / CPRA)

• Right to Know: What personal information we collect, use, and disclose
• Right to Delete: Request deletion of your personal information
• Right to Opt-Out: We do not sell or share personal information for cross-context behavioral advertising
• Right to Non-Discrimination: We will not discriminate against you for exercising your rights

How to Exercise Your Rights

To exercise any of these rights, contact us at travy@rektlabs.ai. We will respond within the timeframes required by applicable law (typically 30-45 days).

Account Deletion & Data Export:

• You may request account deletion through your account settings or by emailing us
• Upon deletion, we will remove personal data except what must be retained for legal/compliance purposes
• You may request a copy of your data in JSON format

8. Data Retention

We retain personal data only as long as necessary to provide the Service or comply with legal obligations.

Specific Retention Periods:

• API Keys: Retained until you delete the exchange connection or close your account
• Position & Risk Data: Retained for the duration of your subscription plus 90 days for analytics
• Notification History: Retained for 12 months
• System Logs: Retained for 90 days for troubleshooting and security
• Billing Records: Retained for 7 years for tax and compliance purposes
• Account Information: Retained for 30 days after account deletion for recovery, then permanently deleted

Some data may be retained longer where required by law (e.g., anti-money laundering, tax regulations).

9. Sensitive Data & CPRA Compliance

We do not intentionally collect or process sensitive personal information as defined by CPRA, including:

• Social security numbers, driver's license numbers, or government-issued IDs
• Precise geolocation data
• Racial or ethnic origin, religious beliefs, or union membership
• Genetic data, biometric data, or health information
• Sexual orientation or sex life information

Data Sharing & Sale:

• We do not sell your personal information
• We do not share your personal information for cross-context behavioral advertising
• We share data only with service providers necessary to operate the platform (see Section 5)

10. Security Measures

We implement industry-standard security measures, including:

• Encryption of sensitive data at rest and in transit
• Secure authentication via Auth0 (OAuth 2.0, multi-factor authentication support)
• Regular security audits and vulnerability assessments
• Access controls and principle of least privilege
• Intrusion detection and monitoring systems

Data Breach Notification: In the event of a security breach affecting your personal data, we will notify you and relevant authorities as required by applicable law.

Disclaimer: No security system is 100% secure. While we take reasonable precautions, we cannot guarantee absolute security.

11. Children's Privacy

The Service is not intended for users under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected data from a minor, contact us immediately at travy@rektlabs.ai.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via:

• Email notification to your registered email address
• In-platform notification banner
• Updated "Last Modified" date at the top of this page

We encourage you to review this Privacy Policy periodically. Continued use after changes take effect constitutes acceptance.

13. Contact & Data Protection Officer

For questions about this Privacy Policy, to exercise your data rights, or to contact our Data Protection Officer:

Email: travy@rektlabs.ai

Response Time: We aim to respond to privacy inquiries within 30 days (or as required by applicable law).