Privacy Policy

CryptoPulse24 ("we", "us", "our") operates cryptopulse24.com — a free crypto intelligence platform offering market data, trading tools, AI signals, on-chain analytics, education and community features.

This Privacy Policy explains what personal data we collect when you use the site, how we use it, who we share it with, and the rights you have over it. We aim to comply with the EU GDPR, the UK Data Protection Act 2018, the California CCPA, and Pakistan's Personal Data Protection Bill.

Account data: email address, hashed password, display name, country, time zone, and avatar image (if you upload one). Required to create and secure your account.

Authentication tokens: refresh + session tokens issued by Supabase Auth. Stored in httpOnly cookies and never accessible to JavaScript on the page.

Watchlist & preferences: the coins you star, alert thresholds, theme choice, news filters. Stored both in localStorage and (when signed in) in our database so they sync between devices.

Usage analytics: page paths, viewport size, browser, referrer, and aggregated event counts. We use this to spot broken pages and improve UX. We do not collect mouse-movement recordings.

Error reports: when JavaScript or API errors happen we send a sanitised stack trace to Sentry. Personally identifying fields are scrubbed before sending.

Optional billing data: only collected if you upgrade to Pro. Card details are handled by our payment processor; we never see or store full card numbers.

To operate the service — show you your personalised dashboard, sync your watchlist across devices, send alerts you opted into.

To secure your account — detect brute-force login attempts, expire stale sessions, send 2FA codes.

To improve the product — measure which features are useful and which are confusing.

To communicate with you — service announcements, security notices, newsletter (only if you subscribed).

We do not sell your personal data to advertisers, brokers, or any third party. Ever.

Supabase (database + authentication) — hosts your account row and watchlist. Data is region-locked.

AWS (hosting + email delivery) — runs the application servers and sends transactional emails (verification, password reset).

Sentry (error monitoring) — receives sanitised crash reports with no PII.

Upstash Redis (caching) — stores ephemeral data like the speed-news schedule. No personal data is written here.

Gemini API (AI chat) — when you use Pulse AI, your prompt is sent to Google's Gemini model to generate a reply. Prompts are not retained for model training per Google's API terms.

Law-enforcement requests — only when legally compelled, and we will notify you unless prohibited.

We use a minimal set of cookies: a session cookie (auth), a CSRF token cookie, and a theme-preference cookie. None of these are used for advertising or cross-site tracking.

We do not embed Google Analytics, Facebook Pixel, or any other ad-tech tracker.

You can clear all CryptoPulse24 cookies at any time in your browser settings — you'll just need to sign in again.

Account data: kept for as long as your account is active. If you delete your account, your row is removed within 30 days.

Logs: server access logs are kept for 90 days for security investigation, then deleted.

Backups: encrypted database backups are kept for 30 days then overwritten.

You can access, correct, export, or delete your personal data at any time from your Profile page.

GDPR/UK users have the right to lodge a complaint with their local data-protection authority.

California (CCPA) users have the right to know what we collect, opt out of sale (we don't sell), and request deletion.

Pakistan users (PDPB) have equivalent rights — contact us at the email below.

CryptoPulse24 is not directed at children under 13 (under 16 in the EU). We do not knowingly collect data from children. If we discover a minor has registered, we will delete the account.

We may update this policy when our practices change or laws require it. The date at the top of this page reflects the most recent revision. Material changes will be announced via in-app notice or email.

For privacy questions, data-export requests, or to delete your account, email [email protected] with subject line "Privacy Request". We respond within 7 business days.