Privacy Policy

Last Updated: February 7, 2026

This Privacy Policy is compliant with GDPR (EU) and CCPA (California).

⚠️ Platform Status: Beta

Coincise is currently in beta. Core privacy features (consent tracking, encryption, RLS) are implemented. Automated data export and deletion features are under development. For manual requests, email privacy@coincise.co

1. Information We Collect

Account Information

  • Email address
  • Password (hashed and salted)
  • Subscription tier
  • Account creation date

Exchange Connection Data

  • Exchange name (e.g., Binance, Coinbase)
  • API keys (encrypted with Fernet encryption)
  • Connection status
  • Last sync timestamp

Trading & Portfolio Data

  • Portfolio balances and holdings
  • Trade history (fetched from your exchange)
  • Bot configurations and trade logs
  • Performance metrics

Usage Data

  • Pages visited
  • Features used
  • AI query history
  • Error logs and diagnostics

Data We DO NOT Collect:

  • Your exchange login credentials
  • Private keys or seed phrases
  • Withdrawal API permissions
  • Plaintext API keys (we only store encrypted versions)
  • Social Security Numbers or government IDs
  • Payment card details (handled by third-party processors)

2. How We Use Your Information

We use collected data to:

  • Provide Services: Display portfolio analytics, execute bot trades, generate AI insights
  • Improve Platform: Analyze usage patterns to enhance features and user experience
  • Security: Detect fraud, prevent abuse, and protect user accounts
  • Communication: Send service updates, security alerts, and subscription notifications
  • Compliance: Meet legal obligations and respond to lawful requests

We NEVER:

  • Sell your personal data to third parties
  • Share your trading strategies publicly
  • Use your API keys for our own trading
  • Send unsolicited marketing emails (you can opt out)

3. Legal Basis for Processing (GDPR)

For EU users, we process data based on:

  • Contract Performance: Necessary to provide the services you signed up for
  • Legitimate Interest: Improving our platform and preventing fraud
  • Consent: Optional features like analytics cookies (you can withdraw consent anytime)
  • Legal Obligation: Complying with financial regulations and lawful requests

4. Data Sharing & Third Parties

We share data only with trusted service providers:

Service Providers We Use:

  • Supabase: Database hosting and authentication (PostgreSQL)
  • Vercel: Website hosting and deployment
  • OpenAI/Anthropic: AI Trader LLM queries (if using platform quota)
  • Stripe: Payment processing (for subscriptions)

All third parties are contractually obligated to protect your data and use it only for providing services to us.

We Do NOT Share Data With:

  • Advertising networks
  • Data brokers
  • Social media platforms
  • Your cryptocurrency exchanges (we only READ from them)

5. Data Security

We implement industry-standard security measures:

🔒 Security Measures:

  • Encryption at Rest: Fernet encryption (AES-128 CBC + HMAC) for API keys
  • Encryption in Transit: TLS 1.3 for all data transmission
  • Database Security: Supabase Row Level Security (RLS) policies
  • Password Hashing: bcrypt with salt (never stored in plaintext)
  • Access Control: Role-based permissions and audit logging
  • Regular Audits: Security reviews and penetration testing

However, no system is 100% secure. You are responsible for maintaining the security of your account credentials and monitoring your exchange accounts for unauthorized activity.

6. Data Retention

We retain data for different periods based on type:

Data TypeRetention Period
Account InformationUntil account deletion + 30 days
API Keys (Encrypted)Until disconnected + 7 days
Trade History3 years (tax compliance)
AI Chat History90 days
Usage Logs1 year
Backups30 days rolling

7. Your Rights

GDPR Rights (EU Users):

  • Right to Access: Request a copy of your personal data
  • Right to Rectification: Correct inaccurate or incomplete data
  • Right to Erasure: Delete your account and personal data
  • Right to Data Portability: Export your data in machine-readable format
  • Right to Restrict Processing: Limit how we use your data
  • Right to Object: Opt out of certain data processing activities
  • Right to Withdraw Consent: Revoke previously given consent

CCPA Rights (California Users):

  • Right to Know: What personal information we collect and why
  • Right to Delete: Request deletion of your personal information
  • Right to Opt-Out: Opt out of sale of personal information (we don't sell data)
  • Right to Non-Discrimination: Equal service regardless of privacy choices

How to Exercise Your Rights:

Go to Dashboard → Settings → Legal & Privacy or email us at privacy@coincise.co

We will respond to requests within 30 days (GDPR) or 45 days (CCPA).

8. Cookies & Tracking

We use the following types of cookies:

Essential Cookies (Always Active):

  • Authentication session cookies
  • Security and fraud prevention
  • Load balancing

Functional Cookies (Your Choice):

  • Theme preference (dark/light mode)
  • Dashboard layout settings
  • Language preferences

Analytics Cookies (Your Choice):

  • Page views and feature usage (anonymized)
  • Error tracking and debugging

You can manage cookie preferences via the cookie banner (EU visitors) or in Dashboard settings. Disabling non-essential cookies may affect platform functionality.

9. International Data Transfers

Coincise operates globally. Your data may be transferred to and processed in countries outside your residence, including the United States.

For EU users, we ensure adequate protection through:

  • Standard Contractual Clauses (SCCs) with third-party processors
  • Data Processing Agreements (DPAs) with service providers
  • Encryption of data in transit and at rest

10. Children's Privacy

Coincise is not intended for users under 18 years old. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us immediately at privacy@coincise.co.

11. Changes to Privacy Policy

We may update this Privacy Policy from time to time. Material changes will be notified via:

  • Email notification (at least 30 days in advance)
  • Dashboard notification banner
  • Updated "Last Updated" date at the top of this page

Continued use of the Platform after changes constitutes acceptance of the updated Privacy Policy.

12. Contact & Data Protection Officer

For privacy-related questions, data requests, or complaints, contact us at:

  • Privacy Email: privacy@coincise.co
  • Data Protection Officer: dpo@coincise.co
  • General Support: support@coincise.co

EU Users: You have the right to lodge a complaint with your local data protection authority if you believe we have violated your privacy rights.

By clicking "I Accept" during signup, you acknowledge that you have read and understood this Privacy Policy and consent to the collection and use of your information as described.