Legal
Privacy Policy
Last updated: 12 April 2026
1. Introduction
PyreFi (“we”, “us”, “our”) is committed to protecting your personal data and your rights under applicable data protection law, including the General Data Protection Regulation (GDPR), the UK GDPR, the California Consumer Privacy Act (CCPA) and other applicable privacy laws.
This Privacy Policy explains what personal data we collect, why we collect it, how we use it and the rights you have over it. If you have questions, contact us at privacy@pyrefi.com.
2. Data We Collect
2.1 Information you provide
- —Account registration: email address, name, password (hashed, never stored in plain text).
- —Profile preferences: investment interests, risk profile, newsletter cadence.
- —Subscription and billing: payment details processed by our payment provider; we do not store raw card numbers.
- —Communications: messages you send us via the contact form, email or support channels.
- —Token submissions: project name, website, social links and other submitted metadata.
2.2 Information collected automatically
- —Usage data: pages visited, features used, time spent, click events.
- —Device and browser: IP address (hashed for storage), browser type, operating system, screen resolution.
- —Newsletter engagement: open events (pixel-based), link clicks.
- —Cookies and local storage: see our Cookie Policy for full details.
2.3 Information from third parties
- —OAuth providers (Google): email address and public profile if you sign in with Google.
- —Payment processors: transaction status and billing address from Stripe.
- —Public blockchain data: wallet addresses that you voluntarily connect.
3. How We Use Your Data
| Purpose | Legal Basis |
|---|---|
| Providing the Service and managing your account | Contract performance |
| Personalizing the newsletter and AI metrics feed | Contract performance / Consent |
| Processing subscriptions and billing | Contract performance |
| Sending service emails (account updates, alerts) | Contract performance |
| Sending marketing and product updates | Consent (opt-in) |
| Security monitoring and fraud prevention | Legitimate interest |
| Analytics to improve the platform | Legitimate interest |
| Legal compliance and responding to lawful requests | Legal obligation |
4. Data Sharing
We do not sell your personal data. We share data only with:
- —Service providers: hosting (Vercel, Railway), database (Neon/Supabase), email delivery (Resend/SendGrid), payment processing (Stripe), analytics. All bound by data processing agreements.
- —Telegram: if you link your Telegram account for signal delivery, your chat ID is processed.
- —Legal and regulatory: where required by law, court order or to protect the rights of PyreFi or others.
- —Business transfers: in the event of a merger, acquisition or asset sale, your data may be transferred. We will provide notice before your data becomes subject to a different privacy policy.
5. International Transfers
Your data may be processed in countries outside your country of residence, including the United States. Where data is transferred from the EEA or UK to a third country, we rely on appropriate safeguards such as Standard Contractual Clauses (SCCs) approved by the European Commission.
6. Data Retention
We retain your personal data for as long as your account is active or as needed to provide the Service. If you close your account, we will delete or anonymize your data within 90 days, except where retention is required by law or for legitimate business purposes (e.g., billing records for up to 7 years). Newsletter engagement data is retained for up to 2 years.
7. Your Rights
Depending on your jurisdiction, you may have the following rights:
- ✓Access: request a copy of the personal data we hold about you.
- ✓Rectification: request correction of inaccurate or incomplete data.
- ✓Erasure: request deletion of your personal data ('right to be forgotten').
- ✓Restriction: request that we limit processing of your data.
- ✓Portability: receive your data in a machine-readable format.
- ✓Objection: object to processing based on legitimate interests or for direct marketing.
- ✓Withdraw consent: where processing is based on consent, withdraw it at any time without affecting prior lawful processing.
- ✓California residents (CCPA): right to know, delete, opt-out of sale (we do not sell data) and non-discrimination.
To exercise any right, contact privacy@pyrefi.com. We will respond within 30 days. You also have the right to lodge a complaint with your local data protection authority.
8. Security
We implement appropriate technical and organisational measures to protect your personal data against unauthorized access, alteration, disclosure or destruction. These include TLS encryption in transit, AES-256 encryption at rest for sensitive fields (exchange API keys), hashed passwords (bcrypt), hashed IP addresses, and role-based access controls. No system is perfectly secure; we cannot guarantee absolute security.
9. Children
The Service is not directed at children under 18. We do not knowingly collect personal data from anyone under 18. If we become aware that we have collected data from a minor, we will delete it promptly.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes via email or a prominent notice on the platform at least 14 days before changes take effect. The “Last updated” date at the top of this policy indicates when it was last revised.
11. Contact
Privacy questions or requests: privacy@pyrefi.com
General contact: hello@pyrefi.com