Privacy Policy

Last updated: March 27, 2026

Signalyx Crypto ("we", "us") is committed to protecting your privacy in compliance with the EU General Data Protection Regulation (GDPR, Regulation 2016/679) and Cyprus Law 125(I)/2018.

1. Data Controller

Signalyx Crypto, registered in Nicosia, Cyprus, EU.
Data Protection Officer: dpo@signalyx.eu

2. Data We Collect

Email address	Account registration, communication, billing
API key hash	Authentication (we never store your raw key)
API usage logs	Rate limiting, abuse prevention, analytics
IP address	Security, rate limiting, fraud prevention
Payment info	Processed by Stripe — we never store card numbers
Telegram chat ID	Delivering alerts (if you link your account)

3. Legal Basis for Processing

Contract performance — providing the API service you subscribed to
Legitimate interest — security, fraud prevention, service improvement
Legal obligation — tax records, anti-fraud compliance
Consent — email reports (opt-in via Telegram bot)

4. Your Rights (GDPR)

Under GDPR, you have the right to:

Access — request a copy of your personal data
Rectification — correct inaccurate data
Erasure — request deletion of your data ("right to be forgotten")
Restriction — limit how we process your data
Portability — receive your data in a machine-readable format
Object — object to processing based on legitimate interest
Withdraw consent — at any time, without affecting prior processing

To exercise any right, contact: dpo@signalyx.eu. We respond within 30 days.

5. Data Retention

Raw API usage logs	7 days, then deleted
Aggregated usage stats	12 months
Account data (email)	Until account deletion + 30 days
Payment history	5 years (tax law requirement)
IP addresses	30 days
Telegram chat ID	Until you unsubscribe or delete account

6. Data Sharing

We do NOT sell your data. We share data only with:

Stripe — payment processing (PCI DSS compliant)
Google — OAuth authentication (if you sign in with Google)
GitHub — OAuth authentication (if you sign in with GitHub)
Law enforcement — only when legally required

7. Security

HTTPS (TLS 1.2+) for all connections
API keys hashed with SHA-256 + salt (never stored in plaintext)
Passwords hashed with bcrypt
Rate limiting and DDoS protection
Database encrypted at rest
Access restricted to authorized personnel only

8. Cookies

We use minimal session cookies for authentication. We do not use tracking cookies, advertising cookies, or third-party analytics cookies. No cookie consent banner is required as our cookies are strictly necessary for the service.

9. International Transfers

Your data is stored on servers in the EU (Germany). Payment data is processed by Stripe (US, EU-US Data Privacy Framework certified). Google and GitHub OAuth data transfers are covered by Standard Contractual Clauses.

10. Children

The Service is not intended for individuals under 18 years of age. We do not knowingly collect data from minors.

11. Supervisory Authority

If you believe your data rights have been violated, you may file a complaint with:
Office of the Commissioner for Personal Data Protection, Cyprus
www.dataprotection.gov.cy

12. Changes

We may update this policy. Material changes will be notified via email to registered users. Continued use after changes constitutes acceptance.

13. Contact

Data Protection Officer: dpo@signalyx.eu
General: support@signalyx.eu