Legal

Privacy Policy

Last updated: June 13, 2026. We respect your privacy and are committed to protecting your personal data.

This Privacy Policy explains how CryptoOutsiders ("we," "us," or "our") collects, uses, stores, and protects your personal information when you use our platform. We believe in transparency — so we've written this to be readable, not just legally defensible.

1. Information We Collect

Account Information: When you register, we collect your email address and a hashed version of your password. We do not store plaintext passwords.

Transaction Data: We record the details of transactions you initiate — including cryptocurrency type, amounts, wallet addresses, and timestamps — to maintain your account balance and transaction history.

Payment Information: Card numbers entered during purchases are processed in real-time only and are not stored on our servers. We do not retain CVV codes or full card numbers at rest.

Technical Data: We collect standard server logs including IP address, browser type, referring page, and access timestamps for security, debugging, and performance monitoring purposes.

Communications: If you contact our support team, we retain the contents of that communication to provide support and improve our service.

2. How We Use Your Information

  • To create and maintain your account
  • To process transactions and credit your balance
  • To send transactional emails (confirmations, password resets, security alerts)
  • To detect and prevent fraud, abuse, and unauthorized access
  • To comply with legal obligations
  • To improve the Platform's functionality and user experience
  • To respond to support requests

We do not use your data for advertising or sell it to third-party marketers. We do not build behavioral profiles for sale.

3. Information Sharing

We do not sell, rent, or trade your personal information. We may share data only in the following circumstances:

  • Service Providers: We use NowPayments for blockchain deposit processing and CoinGecko for live market data. These providers receive only the data necessary to perform their function.
  • Legal Requirements: We may disclose information if required by law, court order, or to protect our legal rights or the safety of users.
  • Business Transfer: In the event of a merger, acquisition, or sale of assets, your data may be transferred. We would notify you before any such transfer.

4. Data Security

We implement multiple layers of security to protect your data:

  • 256-bit SSL/TLS encryption for all data in transit
  • Bcrypt password hashing (work factor 12)
  • PDO prepared statements to prevent SQL injection
  • CSRF token validation on all state-changing requests
  • Server-side session management with automatic expiry
  • Input sanitization to prevent XSS attacks

Despite these measures, no system is perfectly secure. We encourage you to use a strong, unique password and report any suspected security incidents immediately.

5. Cookies

We use session cookies to maintain your login state across pages. These are essential for the Platform to function and are not used for tracking or advertising. We also store a theme preference (dark/light mode) in localStorage on your device.

We do not use third-party tracking cookies, advertising pixels, or cross-site tracking technologies.

6. Data Retention

We retain your account data for as long as your account is active. Transaction records are retained for a minimum of 7 years to comply with financial record-keeping requirements. You may request deletion of your account and associated personal data at any time (see Section 7).

Certain data may be retained longer if required by law or for legitimate dispute resolution purposes.

7. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access: Request a copy of the personal data we hold about you
  • Correction: Request correction of inaccurate data
  • Deletion: Request deletion of your personal data ("right to be forgotten")
  • Portability: Request your data in a structured, machine-readable format
  • Objection: Object to certain types of processing

To exercise any of these rights, contact us at privacy@cryptooutsiders.com. We will respond within 30 days.

8. Children's Privacy

The Platform is not directed at individuals under 18 years of age. We do not knowingly collect personal information from minors. If you believe a minor has provided us with personal information, please contact us immediately so we can delete it.

9. Changes to This Policy

We may update this Privacy Policy periodically. When we do, we will update the "Last updated" date at the top of this page. For material changes, we will notify you via email or a prominent notice on the Platform before the change takes effect.

10. Contact Us

For privacy-related questions, requests, or concerns, contact our Data Protection team at privacy@cryptooutsiders.com.

For general support, visit our Contact page.