Legal

Privacy Policy

Effective: March 2026  ·  Version 1.4

This Privacy Policy explains how CryptoIntel collects, uses, stores, and protects information when you access the platform — including its web application, REST API, enterprise services, and associated infrastructure. CryptoIntel is designed with a data-minimisation philosophy: we collect only what is necessary to operate and improve the platform.

01 Platform Overview & Data Context

CryptoIntel is a cryptocurrency news intelligence platform aggregating real-time content from RSS news sources, processing 750+ digital asset data points from CoinGecko, and generating AI sentiment scores via a proprietary natural language processing pipeline. Understanding the architecture — detailed at /architecture — is relevant to understanding what data flows through the system:

  • News content passes through server-side RSS parsers, is sentiment-scored by our AI pipeline, and cached in-memory. No user-identifiable data is appended to this pipeline.
  • Market data is fetched server-side from CoinGecko and cached. User queries do not trigger direct calls to third-party market APIs.
  • TradingView chart widgets are rendered client-side and are subject to TradingView's own privacy policy.
  • API consumers interact with our endpoints directly; request metadata (IP address, timestamp, endpoint, response code) may be logged for security and rate limiting purposes.

02 Information We Collect

Information you provide directly

  • Contact form submissions (name, email, company, enquiry type, message) submitted via /contact.
  • Request Access form submissions (name, email, company, interest area, use case description) submitted via /request-access.
  • Enterprise and acquisition enquiry details submitted through the Enterprise portal at /enterprise.

Information collected automatically

  • Standard web server logs: IP address, browser user-agent, referring URL, requested path, HTTP status code, and timestamp. Logs are retained for up to 30 days for security purposes.
  • Vercel platform analytics (aggregated, anonymised page view and performance data). Individual users are not identified in these analytics.
  • API access logs: API key identifier (not the key itself), endpoint accessed, request timestamp, and response status for rate limiting and abuse detection.

Browser-stored data

  • Watchlist preferences (selected assets) are stored in browser local storage on your device. This data is never transmitted to CryptoIntel servers.
  • UI state preferences (e.g. chart type, filter selections) may be stored in session storage and are cleared when you close your browser tab.

03 How We Use Your Information

  • To respond to contact, enterprise, and access request enquiries.
  • To process and evaluate API access requests, enterprise licensing negotiations, and acquisition enquiries.
  • To enforce API rate limits, detect abuse, and protect platform integrity.
  • To monitor system health and performance via aggregated, anonymised telemetry.
  • To comply with legal obligations, regulatory requirements, and court orders where applicable.

We do not sell, rent, or trade personal data to third parties. We do not use personal data for advertising or profiling purposes.

04 Cookies & Tracking

CryptoIntel uses minimal, strictly necessary cookies only. We do not deploy third-party advertising cookies, retargeting pixels, or behavioural tracking technologies. The following limited cookies may be set:

  • Session cookies for basic navigation state (no persistent identifiers).
  • Vercel infrastructure cookies necessary for edge function routing and performance optimisation.
  • TradingView widget cookies, governed by TradingView's own cookie policy, set client-side when chart components are rendered.

05 Third-Party Integrations

The platform integrates with the following third-party services, each operating under their own privacy policies:

  • CoinGecko — market data API (server-side only; no user data transmitted).
  • TradingView — chart widgets rendered client-side; subject to TradingView's privacy policy.
  • Vercel — hosting, edge network, and anonymised analytics infrastructure.
  • RSS News Publishers (CoinDesk, CoinTelegraph, Decrypt, Bitcoin Magazine, NewsBTC, AMBCrypto, Crypto Briefing) — content aggregated server-side via public RSS feeds.
  • Formspree (or equivalent form backend) — contact and access request form submissions are processed by our form handling provider.

06 Enterprise & API Consumer Data

Enterprise clients, white-label licensees, and API consumers are subject to additional data processing terms set out in their respective Master Service Agreements (MSA). In the context of enterprise engagements:

  • Business contact information provided during acquisition or licensing negotiations is retained for the duration of those negotiations and for up to 3 years thereafter for audit purposes.
  • API key issuance requires a valid business email address and agreed terms. Key usage data is retained for billing and abuse-detection purposes.
  • White-label deployments operate on dedicated infrastructure; user data generated within those deployments is the responsibility of the licensee as the independent data controller.

07 Data Retention

  • Contact and enquiry form data: retained for up to 2 years or until the purpose for which it was collected is fulfilled.
  • Server access logs: retained for 30 days then purged.
  • API access logs: retained for 90 days for security and rate-limit enforcement.
  • Enterprise engagement records: retained for up to 7 years for legal and audit compliance.
  • Browser-stored data (watchlist, UI prefs): persists on your device until cleared; not stored on our servers.

08 Compliance & Legal Basis (GDPR)

For users in the EU and UK, our lawful basis for processing personal data is as follows:

  • Legitimate interests — server log retention for security, abuse detection, and platform integrity.
  • Contract performance — processing enquiry data to respond to and fulfil enterprise, licensing, and access requests.
  • Legal obligation — retaining enterprise records for tax, audit, and regulatory compliance purposes.

A full compliance overview, including jurisdiction-specific data handling practices, is available at /compliance.

09 Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Right of access — request a copy of personal data we hold about you.
  • Right to rectification — request correction of inaccurate data.
  • Right to erasure — request deletion of your data, subject to legal retention obligations.
  • Right to data portability — receive your data in a structured, machine-readable format.
  • Right to restrict processing or object — where processing is based on legitimate interests.

To exercise any of these rights, contact us at privacy@cryptointel.dev. We will respond within 30 days.

10 Security

CryptoIntel is deployed on Vercel's global edge infrastructure with HTTPS enforced on all endpoints. API keys are hashed at rest and never logged in plain text. Server-side caching isolates user requests from direct access to third-party data provider credentials. Despite these measures, no transmission over the internet is entirely secure, and we cannot guarantee absolute security. In the event of a data breach affecting personal data, we will notify affected individuals and relevant authorities in accordance with applicable law.

11 Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in platform functionality, data practices, or legal requirements. Material changes will be flagged with a revised "Effective" date. Continued use of the platform after an update constitutes acceptance of the revised policy. Enterprise clients will be notified of material changes via the contact details held in their MSA.

12 Contact

Privacy enquiries: privacy@cryptointel.dev. Enterprise data processing enquiries: /enterprise. General contact: /contact.