Legal # Privacy Policy Last modified: June 2, 2026 ## 1\. Introduction This Crypto Chief Privacy Policy ("**Privacy Policy**") describes how we collect, use, disclose, share and protect your personal information when you visit (the "**Website**"), the applications, products and services provided by Crypto Chief — including the Crypto Processing API, RPC Gateway, Unified API, EventStream and AML Intelligence (together, the "**Services**", and together with the Website, the "**Platform**"). We refer to Crypto Chief and the team operating it collectively as "**Crypto Chief**", "**we**", "**us**" or "**our**". We respect the privacy of every visitor, user and customer (referred to as "**you**" or "**your**") and we understand that keeping your information secure and confidential is critical. **We do not rent, sell or trade any personal information.** For purposes of this Privacy Policy, "**Personal Information**" means information that identifies, relates to, or describes, directly or indirectly, an individual or household. This Privacy Policy applies to Personal Information we collect on the Platform, in email and electronic messages between you and us, and through any client applications that interact with the Platform. By accessing or using the Platform, you agree to this Privacy Policy. This Privacy Policy may change from time to time (see Section 13 — Changes to this Privacy Policy). Your continued use of the Platform after changes are posted is deemed acceptance of those changes. ## 2\. Public and Authenticated Services The Services include both publicly accessible endpoints and authenticated, paid services. The information collected from you depends on which type of service you use: 1. **Public Services** — publicly available Web3 infrastructure usable on a permissionless basis (for example, certain RPC read endpoints, currency rate calculators, public documentation). No registration is required and no payment is collected, so less information is collected from you. 2. **Authenticated Services** — the Crypto Processing API, RPC Gateway dashboards, AML Intelligence and other products that require a Crypto Chief account. Access is permissioned and requires the information described below. ## 3\. Information You Provide to Us When you register for and use an authenticated Crypto Chief account, you may choose to provide: - Identifiers such as email address and, optionally, a display name or organisational name; - Authentication credentials (a hashed password, or — if you choose Google Sign-In — the Google OAuth identifiers described in Section 5); - Information you provide by filling in forms on the Platform (project settings, webhook URLs, IP allowlists, RSA public keys); - Correspondence and other communications you direct to us; - Payment information you use to top up your API Credit balance (handled by our payment sub-processors — see Section 8). ## 4\. Technical Information Collected Automatically The following technical information ("**Ephemeral Activity Data**") may be collected automatically when you use the Platform: - IP address (used to infer general location at city level) and other unique identifiers associated with your device or browser; - Device and system information such as operating system version, browser type and network information; - Information about API calls you make through the Platform (associated API key, endpoint, response code, timing) for usage metering, abuse prevention and analytics; - Cookies and similar technologies required to keep you signed in and to remember your project selection (we do not use third-party advertising cookies); - Aggregate website analytics gathered via Google Analytics 4 on the marketing Website only (page views, traffic sources, session duration, country-level geography). See Section 8 for details and Section 5 of our [Cookie Policy](/cookie/) for the cookies used. Ephemeral Activity Data is retained for a limited period as described in Section 9\. We do not correlate Ephemeral Activity Data with non-technical identifiers in order to identify, track or profile you. ## 5\. Third-Party Sign-In (Google, GitHub) In addition to email-and-password sign-in, the Platform supports authentication with Google and GitHub. When you choose one of these options, we receive a limited set of profile information from the provider, scoped to the OAuth permissions you grant. ### 5.1 Google Sign-In If you sign in with Google, we request the following standard scopes: - **email** — your Google account email address; - **profile** — your name and profile picture URL; - **openid** — a stable Google user identifier so we can recognise the same account on subsequent sign-ins. **What we do not do:** we do not request, store or use any additional Google scopes; we do not read your Gmail, Drive, Calendar, Contacts or any other Google service data; we do not make background server-to-server calls to Google APIs outside of the sign-in flow. Revoke at any time at [myaccount.google.com/permissions](https://myaccount.google.com/permissions). ### 5.2 GitHub Sign-In If you sign in with GitHub, we request the following standard scopes: - **read:user** — your public GitHub profile (username, display name, avatar URL, public profile metadata); - **user:email** — the email addresses associated with your GitHub account, including the primary one; - a stable GitHub user identifier so we can recognise the same account on subsequent sign-ins. **What we do not do:** we do not request, store or use any additional GitHub scopes; we do not read your private