Privacy Policy

PRIVACY AND DATA POLICY

Last Updated: April 1, 2026

Effective Date: April 1, 2026 — Last Updated: April 1, 2026. This Privacy Policy describes how Cripton AI ("we", "us", "our"), operated under the domain cripton.ai, collects, uses, stores, shares, and protects your personal information when you use the Cripton AI website, mobile application, and related services (collectively, the "Service"). By using our Service, you agree to the practices described in this policy.

21. INFORMATION WE COLLECT

We collect the following categories of data to provide, maintain, and improve our Service:

Account Information: Email address, full name, and hashed password (via Supabase Auth).

Financial & Trading Data: Exchange API keys (encrypted with AES-256), portfolio values, trade signals, position history, profit/loss records, and wallet addresses you optionally provide.

Device & Technical Data: Device type, operating system, app version, device model name, IP address (hashed for analytics, never stored in raw form), browser user-agent, and unique device identifiers.

Push Notification Tokens: Expo push notification tokens for delivering real-time trading alerts to your mobile device.

Usage & Analytics Data: Pages visited, features used, session duration, click interactions, signal views, and in-app navigation patterns.

Affiliate & Referral Data: Referral codes, click tracking (via cookies with a 30-day expiration), campaign identifiers, and conversion events for participants in our affiliate program.

Location Data: Approximate location derived from IP address only. We do NOT collect precise GPS location.

Communications: Support emails and any messages you send to support@cripton.ai.

32. HOW WE COLLECT INFORMATION

We collect data through the following methods:

Directly from you: When you create an account, configure settings, connect exchange APIs, or contact support.

Automatically: Through analytics tools, server logs, cookies, and mobile device SDKs when you use the Service.

From third parties: Authentication providers (Supabase Auth), push notification services (Expo), and payment processors.

43. HOW WE USE YOUR INFORMATION

We use collected data strictly for the following purposes:

• Providing core Service functionality (dashboard, trading signals, bot management, oracle insights, backtesting).

• Sending push notifications about new trading signals, signal closures, risk alerts, and system updates.

• Account creation, authentication, and session management.

• Generating AI-powered market analysis and Monte Carlo risk simulations.

• Processing affiliate referrals and commission tracking.

• Security monitoring, fraud prevention, and abuse detection.

• Improving Service performance through aggregated, anonymized analytics.

• Communicating Service updates, changes, or critical security notices.

We do NOT use your data for advertising. We do NOT sell your personal or financial data to any third party, ever.

54. HOW WE SHARE INFORMATION

We share your data only with the following categories of third-party service providers, and only to the extent necessary to operate the Service:

Supabase (database and authentication) — Your account data and encrypted API keys are stored in Supabase infrastructure (region: ap-south-1, Mumbai, India).

Expo / React Native (push notifications) — Your device push token is transmitted to Expo's Push Notification API to deliver real-time alerts.

Binance API — If you connect exchange API keys, trade execution data flows through Binance's API. We only transmit the minimum data required for order execution with read-only and trade-only permissions.

Vercel / Railway (hosting) — Our web application and API endpoints are served through these platforms.

Payment Processors — If you subscribe to a paid plan, payment is handled by third-party processors. We never store full credit card numbers on our servers.

We may also disclose information if required by law, regulation, legal process, or governmental request.

65. DATA RETENTION

We retain your data for as long as your account is active or as needed to provide the Service.

• Account and profile data: retained until you request deletion.

• Trading signals and position history: retained for 12 months after creation for backtesting and audit purposes, then automatically purged.

• Push notification logs: retained for 90 days, then automatically deleted.

• Affiliate click tracking data: retained for 90 days.

• Server logs (anonymized): retained for 30 days.

After account deletion, all personal data is permanently removed within 30 days, except where retention is required by applicable law.

76. DATA SECURITY

We implement industry-standard security measures to protect your data:

• API keys are encrypted at rest using AES-256 encryption and in transit using TLS 1.3.

• Passwords are hashed using bcrypt (via Supabase Auth) and never stored in plaintext.

• All data transmission between your device and our servers uses HTTPS/TLS encryption.

• Database access is restricted through Row Level Security (RLS) policies, ensuring users can only access their own data.

• Push notification tokens are stored in an isolated database table with service-level access controls.

• We conduct regular security audits and vulnerability assessments.

No system is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

87. YOUR RIGHTS AND CHOICES

Depending on your jurisdiction, you have the following rights regarding your personal data:

Right to Access: Request a copy of the personal data we hold about you.

Right to Correction: Request correction of inaccurate or incomplete data.

Right to Deletion: Request permanent deletion of your account and all associated data. You can do this by emailing support@cripton.ai or by visiting https://cripton.ai/account/delete (web-based deletion).

