Privacy Policy

Last updated: April 12, 2026

1. Data We Collect

We collect only the minimum data needed to operate the Service:

• Account data: email, username, hashed password.
• Subscription data: payment status, plan, expiration date (no card or wallet details are stored by us — our payment processor handles payments).
• Optional: Telegram chat ID (only if you link your Telegram account).
• Usage data: signals you view or react to (used to personalize your experience).
• Technical data: IP address, browser type, and basic analytics (Google Analytics).

2. How We Use Your Data

• To provide the Service (authentication, delivering signals, payments).
• To send transactional emails (verification, password reset, subscription reminders).
• To improve the Service through aggregate analytics.
• To comply with legal obligations.

3. What We Don't Do

• We do not sell your personal data.
• We do not send marketing emails without your consent.
• We do not store payment card or cryptocurrency wallet information.

4. Third Parties

We share data only with service providers strictly necessary to run the Service:

• NOWPayments — cryptocurrency payment processing.
• CoinGecko — market data (no user data shared).
• Telegram — signal delivery to users who opt in.
• Google Analytics — anonymized traffic analytics.
• SMTP provider — transactional email delivery.

5. Data Retention

Account data is retained for as long as your account is active. After account deletion, we retain data only as required by law (e.g., tax/financial records). Market data older than 30 days is automatically purged.

6. Your Rights

You may at any time:

• Access the data we hold about you (dashboard).
• Update your profile or change your password.
• Request account deletion (contact support).
• Opt out of non-essential emails.

If you are in the EU/EEA, you have additional rights under GDPR: data portability, right to object, and the right to lodge a complaint with your local data protection authority.

7. Security

Passwords are hashed with bcrypt. Sessions use signed JWTs. All traffic is encrypted via HTTPS. We follow industry standards but no system is 100% secure — keep your password safe.

8. Cookies

We use a single essential localStorage token for authentication. Google Analytics may use cookies for traffic measurement. You can disable analytics in your browser settings.

9. Children

BlastSignals is not intended for users under 18. We do not knowingly collect data from minors.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be announced on the site or via email.

11. Contact

For privacy questions, email privacy@blastsignals.com.