repositories, gists, issues, organisations or workflow data; we do not make background server-to-server calls to the GitHub API outside of the sign-in flow. Revoke at any time at [github.com/settings/applications](https://github.com/settings/applications) (Authorized OAuth Apps). ### 5.3 How we use third-party sign-in data - To authenticate your sign-in to the Crypto Chief dashboard, including as a second authentication option (2FA fallback) alongside email-and-password; - To create or look up your Crypto Chief account (the verified email becomes your unique account identifier); - To display your name and avatar in the dashboard header; - To send operational and security email notifications (billing alerts, suspicious activity, etc.) to the email address we received. We do not sell or share third-party sign-in data with marketers. Revoking provider access does not delete your Crypto Chief account — see Section 11 for deletion. ## 6\. How We Use Your Information We use the information we collect about you, including Personal Information, to: - Provide and operate the Platform and our Services; - Authenticate your account and protect it against unauthorised access; - Bill you for the API Credits you consume and notify you about your balance and usage (including the postpaid debt model used by the Crypto Processing API); - Operate the Platform, including improving latency and quality of service, monitoring web traffic patterns, and preventing DDoS or other malicious attacks; - Carry out our obligations and enforce our rights arising from any contracts entered into between you and us; - Notify you about changes to the Platform, Website or any products or services we offer; - Respond to your support requests and other communications you send us; - Comply with legal obligations, court orders or enforceable government requests; - For any other purpose with your explicit consent. ## 7\. Disclosure of Your Information We may disclose Personal Information we collect or that you provide: - To our service providers ("sub-processors", see Section 8) strictly to the extent required to operate the Platform; - To comply with any court order, applicable law, or enforceable legal process, including responding to government or regulatory requests; - In connection with a sale or contemplated sale of the business or a portion of it; - If we believe disclosure is necessary to protect the rights, property or safety of Crypto Chief, our customers or others. **We do not sell your Personal Information, and we do not share it with third parties for their own marketing purposes.** ## 8\. Sub-Processors We Use We rely on the following third-party service providers ("sub-processors") to operate the Platform. They process Personal Information only on our instructions and only to the extent necessary for the service they provide: - **OVH SAS** — primary application and microservice hosting for the Crypto Chief backend (API servers, blockchain workers, internal queues). Servers may be located in OVH data centres in the European Union, the United States and Singapore depending on workload routing. - **DigitalOcean, LLC** — managed database hosting (PostgreSQL, MySQL) and the saas-api control plane on DigitalOcean App Platform. Data may be stored in DigitalOcean regions located in the United States, the European Union and Singapore. - **Cloudflare, Inc.** — DNS, CDN, TLS termination, DDoS protection and bot mitigation for the Website and API endpoints. Cloudflare may receive request metadata (IP address, request headers, geolocation). - **Dodo Payments** — fiat payment processing (card and bank top-ups). When you pay through Dodo, your payment instrument data is collected by Dodo directly; we receive only the result of the transaction. See [Dodo Payments' privacy policy](https://dodopayments.com/privacy). - **Google LLC (Gmail SMTP)** — outbound transactional email (account confirmation, billing alerts, security notifications) is delivered via Gmail's SMTP service. Recipient email addresses and message contents are processed by Google strictly for the purpose of email delivery. - **Google LLC (Google Sign-In / OAuth)** — optional sign-in flow, see Section 5.1. - **GitHub, Inc. (GitHub Sign-In / OAuth)** — optional sign-in flow and alternative second-factor authentication, see Section 5.2\. See [GitHub's privacy statement](https://docs.github.com/en/site-policy/privacy-policies/github-general-privacy-statement). - **Google LLC (Google Analytics 4)** — aggregate Website analytics on [crypto-chief.com](https://crypto-chief.com/) (page views, traffic sources, session duration, country-level geography). Google may use technical identifiers such as IP address (truncated by GA4) and device/browser information to compile these statistics. GA4 is loaded only on the marketing Website, not on the merchant dashboards or APIs, and is blocked until you give consent through our Consent Management Platform (see Cybot below). You can opt out using the [Google Analytics opt-out browser add-on](https://tools.google.com/dlpage/gaoptout). See [Google's Privacy Policy](https://policies.google.com/privacy). - **Cybot A/S (Cookiebot)** — Consent Management Platform used to obtain, store and document your cookie-consent choices on the marketing Website, and to automatically block non-essential cookies until you give consent. Cookiebot stores a consent identifier and your consent state to remember your choices across visits. See [Cookiebot's privacy policy](https://www.cookiebot.com/en/privacy-policy/). We review our sub-processors periodically. If we add a sub-processor