Right to Data Portability: Request your data in a structured, machine-readable format.

Right to Opt Out: Disable push notifications at any time through your device settings or the app. Unsubscribe from marketing emails via the link provided in each email.

Right to Withdraw Consent: Withdraw previously given consent at any time by contacting us.

To exercise any of these rights, email support@cripton.ai. We will respond within 30 days.

98. DATA DELETION

In compliance with Google Play and applicable privacy regulations, we provide a clear mechanism for data deletion:

In-App: Navigate to Settings > Account > Delete Account.

Web-Based: Visit https://cripton.ai/account/delete to request deletion without needing the app installed.

Email: Send a deletion request to support@cripton.ai with the subject "Data Deletion Request".

Upon receiving a valid deletion request, we will permanently delete all your personal data, trading history, API keys, device tokens, and affiliate data within 30 days. Some anonymized, aggregated data may be retained for statistical purposes only.

109. PUSH NOTIFICATIONS

Our mobile app uses Expo Push Notifications to deliver real-time alerts:

What we send: New trading signals, signal closure updates, risk alerts, and system maintenance notices.

Token collection: We collect your Expo push token when you install and open the mobile app. This token is stored in our database to deliver notifications to your specific device.

Opt-out: You can disable push notifications at any time through your device's notification settings (Settings > Apps > Cripton AI > Notifications). You may also deactivate your token by logging out of the app.

We do NOT send promotional or marketing push notifications without your explicit opt-in consent.

1110. COOKIES AND TRACKING

Our website uses the following tracking technologies:

Essential Cookies: Required for authentication, session management, and language preferences.

Affiliate Referral Cookies: A cookie named "cripton_ref" with a 30-day expiration is set when you visit our site via an affiliate referral link. This tracks the referral source for commission purposes only.

Analytics: We use anonymized, aggregate analytics to understand usage patterns. We do not use third-party advertising trackers.

You can manage cookie preferences through your browser settings.

1211. CHILDREN'S PRIVACY

Cripton AI is not directed at individuals under the age of 18. We do not knowingly collect personal data from children under 18. If we become aware that a child under 18 has provided us with personal data, we will take steps to delete that information promptly. If you believe a child has provided us data, please contact support@cripton.ai immediately.

1312. FINANCIAL DATA DISCLAIMER

Cripton AI provides AI-powered market analysis, trading signals, and risk simulations. Our Service is NOT a financial advisor, broker, or regulated financial entity. All content is for informational and educational purposes only. Trading cryptocurrencies involves substantial risk of loss. Past performance of AI signals does not guarantee future results. You should consult a qualified financial advisor before making investment decisions.

1413. INTERNATIONAL DATA TRANSFERS

Your data may be processed and stored in servers located outside your country of residence, including India (Supabase ap-south-1 region) and the United States (hosting infrastructure). We ensure appropriate safeguards are in place for cross-border data transfers in accordance with applicable data protection laws.

1514. GDPR RIGHTS (European Economic Area)

If you are located in the EU/EEA, you have additional rights under the General Data Protection Regulation:

• Legal basis for processing: contract performance (providing the Service), legitimate interest (security and improvement), and consent (push notifications, marketing).

• Right to lodge a complaint with your local Data Protection Authority.

• Right to data portability in a machine-readable format.

• Right to restrict processing under certain circumstances.

1615. CCPA RIGHTS (California Residents)

If you are a California resident, under the California Consumer Privacy Act (CCPA):

• You have the right to know what personal information we collect, use, and disclose.

• You have the right to request deletion of your personal information.

• You have the right to opt out of the "sale" of personal information. Note: Cripton AI does NOT sell personal information.

• We will not discriminate against you for exercising your CCPA rights.

1716. THIRD-PARTY SERVICES

Our Service may integrate with third-party platforms, including cryptocurrency exchanges and notification providers, each governed by their own privacy policies. When you connect your exchange account, data is transmitted directly between your device and the exchange. We are not responsible for the privacy practices of third-party services. We recommend reviewing the privacy policy of any third-party service you connect to Cripton AI.

1817. CHANGES TO THIS POLICY

We may update this Privacy Policy from time to time. When we make material changes, we will:

• Update the "Last Updated" date at the top of this policy.

• Notify active users via email to the address associated with their account.

• Display a prominent notice in the app or website.

Your continued use of the Service after changes constitutes acceptance of the updated policy.

1918. CONTACT US

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: support@cripton.ai

Website: https://cripton.ai/contact

Company: Cripton AI

Data Deletion Requests: support@cripton.ai (subject: "Data Deletion Request") or https://cripton.ai/account/delete

We aim to respond to all inquiries within 30 days.

Cripton is a market analysis tool. We are not financial advisors. Alerts do not constitute investment recommendations. Only trade with capital you can afford to lose.