Privacy Policy
Last updated: May 31, 2026
We try to collect the smallest amount of data that lets the service work, store it securely, and let you remove it whenever you want. This page explains exactly what we hold on you, why, who else sees it, and how to get it back or deleted.
1. Who we are
"CryptoVol" is the operator of www.cryptovol.io and the underlying API and chat assistant. For any privacy-related question, email support@cryptovol.io.
2. What we collect
| Data | Why we have it | Where it lives |
|---|---|---|
| Email address | Sign-in identity, receipts, account-event emails (welcome, deletion confirmation, billing). | Clerk + our database + Stripe + Resend |
| Name (only if you give it to us — Stripe collects it for KYC during paid checkout) | Billing records, tax compliance. | Stripe |
| Payment details (card number, billing address) | Charging your subscription. We never see or store card numbers ourselves — Stripe handles this. | Stripe only |
| API key | Authenticates your API requests. Generated server-side; you can rotate it any time on /account. | Our database |
| Subscription tier & usage counters | Enforce rate limits, show usage on /account. | Our database |
| Quanta chat history | So you can re-open prior conversations and we can show the right context to the assistant. | Our database + your browser's localStorage |
| Site analytics (page views, referrer, anonymized IP) | Understand which pages people find useful. | Google Analytics |
| Server access logs (IP, request path, timestamp) | Debugging, abuse detection, security. Retained ~30 days. | Google Cloud Logging |
We do not collect: location data beyond IP, contact lists, photos, voice, biometric data, browsing history outside our domain, or anything from third-party ad networks (we don't run ads).
3. How we use it
- Provide the service. Authenticate you, enforce rate limits, serve API responses, run Quanta.
- Billing. Process subscriptions, issue receipts, handle refunds.
- Transactional email. Welcome email, deletion confirmation, plan-change notices, billing failures.
- Improve the product. Anonymous usage analytics, debugging logs.
- Security. Detect abuse, brute-force attempts, billing fraud.
We do not sell your data, share it with advertisers, or use it to train machine-learning models for anyone else.
4. Who else processes your data
We use a small set of vendors. Each is a reputable processor with their own privacy/security commitments:
| Vendor | Purpose | Data shared |
|---|---|---|
| Clerk (clerk.com) | Authentication, password reset, session management | Email, sign-in events |
| Stripe (stripe.com) | Payment processing, customer portal, KYC | Email, name, billing address, card (never seen by us) |
| Resend (resend.com) | Transactional email delivery | Email address + message content |
| Google Cloud Platform | Hosting (Cloud Run, Cloud SQL, Secret Manager) | All operational data; encrypted at rest |
| Vercel | Hosting the marketing site (this page) | HTTP request logs |
| Anthropic (anthropic.com) | Powers the Quanta chat assistant | Chat messages you send to Quanta |
| Google Analytics | Site usage analytics | Anonymized IP, page views, referrer |
5. Cookies
We use cookies and similar storage for three things:
- Authentication session (Clerk) — keeps you signed in. Required.
- Quanta conversation cache (your browser's localStorage) — so closing and reopening the chat doesn't lose context. Stored locally; not sent to us beyond your normal API calls.
- Google Analytics — anonymized usage metrics. We do not use these cookies to retarget you elsewhere.
6. Your rights
Regardless of where you live, you can:
- Access your data. Email support@cryptovol.io and we'll send you a copy of what we hold within 30 days.
- Correct it. Your email is editable in Clerk; reach out for anything else.
- Delete everything. Click Delete account on /account — your user row, API key, Quanta history, and Clerk identity are erased immediately. Stripe billing records are anonymized but kept for tax/accounting (typically 7 years).
- Export your chat history. Available from /chat or by emailing us.
- Object to processing. Email us and we'll discuss.
EU/UK residents have additional rights under GDPR (lodge a complaint with your supervisory authority). California residents have additional rights under CCPA (right to know / delete / non-discrimination). Both are exercised by the same email above.
7. How long we keep things
| Data | Kept for |
|---|---|
| Active account (user row, API key, chat history) | Until you delete the account |
| Server access logs | ~30 days |
| Stripe billing records (anonymized after deletion) | ~7 years (tax/accounting compliance) |
| Analytics (Google Analytics) | 14 months, then auto-deleted |
| Transactional email logs (Resend) | ~30 days |
8. Security
All data is encrypted in transit (TLS 1.2+) and at rest. API keys are stored hashed where possible; secrets (Stripe key, Clerk key, etc.) are in Google Secret Manager with access audit logs. Two-factor authentication is enforced on the founder's Stripe account. We have no employees, contractors, or interns; only the founder has access to production data.
Despite best efforts, no online service is 100% breach-proof. If we ever detect a breach affecting your account, we'll notify you by email within 72 hours of discovery.
9. International transfers
Our infrastructure is in US-Central1 (Iowa). If you access from outside the US, your data will be transferred there. Our processors (Clerk, Stripe, Resend, Anthropic) have global infrastructure and may process data in additional regions; each maintains Standard Contractual Clauses or equivalent safeguards.
10. Children's privacy
The service is intended for adult professional users (quants, traders, researchers). We do not knowingly collect data from anyone under 18. If you believe we hold data on a minor, please contact us and we'll delete it.
11. Changes to this policy
We may update this policy from time to time. Material changes will be announced via email to the address on your account at least 14 days before they take effect.
12. Contact
Privacy questions, data requests, or breach concerns: support@cryptovol.io.
Written to be honest and complete, not maximally lawyer-proof. If you need a Data Processing Agreement (DPA) for vendor due diligence, email us — we can sign yours or provide ours.