← BACK TO CRYPTOORBIT

PRIVACY POLICY

Last updated: May 2, 2026 · Version 2.1

1. WHO WE ARE

CryptoOrbit ("we", "us", "our") provides a free educational web application for cryptocurrency scenario simulation, DCA calculation, portfolio tracking, and historical data exploration. We are operated by Nina Valenčak (private individual).

Contact: cryptoexplorer.sp@gmail.com

Website: https://cryptoorbit.eu

2. WHEN THIS POLICY APPLIES

This Privacy Policy applies when you:

• Visit our website
• Create a CryptoOrbit account
• Use our calculator and simulator features
• Subscribe to our marketing communications (optional)
• Contact us via email

3. ACCOUNT REGISTRATION REQUIRED

To use CryptoOrbit, you must create an account and verify your email address. We chose this approach for the following reasons:

• To save your scenarios across devices
• To prevent abuse and ensure fair use
• To comply with regulatory requirements
• To provide essential service updates (security, terms changes)

If you don't want to create an account, you cannot use the app — you may freely visit our public marketing pages without registering.

4. WHAT INFORMATION WE COLLECT

4.1 Information You Provide During Registration

When you create an account, you provide us with:

• Email address — required for authentication and service emails
• Name (or nickname) — optional, for personalization
• Password — stored encrypted (bcrypt hash, never plain text)
• Consent to Terms & Privacy Policy — required (with timestamp)
• Marketing consent — optional (with timestamp; can be withdrawn anytime)

4.2 Information You Generate Using the App

• Calculator inputs — cryptocurrencies, amounts, growth rates, target years
• Saved scenarios — names and parameters of scenarios you choose to save
• Cookie preferences — your granular cookie consent choices

4.3 Information Collected Automatically

When you visit CryptoOrbit, we automatically collect:

• IP address (anonymized for analytics)
• Browser type and version
• Device type (desktop / mobile)
• Pages visited and time spent
• Referral source (e.g., TikTok, direct visit)
• Email confirmation status and timestamps (for authentication)

4.4 Information We Do NOT Collect

• ❌ Real names or government IDs
• ❌ Phone numbers
• ❌ Payment information (the app is free)
• ❌ Cryptocurrency wallet addresses
• ❌ Private keys, seed phrases, or any wallet credentials
• ❌ Bank account or financial account details
• ❌ Sensitive personal data (race, religion, health, etc.)

5. HOW WE USE YOUR INFORMATION

We use collected information to:

• Authenticate your account and verify your email
• Provide the calculator and simulator services
• Save and sync your scenarios across devices
• Send essential service emails (account verification, password reset, security notices)
• Send marketing emails (only if you opted in; you can opt out anytime)
• Understand how users interact with the app (with analytics consent)
• Improve features, fix bugs, and develop new functionality
• Comply with legal obligations and regulatory requirements
• Prevent abuse, fraud, and unauthorized access
• Transfer data as part of a business transaction (sale, merger, acquisition) if applicable (see Section 10)

6. LEGAL BASIS FOR PROCESSING (GDPR)

If you are in the European Economic Area (EEA), we process your personal data based on:

Activity	Legal Basis
Account creation & login	Contract performance (Article 6(1)(b))
Email verification	Legal obligation (Article 6(1)(c))
Saving scenarios	Contract performance
Marketing emails	Your explicit consent (Article 6(1)(a))
Analytics cookies	Your explicit consent
Functional cookies	Your consent or legitimate interest
Security & abuse prevention	Legitimate interests (Article 6(1)(f))
Legal compliance	Legal obligation

7. CONSENT MANAGEMENT

We collect two separate consents during registration:

• Terms of Service & Privacy Policy — REQUIRED to create an account
• Marketing communications — OPTIONAL (default: opt-out)

For each consent, we record the exact timestamp (ISO 8601 format) and the version of documents you agreed to.

You can withdraw your marketing consent at any time:

• From your Account Settings → Preferences page
• By clicking the "Unsubscribe" link in any marketing email
• By contacting us at cryptoexplorer.sp@gmail.com

Withdrawing consent does not affect the lawfulness of processing based on consent before its withdrawal.

8. COOKIES AND TRACKING

We use cookies and similar technologies in 4 distinct categories. You have granular control through our cookie banner and Account Settings.

Category	Purpose	Required?
🔒 Essential	Authentication, security, core functionality	Yes (cannot be disabled)
⚙️ Functional	Remember preferences (theme, language)	No (opt-in)
📊 Analytics	Anonymous usage statistics	No (opt-in)
📣 Marketing	Future marketing features (currently unused)	No (opt-in)

Managing cookies:

• On first visit, our cookie banner lets you "Accept All", "Essentials Only", or "Customize"
• You can change preferences anytime via Account Settings → Privacy & Data → Manage Cookies
• You can also clear cookies through your browser settings

Refusing optional cookies will not prevent you from using core features of CryptoOrbit.

9. THIRD PARTIES WE WORK WITH

We share limited information with these service providers, strictly for app functionality:

• Supabase Inc. — Authentication, database hosting (EU/Ireland servers)
• Netlify — Website hosting and content delivery
• Resend — Transactional email delivery
• CoinGecko — Cryptocurrency price data (no personal data shared)

All third-party processors are bound by Data Processing Agreements (DPAs) and comply with GDPR requirements.

We do NOT sell, rent, or share your personal data with advertisers, marketing companies, or data brokers. Please see Section 10 below for circumstances in which your data may be transferred (e.g., business sale or acquisition).

