Privacy Policy

1. Who we are

CryptoMox ("we", "us", "our") is the data controller for personal data processed in connection with the Service. Contact: support@cryptomox.ai.

2. Scope

This policy explains how we process personal data under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 when you use the Service.

3. Data we collect

• Account data: basic profile and authentication data provided via Clerk (e.g., name, email), and your membership status.
• Payment data: processed by Stripe. We receive limited billing metadata and subscription status; we do not store full card numbers.
• Usage and log data: interactions with the app (e.g., page views, timeframes, errors) for security and service improvement.
• Analytics: privacy-friendly metrics via Plausible (no cross-site tracking; no advertising identifiers).
• Communications: messages you send to us (e.g., support emails).

4. Purposes and lawful bases

• Provide and operate the Service – contract necessity.
• Billing, fraud prevention, and account management – contract and legitimate interests.
• Security, debugging, and service improvement – legitimate interests.
• Legal compliance (e.g., tax, financial records) – legal obligation.
• Optional communications (e.g., product updates) – consent where required.

5. Cookies and similar technologies

The Service aims to minimise tracking. Plausible analytics typically operates without cookies. Some essential cookies or local storage may be set by authentication (Clerk), payments (Stripe), or session/security features required to run the app.

6. Sharing your data

We use trusted processors to deliver the Service:

• Clerk – authentication and user management
• Stripe – payments and billing

We do not sell your personal data. Access is limited to what is necessary to provide the Service.

7. International transfers

Some processors may transfer data outside the UK/EEA. Where they do, we rely on appropriate safeguards (e.g., UK GDPR standard contractual clauses) or adequacy decisions, as applicable.

8. Data retention

We retain personal data for as long as needed to provide the Service, comply with legal obligations, resolve disputes, and enforce agreements. We aim to delete or anonymise data when it is no longer required.

9. Security

We implement technical and organisational measures appropriate to the risk. However, no online service can guarantee absolute security.

10. Your rights (UK GDPR)

Subject to conditions and exemptions, you have the right to request access, rectification, erasure, restriction, data portability, and to object to processing. You also have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO) at https://ico.org.uk/.

11. Children

The Service is not directed to individuals under 18 and we do not knowingly collect personal data from children.

12. Changes to this policy

We may update this Privacy Policy. If changes are material, we will provide reasonable notice (for example, in-app or by email). Your continued use of the Service after changes take effect signifies acceptance.

13. Contact

CryptoMox, London, UK · support@cryptomox.ai