Privacy Policy

Last updated: May 16, 2026 · Effective date: May 16, 2026

This Privacy Policy describes how Tactical Crypto (the “Service”, “we”, “us”) collects, uses, and protects information when you use cryptotactics.net.

Tactical Crypto is an independent research and informational platform about systematic crypto investing. It is not a financial advisor, broker, or custodian. We do not hold user funds, execute trades on behalf of users, or operate a custodial account system.

1. Information We Collect

1.1 Information you provide

When you subscribe to notifications, we collect:

Email address — required, used to deliver verification and notification emails.
Telegram chat ID — optional, collected only if you connect a Telegram account via our bot to receive alerts there.
Notification preferences — which categories of alerts you want to receive (regime changes, weekly reports, ranking changes).

1.2 Information collected automatically

Server logs — IP address, browser user-agent, requested URL, and timestamp. Used for security, abuse prevention, and rate limiting. Retained for up to 30 days.
No cookies — the public dashboard does not set tracking cookies. No analytics scripts (Google Analytics, etc.) are loaded.
No browser storage — we do not use localStorage or sessionStorage to persist user data.

1.3 Third-party widgets

The dashboard embeds widgets from CoinGecko and TradingView for displaying market data. These third parties may receive your IP address and user-agent when the widgets load. They operate under their own privacy policies:

2. How We Use Your Information

To deliver the notifications you subscribed to (email and/or Telegram).
To verify the validity of your email address (double opt-in).
To prevent abuse, spam, and security incidents (server logs).

We do not use your information for advertising, profiling, or behavioral targeting. We do not sell, rent, or trade subscriber data with any third party.

3. Where Your Data Is Stored

Database: PostgreSQL hosted on a virtual server located in the European Union (provider: OVH SAS, France).
Encryption at rest: email addresses, Telegram identifiers, and any other contact information are encrypted using Fernet (AES-128-CBC + HMAC-SHA256) before being written to the database. Encryption keys are stored in environment variables on the server and never in source control.
Transport: all traffic between your browser and our servers is encrypted via TLS 1.2 or 1.3.

4. Third-Party Processors

We rely on the following services to operate the notification system:

Mailgun (Sinch Email; United States, with EU sub-processors) — transactional email delivery. They process your email address solely to deliver our messages. Mailgun Privacy Policy.
Telegram Bot API (Telegram FZ-LLC; United Arab Emirates) — delivery of alerts to subscribers who opt in to Telegram notifications. Telegram Privacy Policy.
OVH SAS (France, EU) — server hosting.
Let’s Encrypt — TLS certificates.

No subscriber data is shared with any other third party.

5. Data Retention

Subscription records (email, Telegram, preferences) are retained until you unsubscribe.
Unverified subscriptions older than 30 days are automatically purged.
Server access logs are retained for up to 30 days for security and operational purposes.

6. Your Rights (GDPR / UK GDPR)

If you are located in the European Union, the European Economic Area, the United Kingdom, or Switzerland, you have the following rights regarding your personal data:

Right of access — request a copy of the data we hold about you.
Right to rectification — correct inaccurate data.
Right to erasure (“right to be forgotten”) — request deletion of your data.
Right to restrict processing — ask us to stop processing your data in specific ways.
Right to data portability — receive your data in a machine-readable format.
Right to object — object to processing based on legitimate interests.
Right to withdraw consent — unsubscribe at any time using the link in any notification email, or by emailing us.
Right to lodge a complaint — with your national data protection authority.

Quickest way to exercise these rights: use the unsubscribe link in any notification email to delete your subscription instantly, or email TacticsForCrypto@proton.me with your request. We will respond within 30 days.

7. Legal Basis for Processing

Consent (Art. 6(1)(a) GDPR) — for sending you notifications you explicitly subscribed to. You can withdraw consent at any time.
Legitimate interests (Art. 6(1)(f) GDPR) — for server logs, fraud prevention, and rate limiting. Our interest is in operating a secure service; this is balanced against your privacy.

8. Children

The Service is not directed at children under 16. We do not knowingly collect personal data from children. If you are a parent or guardian and believe your child has provided us with personal data, please contact us and we will delete it.

9. Security

We take reasonable technical and organizational measures to protect your data, including encryption at rest, encryption in transit (TLS), strict access controls on the server, rate limiting on public endpoints, and segregation of secrets in environment variables. No system is perfectly secure; if we become aware of a personal data breach affecting you, we will notify you and the relevant supervisory authority within 72 hours where required by law.

10. Changes to This Policy

We may update this Privacy Policy from time to time. The “Last updated” date at the top of this page indicates when it was last revised. Material changes will be announced to active subscribers via email.

11. Contact

For any privacy-related question or to exercise your rights, contact us at:

Email: TacticsForCrypto@proton.me

12. Disclaimer

Tactical Crypto provides educational and informational content about systematic crypto investing. Nothing on this site constitutes investment advice, a recommendation, or a solicitation to buy or sell any asset. Past performance — whether backtested or live — does not guarantee future results. You are solely responsible for your investment decisions.