Legal

Privacy Policy

This policy explains how Cryptocity collects, uses and protects your personal data under the EU General Data Protection Regulation (GDPR).

Last updated: June 6, 2026

1. Data controller

The data controller responsible for your personal data is Cryptocity, based in European Union. Contact: admin@cryptocity.info.

2. What we collect and why

Accounts

When you register we store your email address, display name, optional avatar, optional bio, optional social links, and a hashed password. Legal basis: performance of a contract (GDPR Art. 6(1)(b)).

Comments and posts

If you comment or (as an approved writer) publish a post, the content and your author id are stored. Legal basis: contract.

Gamification (XP, levels and points)

When you take part in Cryptocity's gamification programme, we record activity events tied to your account (such as your first comment on a post, shares of a post, and level-ups) together with your XP total, level, points earned and points spent. We use this strictly to operate the programme, calculate your balance, prevent abuse, and let admins audit suspicious activity. Legal basis: performance of a contract (Art. 6(1)(b)) and our legitimate interest in preventing fraud (Art. 6(1)(f)).

Rewards and FaucetPay payouts

If you redeem a reward, we store the reward name, point cost, the payout information you submit (for example an email, gift-code delivery address, or FaucetPay wallet email), the status of the redemption and any admin note. If you use FaucetPay instant payouts, we additionally send your FaucetPay email, the currency, and the amount to FaucetPay (faucetpay.io) so they can deliver the crypto, and we store their response for accounting and dispute resolution. Legal basis: performance of a contract (Art. 6(1)(b)) and compliance with legal obligations (Art. 6(1)(c)) for record-keeping.

Premium membership and donations

If you purchase premium or donate via a third-party processor (such as PayPal, Stripe, NOWPayments or FaucetPay), the processor handles your payment details. We only receive a transaction identifier, the amount, the currency, the status and (for premium) the membership tier and expiry date. We store this to provision your access and meet our bookkeeping obligations.

Newsletter

If you subscribe, we store your email address and confirmation status. Subscription is double opt-in. Legal basis: consent (Art. 6(1)(a)), which you can withdraw at any time via the unsubscribe link in every email.

Notification preferences

You can opt in or out of in-app notifications (comment replies, broadcasts, weekly digest). Your choices are stored against your account so the site knows what to send you.

Server logs

Our hosting provider records standard request logs (IP address, user agent, timestamp, requested URL) for security, abuse prevention and debugging. Legal basis: legitimate interest (Art. 6(1)(f)) in keeping the site secure.

Advertising

We display ads through Google AdSense and native ad widgets (currently provided by third-party native ad networks) alongside editorial content. These networks use cookies and similar identifiers to serve and measure ads. For EU/EEA/UK visitors, AdSense currently shows either non-personalised ads or its own EU consent message before any personalised processing; native ad networks may rely on the consent signal forwarded from our cookie banner. Legal basis: consent. See the cookie policy for details.

Search Console

We use Google Search Console to monitor how the site performs in search. It receives aggregated, non-personal data about searches that lead to the site.

3. Who we share data with (processors)

  • Supabase — database, authentication and storage (EU region where available).
  • Cloudflare — hosting and edge runtime.
  • Email provider — sending transactional and newsletter emails.
  • Google AdSense and native ad networks — display and native advertising shown on the site.
  • Google Search Console — search performance analytics.
  • FaucetPay — delivery of crypto payouts you request from your points balance.
  • Payment processors — PayPal, Stripe, NOWPayments and similar providers for premium subscriptions and donations.

We don't sell your personal data and we don't share it for unrelated marketing purposes.

4. International transfers

Some processors (notably Google, FaucetPay and the payment providers) may process data outside the EEA. Such transfers rely on the European Commission's Standard Contractual Clauses and any additional safeguards published by the processor. Our primary infrastructure (database, hosting) is configured to use EU regions wherever possible.

5. How long we keep your data

  • Account data — until you delete your account.
  • Newsletter — until you unsubscribe; tombstoned record kept to honour suppression.
  • Comments and posts — until you or we remove them.
  • Gamification events, redemptions and FaucetPay payout records — kept for as long as the account exists, and for up to 6 years after a payout or premium purchase to meet bookkeeping and fraud-investigation obligations.
  • Server logs — up to 30 days, then deleted or anonymised.

6. Your rights

Under the GDPR you have the right to:

  • Access the personal data we hold about you.
  • Have inaccurate data rectified.
  • Have your data erased ("right to be forgotten").
  • Restrict or object to certain processing.
  • Receive your data in a portable format.
  • Withdraw consent at any time, without affecting prior processing.
  • Lodge a complaint with your national data protection supervisory authority.

7. How to exercise your rights

You can download a copy of your data and update most settings yourself in your your account. For deletion, access, or any other request, email admin@cryptocity.info. We respond within 30 days.

8. Automated decision-making

We don't carry out automated decision-making or profiling that produces legal effects on you.

9. Security

We use HTTPS everywhere, secure password hashing, optional two-factor authentication for accounts, and row-level access controls on the database. No system is 100% secure, but we take reasonable measures appropriate to the risk.

10. Children

The site is not directed at children under 16 and we don't knowingly collect their data. If you believe a child has registered, contact us and we'll remove the account.

11. Changes

We'll update this policy as our practices evolve. The "last updated" date at the top reflects the current version. Significant changes will be announced on the site.

Questions? Email admin@cryptocity.info.

Operated by Cryptocity · European Union.

← Back to homepage