that materially changes how Personal Information is handled, we will update this Privacy Policy. The current list is the authoritative one. ## 9\. Data Retention Account information (email, hashed password, project settings, billing history) is retained for as long as your account is active and for a reasonable period afterwards to comply with legal, accounting and dispute-resolution obligations. Ephemeral Activity Data (request logs, IP addresses, response codes) is automatically deleted within thirty (30) days of collection unless we need to retain it longer to investigate a specific abuse or security incident. Anonymised aggregate analytics (traffic patterns, error rates, geographic distribution at city or country level) may be retained beyond 30 days because it cannot reasonably be associated with an individual. We do not control how long third parties (such as internet service providers) retain data that passes over systems we do not operate. ## 10\. Data Security We have implemented measures designed to secure your Personal Information from accidental loss and from unauthorised access, use, alteration and disclosure: - All traffic to the Platform is encrypted in transit via TLS 1.2+; - Stored data is encrypted at rest using industry-standard mechanisms provided by our sub-processors; - Passwords are stored as salted cryptographic hashes — never in plaintext; - Crypto Chief is **non-custodial**. When you generate a wallet through the Platform, the private key is delivered to you (RSA-encrypted with your public key) at the moment of creation; you are solely responsible for storing and protecting it. Any encrypted copy retained on our infrastructure is used only to perform the automated on-chain operations you explicitly configure (such as transit-to-master sweeps or scheduled payouts) and is isolated from application logic; - Access to production systems is restricted, tightly scoped and audited. The safety and security of your information also depends on you. Where we have given you (or where you have chosen) a password, API key or cryptographic private key for access to certain parts of the Platform, you are responsible for keeping that information confidential. Do not share it with anyone. Unfortunately, no method of transmission over the internet or storage is 100% secure. We do our best to protect your Personal Information but we cannot guarantee absolute security. Any transmission of Personal Information is at your own risk. ## 11\. Your Rights — Access, Correction, Deletion You can review and change most of your Personal Information by signing in to the Website and visiting your profile page. You may also email us at [admin@crypto-chief.com](mailto:admin@crypto-chief.com) to request access to, correction of, or deletion of any Personal Information you have provided to us, including information received from Google Sign-In. We may not be able to delete certain information without also deleting your user account. We will respond to verifiable requests in accordance with applicable law. Depending on your jurisdiction (for example, the European Economic Area, the United Kingdom, California), you may have additional statutory rights — including the right to object to processing, the right to data portability and the right to lodge a complaint with a supervisory authority. Contact us at the email above and we will help you exercise these rights. ## 12\. Children Under the Age of 13 The Platform is not intended for children under 13 years of age. No one under age 13 may access or provide any information to or on the Platform. We do not knowingly collect Personal Information from children under 13\. If we learn we have collected information from a child under 13 without verification of parental consent, we will delete that information promptly. If you are the parent or guardian of a child under 13 and believe we have inadvertently collected information about your child, please contact us immediately at [admin@crypto-chief.com](mailto:admin@crypto-chief.com). ## 13\. International Transfers The servers used in connection with the operation of the Platform are operated in the European Union, the United States and Singapore, across the data centres of our infrastructure sub-processors (OVH and DigitalOcean). Information you provide to us may be transferred to, processed, maintained and used on systems located outside of your state, province, country or other governmental jurisdiction where privacy laws may differ from those in your jurisdiction. By using the Platform, you consent to such transfer, processing and use. ## 14\. Changes to this Privacy Policy It is our policy to post any changes we make to this Privacy Policy on this page. If we make material changes to how we treat your Personal Information — for example, adding a new sub-processor or using Personal Information for a new purpose — we will notify you by email to the primary email address specified in your account and update the "Last modified" date at the top of this page. Your continued use of the Platform after changes are posted constitutes acceptance of those changes. ## 15\. Contact To ask questions or comment about this Privacy Policy and our privacy practices, contact us at [admin@crypto-chief.com](mailto:admin@crypto-chief.com). If you have any complaints or concerns regarding our compliance with this Privacy Policy, please contact us first. We will investigate and attempt to resolve complaints and disputes regarding use and disclosure of Personal Information in accordance with this Privacy Policy and applicable law.