Legal
Privacy Policy
Last updated: 16 July 2026
1. What we collect
Account data - name, email address, a securely hashed password (we never store your password in plain text), and optional profile information you add (avatar, bio, location, social links). If you sign in with Google, GitHub, or X/Twitter, we receive your basic profile info (name, email, avatar) from that provider.
Content you create - research comments and likes, community chat messages, direct messages, trading journal entries (trades, notes, challenges), and any files you upload (avatar/cover photos).
Usage & technical data - pages you visit, timestamps, and your IP address (used briefly for abuse-prevention rate limiting, not stored long-term as a standalone profile).
2. How we use it
- To operate the Service - create your account, save your content, show you your data.
- To send you account-related email (e.g. a one-time verification code at signup, password resets).
- To protect the Service from abuse, spam, and unauthorized access (rate limiting).
- To personalize your experience (e.g. your saved research, your own journal, your XP/achievements).
- To respond to support requests you send us.
We do not sell your personal data to anyone, ever.
3. Cookies
We use a session cookie to keep you signed in. We do not currently use third-party advertising or cross-site tracking cookies.
4. Third-party service providers
To run the Service, we use the following third-party providers, each of which processes data only as needed to provide their specific function - we don't share more data with them than necessary:
- Supabase - hosts our database, file storage (avatar/cover uploads), and real-time features (live chat, live updates).
- Vercel - hosts and serves the website itself.
- Upstash - rate limiting (briefly processes your IP address to prevent abuse).
- Resend - sends transactional emails (signup verification codes, password resets).
- Sentry - error monitoring, to help us catch and fix bugs (may capture technical error context, not your account password or private messages).
- Groq / Google Gemini - power the XYZ AI assistant. If you use the assistant, your message is sent to whichever provider is answering that request.
- Google / GitHub / X (Twitter) - only if you choose to sign in using one of these, for authentication purposes.
Market data providers (CoinGecko, Binance, DefiLlama) are used to show live prices and do not receive any of your personal data - those calls don't include any information about you.
5. Public vs. private content - please read this section
This matters specifically for the Trading Journal: trades you log are private by default and visible only to you. You can optionally mark an individual trade “Public” (shown with its symbol and direction) or “Anonymous” (shown without the symbol) - only trades you've explicitly marked this way ever appear on your public profile's Journal Activity feed, and dollar amounts are never shown publicly, even for public trades.
Separately: your public profile page, community chat messages, and research comments are inherently public by nature - anyone can see them, including people who aren't signed in. Direct messages and private journal entries are never public.
6. Data retention & deletion
We keep your data for as long as your account is active. You can delete your account from Settings, or by contacting us at shorttechinfo@gmail.com; we will delete or anonymize your personal data within a reasonable time, except where we're legally required to retain certain records for longer.
7. Your rights
Depending on your location, you may have rights to access, correct, or delete your personal data, and to know what data we hold about you. Most of this you can already do yourself in Settings; for anything else, email shorttechinfo@gmail.com.
8. Children's privacy
The Service is not directed at anyone under 18, and we don't knowingly collect data from children.
9. Security
We use industry-standard practices - encrypted connections (HTTPS), securely hashed passwords, and rate limiting on sensitive actions. No system is 100% secure, and we can't guarantee absolute security, but we take reasonable steps to protect your data.
10. International data transfers
Some of the providers listed in Section 4 may process or store data outside India, depending on their hosting regions. We choose providers with strong security and privacy practices.
11. Changes to this policy
We may update this policy from time to time. Material changes will be reflected by updating the “Last updated” date at the top of this page.
12. Grievance Officer & contact
In accordance with the Information Technology Act, 2000 and the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, questions or complaints about this policy or your data can be sent to:
Grievance contact: shorttechinfo@gmail.com
A named Grievance Officer will be published here once XYZ Crypto is formally registered as a company. See also our Terms of Service and Contact page.