10. BUSINESS TRANSFERS AND SALE OF ASSETS

10.1 Possibility of Business Transfer

CryptoOrbit may, in the future, be sold, merged, acquired, restructured, or have its assets transferred to a third party. This may include the transfer of your personal data (including your email address, account information, saved scenarios, and consent records) to the new owner or successor entity, as part of a legitimate business transaction.

10.2 What This Means for You

If such a transfer occurs:

• Your personal data will be transferred to the new owner
• The new owner will become the new data controller under GDPR
• The new owner may use your data for the same purposes described in this Privacy Policy, or for new purposes consistent with this Policy
• If you previously gave marketing consent, the new owner may continue to send you marketing communications until you withdraw consent
• The new owner is bound by all data protection rights granted to you under this Policy and applicable law (GDPR, CCPA, etc.)

10.3 Your Rights Before Transfer

Before any transfer of your personal data takes place, we will:

• Notify you at least 30 days in advance via email and a prominent notice in the app
• Inform you of the identity and contact details of the new data controller
• Give you the option to delete your account before the transfer occurs
• Give you the option to withdraw your marketing consent
• Provide you with the option to export your data in a machine-readable JSON format

10.4 Your Acknowledgment

By creating an account and accepting this Privacy Policy, you acknowledge and consent to the possible transfer of your personal data in connection with such business transactions, subject to the safeguards described above. This acknowledgment is part of the legal basis under GDPR Article 6(1)(a) (consent) and Article 6(1)(f) (legitimate interests of the business).

11. DATA RETENTION

Data Type	Retention Period
Account data (email, profile)	Until you delete your account
Saved scenarios	Until you delete them or your account
Consent records	3 years after consent withdrawal (legal requirement)
Marketing email logs	1 year
Analytics data	Anonymized after 14 months
Server logs	30 days
Authentication tokens	Active session duration only

12. YOUR RIGHTS (GDPR)

If you are an EU/EEA resident, you have the right to:

• Access (Article 15) — request a copy of your data via Account Settings → Privacy & Data → Export My Data (instant JSON download)
• Rectification (Article 16) — fix inaccurate data via Account Settings or by contacting us
• Erasure / Right to be Forgotten (Article 17) — delete your account and all data via Account Settings → Danger Zone → Delete Account
• Restrict Processing (Article 18) — request limitation of processing
• Data Portability (Article 20) — receive your data in machine-readable JSON format (Export feature)
• Object (Article 21) — object to processing for legitimate interests or marketing
• Withdraw Consent (Article 7(3)) — at any time via Account Settings
• Lodge a Complaint (Article 77) — file a complaint with your local Data Protection Authority

12.1 How to Exercise Your Rights

Self-service options (instant):

• 📥 Export Data — Account Settings → Privacy & Data → Download JSON
• 🗑️ Delete Account — Account Settings → Danger Zone → Delete Account
• 🔄 Marketing Consent — Account Settings → Preferences → Marketing Updates toggle
• 🍪 Cookie Preferences — Account Settings → Privacy & Data → Manage Cookies

Email request: For other rights, contact us at cryptoexplorer.sp@gmail.com. We will respond within 30 days as required by GDPR Article 12.

13. DATA SECURITY

We implement reasonable technical and organizational measures to protect your data:

• HTTPS/TLS encryption for all data in transit
• Passwords stored using bcrypt hashing (never plain text)
• Database encryption at rest (Supabase)
• Email verification required for account access
• Limited administrative access
• Regular security updates
• GDPR-compliant infrastructure (Supabase EU servers)
• Row-Level Security (RLS) policies on database

13.1 Data Breach Notification

In the event of a personal data breach posing a risk to your rights and freedoms, we will:

• Notify the relevant supervisory authority within 72 hours (GDPR Article 33)
• Notify affected users without undue delay via email (GDPR Article 34)
• Provide details about the nature, consequences, and measures taken
• Document all breaches for compliance purposes

14. CHILDREN'S PRIVACY

CryptoOrbit is not intended for users under 18. We do not knowingly collect data from minors. If you believe we have inadvertently collected such data, please contact us at cryptoexplorer.sp@gmail.com.

COPPA Compliance (USA): We do not knowingly collect personal information from children under 13.

15. REGIONAL PRIVACY RIGHTS

15.1 California Residents (CCPA / CPRA)

• Right to Know what personal data we collect
• Right to Delete your personal data
• Right to Correct inaccurate data
• Right to Opt-Out of Sale (we do NOT sell personal data to advertisers or data brokers; for business transfer scenarios, see Section 10)
• Right to Limit Use of Sensitive Personal Information
• Right to Non-Discrimination for exercising rights

15.2 UK, Brazil, Canada, Australia

UK GDPR (UK), LGPD (Brazil), PIPEDA (Canada), and Australian Privacy Act provide rights similar to GDPR. Contact us to exercise them.

16. INTERNATIONAL DATA TRANSFERS

Your data is primarily processed in the EU (Supabase EU/Ireland servers). When data is transferred outside the EEA, we ensure adequate protection through Standard Contractual Clauses (SCCs), adequacy decisions, and Data Processing Agreements with all third-party processors.

17. CHANGES TO THIS POLICY

We may update this Privacy Policy from time to time. Significant changes will be communicated via email and a notice in the app. The "Last updated" date at the top reflects the most recent revision.

18. CONTACT US

For privacy-related questions or to exercise your rights:

📧 Email: cryptoexplorer.sp@gmail.com

📍 Operator: Nina Valenčak

🌐 Website: https://cryptoorbit.eu