1. Data controller
The data controller responsible for your personal data is Casper, based in European Union. Contact: admin@cryptocity.info.
2. What we collect and why
Accounts
When you register we store your email address, display name, optional avatar, optional bio, optional social links, and a hashed password. Legal basis: performance of a contract (GDPR Art. 6(1)(b)).
Comments and posts
If you comment or (as an approved writer) publish a post, the content and your author id are stored. Legal basis: contract.
Newsletter
If you subscribe, we store your email address and confirmation status. Subscription is double opt-in. Legal basis: consent (Art. 6(1)(a)), which you can withdraw at any time via the unsubscribe link in every email.
Server logs
Our hosting provider records standard request logs (IP address, user agent, timestamp, requested URL) for security, abuse prevention and debugging. Legal basis: legitimate interest (Art. 6(1)(f)) in keeping the site secure.
Advertising
We display ads through Google AdSense. AdSense uses cookies and similar identifiers to serve and measure ads. For EU/EEA/UK visitors, AdSense currently shows either non-personalised ads or its own EU consent message before any personalised processing. Legal basis: consent (collected by Google's consent message). See the cookie policy for details.
Search Console
We use Google Search Console to monitor how the site performs in search. It receives aggregated, non-personal data about searches that lead to the site.
3. Who we share data with (processors)
- Supabase — database, authentication and storage (EU region where available).
- Cloudflare / Lovable — hosting and edge runtime.
- Email provider — sending transactional and newsletter emails.
- Google AdSense and Google Search Console — advertising and search analytics.
We don't sell your personal data and we don't share it for unrelated marketing purposes.
4. International transfers
Google services may process data outside the EEA. Such transfers rely on the European Commission's Standard Contractual Clauses and any additional safeguards Google publishes. Our primary infrastructure (database, hosting) is configured to use EU regions wherever possible.
5. How long we keep your data
- Account data — until you delete your account.
- Newsletter — until you unsubscribe; tombstoned record kept to honour suppression.
- Comments and posts — until you or we remove them.
- Server logs — up to 30 days, then deleted or anonymised.
6. Your rights
Under the GDPR you have the right to:
- Access the personal data we hold about you.
- Have inaccurate data rectified.
- Have your data erased ("right to be forgotten").
- Restrict or object to certain processing.
- Receive your data in a portable format.
- Withdraw consent at any time, without affecting prior processing.
- Lodge a complaint with your national data protection supervisory authority.
7. How to exercise your rights
You can download a copy of your data and update most settings yourself in your account settings. For deletion, access, or any other request, email admin@cryptocity.info. We respond within 30 days.
8. Automated decision-making
We don't carry out automated decision-making or profiling that produces legal effects on you.
9. Security
We use HTTPS everywhere, secure password hashing, optional two-factor authentication for accounts, and row-level access controls on the database. No system is 100% secure, but we take reasonable measures appropriate to the risk.
10. Children
The site is not directed at children under 16 and we don't knowingly collect their data. If you believe a child has registered, contact us and we'll remove the account.
11. Changes
We'll update this policy as our practices evolve. The "last updated" date at the top reflects the current version. Significant changes will be announced on the site.