Privacy Policy

Last updated: March 28, 2026

Signalyx Crypto ("we", "us") is committed to protecting your privacy in compliance with the EU General Data Protection Regulation (GDPR, Regulation 2016/679) and Cyprus Law 125(I)/2018.

1. Data Controller

Signalyx Crypto, registered in Nicosia, Cyprus, EU.
Data Protection Officer: dpo@signalyx.eu

2. Data We Collect

Email address	Account registration, communication, billing
API key hash	Authentication (we never store your raw key)
API usage logs	Rate limiting, abuse prevention, analytics
IP address	Security, rate limiting, fraud prevention
Payment info	Processed by Stripe — we never store card numbers
Telegram chat ID	Delivering alerts (if you link your account)

3. Legal Basis for Processing

Contract performance — providing the API service you subscribed to
Legitimate interest — security, fraud prevention, service improvement
Legal obligation — tax records, anti-fraud compliance
Consent — email reports (opt-in via Telegram bot)

4. Consent

We obtain your consent through active, affirmative action only. We do not use pre-ticked checkboxes or bundled consent forms. When you register or subscribe:

Consent for service use and consent for marketing communications are requested separately
You must actively select each checkbox yourself — no boxes are pre-checked
Each third-party service that receives your data is named individually (see Section 8 below)
You may withdraw consent at any time without affecting the lawfulness of prior processing

5. Your Rights (GDPR)

Under GDPR, you have the right to:

Access — request a copy of your personal data
Rectification — correct inaccurate data
Erasure — request deletion of your data ("right to be forgotten")
Restriction — limit how we process your data
Portability — receive your data in a machine-readable format
Object — object to processing based on legitimate interest
Withdraw consent — at any time, without affecting prior processing

To exercise any right, contact: dpo@signalyx.eu. We respond within 30 days.

6. Unsubscribe & Opt-Out

You may unsubscribe from any communication or data processing at any time:

Email reports — disable via your Account dashboard or the Telegram bot Settings
Telegram alerts — use the /unsubscribe command in the Telegram bot or disable in your Account dashboard
Marketing emails — click the "Unsubscribe" link at the bottom of any marketing email
Account deletion — contact dpo@signalyx.eu to request full account and data deletion

Cancellation is simple and fast. You may opt out partially (e.g., only marketing) or completely without providing additional justification.

7. Data Retention

Raw API usage logs	7 days, then deleted
Aggregated usage stats	12 months
Account data (email)	Until account deletion + 30 days
Payment history	5 years (tax law requirement)
IP addresses	30 days
Telegram chat ID	Until you unsubscribe or delete account

8. Data Sharing & Third-Party Services

We do NOT sell your data. We share data only with the following specifically named third-party services, each of which has been verified for GDPR compliance:

Stripe, Inc.	Payment processing. PCI DSS Level 1 compliant. Processes card numbers directly — we never store, access, or retain your payment card data. Any accidentally collected payment data is purged within 30 days.
Google LLC	OAuth authentication only (if you choose to sign in with Google). Covered by EU-US Data Privacy Framework and Standard Contractual Clauses.
GitHub, Inc.	OAuth authentication only (if you choose to sign in with GitHub). Covered by Standard Contractual Clauses.
Telegram FZ-LLC	Alert delivery to your Telegram chat (only if you voluntarily link your account via the /link command).
Google Analytics	Anonymous, aggregated website usage analytics. No personally identifiable information is transmitted. IP anonymization is enabled.
Law enforcement	Only when legally compelled by a valid court order or legal obligation under Cyprus or EU law.

We have reviewed and verified all agreements with the above third-party providers to confirm their GDPR compliance. No data is shared with unnamed "third parties."

9. Payment Data Handling

We do not retain personal payment data. All payment card information is entered directly on Stripe's secure checkout page and is never transmitted to or stored on our servers. Specifically:

Card numbers, CVV codes, and billing addresses are processed exclusively by Stripe
We only receive a confirmation of payment, your email, and a Stripe customer ID
If any payment-related personal data is accidentally collected, it is permanently deleted within 30 days
Stripe is PCI DSS Level 1 certified — the highest level of payment security compliance

10. Security

HTTPS (TLS 1.2+) for all connections
API keys hashed with SHA-256 + salt (never stored in plaintext)
Passwords hashed with bcrypt
Rate limiting and DDoS protection
Database encrypted at rest
Access restricted to authorized personnel only

11. Cookies

We use minimal session cookies for authentication. We do not use tracking cookies, advertising cookies, or third-party analytics cookies. No cookie consent banner is required as our cookies are strictly necessary for the service.

12. International Transfers

Your data is stored on servers in the EU (Germany). Payment data is processed by Stripe (US, EU-US Data Privacy Framework certified). Google and GitHub OAuth data transfers are covered by Standard Contractual Clauses.

13. Children

The Service is not intended for individuals under 18 years of age. We do not knowingly collect data from minors.

14. Refund Policy

All payments for Signalyx Crypto plans are final and non-refundable. By completing a purchase, you acknowledge and agree that:

All plan purchases are one-time payments for a specified duration (1–12 months)
No refunds, partial or full, will be issued under any circumstances, including but not limited to: dissatisfaction with the service, failure to use the service during the purchased period, or accidental purchase
You may cancel your plan at any time via the Account dashboard, but no refund will be issued for the remaining unused period
This policy is in accordance with EU Directive 2011/83/EU, Article 16(m), which permits exclusion of the right of withdrawal for digital content services once performance has begun with the consumer's prior express consent

15. Supervisory Authority

If you believe your data rights have been violated, you may file a complaint with:
Office of the Commissioner for Personal Data Protection, Cyprus
www.dataprotection.gov.cy

16. Changes

We may update this policy. Material changes will be notified via email to registered users. Continued use after changes constitutes acceptance.

17. Penalties for Non-Compliance

Signalyx Crypto takes GDPR compliance seriously. Violations of GDPR can result in fines of up to €20 million or 4% of annual global turnover, whichever is higher. We maintain strict internal procedures, regular audits, and up-to-date data processing agreements with all third-party providers to ensure ongoing compliance.

18. Contact

Data Protection Officer: dpo@signalyx.eu
General: support@signalyx.eu