Privacy Policy — HalalCrypto

1. Who We Are

HalalCrypto is operated as a sole proprietorship providing educational cryptocurrency screening tools. For privacy matters, the data controller is:

Business Name: HalalCrypto
Contact Email: [email protected]
Website: halalcrypto.exchange

For GDPR purposes, we act as a Data Controller for personal data you provide to us directly, and as a Data Processor in limited contexts where we handle data on behalf of our users.

2. What We Collect

We collect minimal data necessary to operate and improve the Platform. Here is a complete breakdown:

Data Type	What We Collect	Why	Retention
Email Address	Provided voluntarily when joining newsletter or drip course	To send educational emails, product updates, course content	Indefinitely until you unsubscribe or request deletion
Hashed IP Address	One-way hashed IP (SHA-256 salted) from page requests	Anonymous analytics — counting unique visitors, detecting abuse	90 days, then purged
API Usage Logs	Endpoint called, timestamp, response code, API key identifier (not the key itself)	Rate limit enforcement, debugging, fraud prevention	90 days
Watchlist Data	Coins you add to your personal watchlist (for registered users)	To provide personalized watchlist functionality	Until account deletion
Payment Data	Handled entirely by Paddle (our Merchant of Record). We receive only: subscription status, plan type, Paddle customer ID	Subscription management	As long as your account is active + 7 years for tax compliance
Account Info	Email, hashed password (if registered), subscription tier	Account access and feature gating	Until account deletion + 30 days

3. What We Do NOT Collect

We are intentionally minimal with data collection. We do not collect:

No first-party cookies — We do not set any cookies from the halalcrypto.exchange domain for tracking or analytics purposes.
No tracking pixels — We do not embed Facebook Pixel, Google Tag Manager, LinkedIn Insight, or any similar tracking pixels from the Platform itself.
No device fingerprinting — We do not build device fingerprints from browser characteristics.
No full IP addresses — Raw IP addresses are immediately hashed and the original is discarded.
No location data — We do not collect GPS coordinates or precise geolocation.
No social login data — We do not offer OAuth login and therefore collect no data from social networks on your behalf.
No wallet addresses — We do not require or store cryptocurrency wallet addresses.

4. Google AdSense & Third-Party Advertising

Disclosure: HalalCrypto displays advertisements through Google AdSense. Google, as a third-party vendor, uses cookies to serve ads based on your prior visits to this and other websites.

Google AdSense uses the DoubleClick cookie to serve interest-based ads. You can opt out of personalized advertising by visiting Google's Ads Settings or www.aboutads.info. Google's use of advertising cookies enables it and its partners to serve ads to our users based on their visits to our site and other sites on the internet.

Google AdSense may collect:

Cookie identifiers for ad personalization
General location (country/region level) for ad targeting
Browsing behavior across the web for interest profiling
Ad interaction data (impressions, clicks)

HalalCrypto has no control over and no access to the data collected by Google AdSense. This data is governed by Google's Privacy Policy. You can manage your Google ad preferences at adssettings.google.com.

For our Cookie Policy including instructions on disabling these cookies, see our Cookie Policy.

5. How We Use Your Data

We use collected data for the following purposes and legal bases (GDPR Article 6):

Service Delivery (Contract performance): Processing your subscription, providing API access, maintaining your watchlist, and sending transactional emails.
Email Communications (Consent): Sending newsletters, drip courses, and product updates — only if you have opted in. You can withdraw consent at any time by clicking "Unsubscribe" in any email or emailing us.
Analytics (Legitimate interest): Using anonymized, aggregated data to understand how the Platform is used and to improve it. This never involves individual profiling.
Security & Fraud Prevention (Legitimate interest): Detecting abuse, rate-limit violations, and unauthorized access attempts.
Legal Compliance (Legal obligation): Retaining records as required by applicable law.

We do not sell your personal data to any third party. We do not use your data for automated decision-making that produces legal or similarly significant effects on you.

