PRIVACY POLICY

Last Updated: 11.02.2016

1. Introduction

Crypto Rebalancer is operated by:

Dr. Faiz Muhammad Khan
Emmerstr. 09
31812 Bad Pyrmont
Germany

Email: fm.khan163@gmail.com

We are the data controller responsible for your personal data under the General Data Protection Regulation (GDPR) and applicable German data protection laws (BDSG, TMG, DDG).

This Privacy Policy applies to:

• https://www.crypto-rebalancer.com

• https://app.crypto-rebalancer.com

(together, the “Platform”).

2. What Data We Collect and Why

2.1 Account and Registration Data

When you create an account, we collect:

Email address – Used for account identification, login, and service communication.
Legal basis: Art. 6(1)(b) GDPR (contract performance).

Password (hashed) – Stored securely for authentication. Plaintext passwords are never stored.
Legal basis: Art. 6(1)(b) GDPR.

Name (optional) – Used for personalization.
Legal basis: Art. 6(1)(b) GDPR.

2.2 Exchange API Keys

To provide automated rebalancing services, you may connect exchange accounts using API keys.

We process API keys solely to:

• Fetch portfolio balances

• Execute trades according to your strategy

• Monitor bot performance

Security Measures

• AES-256-GCM encryption at rest

• Decryption only in volatile server memory

• No plaintext logging

• No caching in Redis or similar systems

• TLS-encrypted API communication

Legal basis: Art. 6(1)(b) GDPR.
Retention: Until deleted by you or upon account deletion.

2.3 Bot Performance Data and Anonymized Statistics

We collect aggregated performance metrics such as:

• Total return percentage

• Value gain

• Trade count

• Asset allocation

• Strategy type

Purpose

• Improve algorithms and recommendation systems

• Publish aggregated anonymized statistics

Anonymization

• No names, emails, or IDs included

• Aggregated with large user groups

• Non-traceable to individuals

Legal basis: Art. 6(1)(f) GDPR (legitimate interest).

2.4 Payment Data (Stripe)

Payments are processed via Stripe Payments Europe Ltd. (Ireland).

We do not store card details. Stripe provides only:

• Payment confirmations

• Invoice status

• Last four card digits

Stripe Privacy Policy: https://stripe.com/privacy

Legal basis: Art. 6(1)(b) GDPR.

2.5 Automatically Collected Data

When using the Platform, we collect:

• IP address (security & abuse prevention)

• Browser and OS information

• Pages visited

• Referrer URL

Retention: 7 days.
Legal basis: Art. 6(1)(f) GDPR.

2.6 Google Analytics

Provider: Google Ireland Limited.

• IP anonymization enabled

• Data transfers rely on EU Standard Contractual Clauses

Opt-out:

• https://tools.google.com/dlpage/gaoptout

• Cookie consent settings

Legal basis: Art. 6(1)(a) GDPR (consent).

2.7 Newsletter

If you subscribe:

• Product updates

• Feature announcements

• Educational content

Double opt-in confirmation is used.

You may unsubscribe anytime.

Legal basis: Art. 6(1)(a) GDPR.

Retention: Until unsubscribe.

2.8 Contact Inquiries

If you contact us, we process:

• Name

• Email address

• Message content

Legal basis: Art. 6(1)(b) or (f) GDPR.

Retention: Up to 2 years unless legally required longer.

3. Cookies

We use:

• Session cookies – login functionality (essential)

• CSRF tokens – security (essential)

• Google Analytics cookies – analytics (consent required)

• Consent cookies – store preferences (essential)

Disabling essential cookies may limit Platform functionality.

4. Data Sharing and Third Parties

We share data only where necessary:

Stripe – payment processing
Google Analytics – usage analytics
Hosting Provider (EU) – infrastructure
Email Provider – newsletter delivery

Safeguards include Data Processing Agreements and SCCs.

We never sell personal data.

5. International Data Transfers

Where transfers outside the EEA occur, we rely on:

• EU Standard Contractual Clauses

• GDPR-compliant Data Processing Agreements

You may request details at any time.

6. Data Retention

• Account data – until deletion

• API keys – until removed

• Trading logs – 30 days

• Server logs – 7 days

• Anonymized performance data – indefinitely

• Payment records – 10 years (§147 AO)

• Newsletter data – until unsubscribe

7. Your Rights

You have the right to:

• Access

• Rectification

• Erasure

• Restriction

• Data portability

• Object to processing

• Withdraw consent

• Lodge a complaint

Contact: fm.khan163@gmail.com
Response time: within 30 days.

Supervisory Authority

Die Landesbeauftragte für den Datenschutz Niedersachsen
Prinzenstraße 5, 30159 Hannover, Germany
https://lfd.niedersachsen.de

8. Security

We implement industry-standard protections:

• AES-256 encryption

• TLS 1.3

• Access controls

• Regular security reviews

• Data minimization & pseudonymization

9. Children

Our services are not intended for persons under 18.

10. Changes to This Policy

We may update this Privacy Policy periodically. Material changes will be communicated via email or platform notice.

11. Contact

Data Controller
Dr. Faiz Muhammad Khan
Emmerstr. 09
31812 Bad Pyrmont
Germany

Email: fm.khan163@gmail.com