6. Data Sharing & Third Parties

We share data with third parties only where necessary:

Paddle (Payment processing): Receives email and payment information to process subscriptions. Acts as Merchant of Record.
Email Service Provider: Our newsletter platform receives your email address to deliver communications you have opted into.
Cloudflare: Our CDN and DDoS protection provider processes traffic through their global network. Cloudflare's privacy policy governs their data handling.
Binance API: We query the Binance public API for market data. Your usage of our Platform does not transmit your personal data to Binance.
Legal Authorities: We may disclose data if required by valid legal process, court order, or to protect rights, property, or safety.

All third-party processors are bound by data processing agreements requiring them to protect your data in accordance with applicable law.

7. Data Security

We implement appropriate technical and organizational measures to protect your data:

Transit Encryption: All data transmitted between your browser and our servers is encrypted using TLS 1.2 or higher (HTTPS).
Encryption at Rest: Databases containing personal information are encrypted at rest using AES-256.
Password Hashing: Passwords are hashed using bcrypt before storage. We never store plaintext passwords.
IP Hashing: IP addresses are hashed immediately upon receipt and the original is never stored.
Access Controls: Personal data access is restricted to authorized personnel on a need-to-know basis.
Regular Audits: We periodically review our security practices and access logs.

No system is 100% secure. In the event of a data breach that poses a risk to your rights and freedoms, we will notify affected users and relevant authorities as required by applicable law, within 72 hours of becoming aware (GDPR Art. 33).

8. International Data Transfers

HalalCrypto serves a global audience. Your data may be processed in countries outside your country of residence, including:

Cloudflare CDN: Routes traffic through data centers globally. Cloudflare participates in the EU-US Data Privacy Framework.
Paddle: Processes payments through infrastructure in multiple regions, including the EU and US.

For users in the European Economic Area (EEA), transfers to countries without an adequacy decision are covered by Standard Contractual Clauses (SCCs) with our processors. For users in the UK, we rely on the UK IDTA where applicable.

9. Your Rights

Depending on your jurisdiction, you have the following rights regarding your personal data:

Right to Access

Request a copy of the personal data we hold about you.

Right to Deletion

Request that we delete your personal data ("right to be forgotten").

Right to Correction

Request correction of inaccurate or incomplete personal data.

Right to Portability

Receive your data in a structured, machine-readable format.

Right to Restrict

Request that we restrict processing of your data in certain circumstances.

Right to Object

Object to processing based on legitimate interests or for direct marketing.

Opt-Out of Sale (CCPA)

California residents: we do not sell personal information. No opt-out is needed, but you may exercise all CCPA rights.

Withdraw Consent

Withdraw consent for email communications at any time via the unsubscribe link or by emailing us.

To exercise any of these rights, email us at [email protected] with "Privacy Request" in the subject line. We will respond within 30 days. We may need to verify your identity before fulfilling requests.

If you are in the EEA and believe we have not addressed your concerns, you have the right to lodge a complaint with your local data protection authority (DPA).

10. Children's Privacy

HalalCrypto is not intended for users under the age of 18. We do not knowingly collect personal data from anyone under 18. If you believe we have inadvertently collected data from a minor, please contact us immediately at [email protected] and we will delete it promptly.

11. Data Retention Summary

Email addresses (newsletter): Indefinitely until you unsubscribe or request deletion
Hashed IP analytics logs: 90 days, then automatically purged
API usage logs: 90 days
Watchlist data: Until account deletion (plus 30-day grace period)
Account data: Until account deletion (plus 30-day grace period)
Payment records: 7 years for legal/tax compliance

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last Updated" date and post a notice on the Platform. For significant changes, we will notify registered users by email where practicable. Your continued use of the Platform after changes take effect constitutes acceptance of the updated policy.

For questions or concerns about this Privacy Policy, contact: [email protected]