Back to home
A
Aphrion

Privacy Policy

Aphrion — Cryptocurrency Market Analysis Service

Last updated: April 9, 2026

1. Introduction

Aphrion (“we,” “us,” or “our”) respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, and share your personal data when you use our cryptocurrency market analysis service available at aphrion.com and through related email communications (collectively, the “Service”).

This Privacy Policy has been drafted in compliance with the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and other applicable data protection laws. By using the Service, you acknowledge that you have read and understood this Privacy Policy.

2. Data Controller

The data controller responsible for your personal data is Aphrion. For any questions or requests regarding the processing of your personal data, you can contact us at: aphrion@aphrion.com

3. Personal Data We Collect

We collect only the personal data that is necessary to provide the Service. The categories of personal data we collect include:

3.1 Account Data

  • Email address: Used for account creation, login, and service-related communications.
  • Password: Stored in encrypted (hashed) form by our authentication provider (Supabase).
  • Language preference: The language (English or Hungarian) you selected for receiving analyses.
  • Subscription plan: Your chosen plan (Explorer, Analyst, or Strategist) and the cryptocurrencies you selected.

3.2 Payment Data

All payment information is processed and stored by Stripe, Inc., our third-party payment processor. We do not collect or store your full credit card number, CVV, or banking details. We only retain the following payment-related identifiers:

  • Stripe customer ID: A unique identifier assigned by Stripe.
  • Stripe subscription ID: A unique identifier for your active subscription.
  • Subscription status: Active, cancelled, past due, or trialing.
  • Billing period dates: Start and end dates of the current billing period.

3.3 Usage Data

  • Login activity: Date and time of logins.
  • Dashboard interactions: Pages visited and features used within the Service.
  • Technical data: IP address, browser type, device type, operating system (collected by our hosting and authentication providers for security purposes).

3.4 Communication Data

  • Email delivery logs: Records of whether analysis emails were successfully delivered to your email address.
  • Email interactions: Opens and clicks (if tracking is enabled by our email provider).
  • Support communications: Messages you send to us via email or contact forms.

4. Legal Basis for Processing

Under the GDPR, we process your personal data on the following legal bases:

  • (a) Performance of a contract (Article 6(1)(b) GDPR): We process your account data, subscription data, and payment data to provide the Service and fulfill our contractual obligations to you.
  • (b) Consent (Article 6(1)(a) GDPR): When required by law, we process data based on your explicit consent, which you can withdraw at any time.
  • (c) Legitimate interests (Article 6(1)(f) GDPR): We process certain data based on our legitimate interests in operating, improving, and securing the Service, preventing fraud, and communicating with users.
  • (d) Legal obligation (Article 6(1)(c) GDPR): We process and retain certain data to comply with legal obligations, including tax, accounting, and regulatory requirements.

5. How We Use Your Personal Data

We use your personal data for the following purposes:

  • Creating and managing your account;
  • Processing subscription payments and managing your subscription;
  • Delivering daily cryptocurrency market analyses via the Service dashboard and email;
  • Sending service-related notifications (billing, security alerts, account updates);
  • Responding to your inquiries and providing customer support;
  • Detecting, preventing, and addressing fraud, security issues, and technical problems;
  • Complying with legal obligations, such as tax and accounting requirements;
  • Improving and maintaining the Service.

6. Data Sharing and Third-Party Processors

We do not sell, rent, or trade your personal data to third parties for marketing purposes. We only share your personal data with the following categories of third parties, and only to the extent necessary to provide the Service:

6.1 Service Providers (Data Processors)

  • Supabase Inc. (authentication and database hosting) — stores account credentials, subscription information, and analysis data. Hosted in the EU (eu-west-1 region).
  • Stripe, Inc. (payment processing) — processes all payment transactions and stores payment method details. Subject to Stripe’s own privacy policy.
  • Vercel Inc. (website hosting) — hosts the Service website and handles web traffic. May process IP addresses for security and performance purposes.
  • Resend (email delivery) — delivers transactional and analysis emails to your email address.

6.2 Legal Requirements

We may disclose your personal data if required to do so by law or in response to valid requests by public authorities (e.g., a court or government agency), or if we believe such action is necessary to comply with legal obligations, protect our rights, or prevent fraud.

7. International Data Transfers

Some of our service providers are located outside the European Economic Area (EEA). When we transfer your personal data to countries outside the EEA, we ensure that appropriate safeguards are in place in accordance with Articles 44–49 of the GDPR, including:

  • European Commission adequacy decisions;
  • Standard Contractual Clauses (SCCs) approved by the European Commission;
  • Other appropriate safeguards as required by applicable law.

Stripe and Vercel are U.S.-based service providers; data transfers to these processors are governed by Standard Contractual Clauses and, where applicable, the EU–U.S. Data Privacy Framework.

8. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law. The specific retention periods are as follows:

  • Account data: Retained for the duration of your active subscription and for up to 30 days after account deletion, after which it is permanently deleted.
  • Payment and billing data: Retained for up to 8 years to comply with applicable tax and accounting laws.
  • Usage and communication data: Retained for up to 12 months for security and troubleshooting purposes.
  • Email delivery logs: Retained for up to 6 months.

After the applicable retention period, your personal data will be permanently deleted or anonymized.

9. Your Rights Under GDPR

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have the following rights regarding your personal data under the GDPR:

  • (a) Right of access (Article 15): You can request a copy of the personal data we hold about you.
  • (b) Right to rectification (Article 16): You can request that we correct any inaccurate or incomplete personal data.
  • (c) Right to erasure (Article 17): You can request that we delete your personal data under certain circumstances (the “right to be forgotten”).
  • (d) Right to restriction of processing (Article 18): You can request that we restrict the processing of your personal data in certain situations.
  • (e) Right to data portability (Article 20): You can request that we provide your personal data in a structured, commonly used, machine-readable format, or transmit it directly to another data controller.
  • (f) Right to object (Article 21): You can object to the processing of your personal data based on our legitimate interests.
  • (g) Right to withdraw consent (Article 7): Where we process your data based on consent, you can withdraw your consent at any time.
  • (h) Right to lodge a complaint (Article 77): You have the right to lodge a complaint with a supervisory authority, in particular in the EU member state of your habitual residence, place of work, or place of the alleged infringement.

To exercise any of these rights, please contact us at aphrion@aphrion.com. We will respond to your request within 30 days, as required by the GDPR.

10. Data Security

We implement appropriate technical and organizational security measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

  • Encryption of data in transit using HTTPS/TLS;
  • Secure storage of passwords using industry-standard hashing algorithms;
  • Row-Level Security (RLS) on our database to restrict data access;
  • Regular security updates and vulnerability monitoring;
  • Access controls limiting who can access personal data within our organization;
  • Contracts with third-party processors requiring appropriate data protection measures.

However, no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to protect your personal data, we cannot guarantee its absolute security. You are responsible for maintaining the confidentiality of your account credentials.

11. Cookies and Tracking Technologies

The Service uses cookies and similar technologies to provide and improve the Service. We use the following categories of cookies:

  • Strictly necessary cookies: Required for the basic functioning of the Service, including authentication and session management. These cannot be disabled.
  • Functional cookies: Remember your preferences (such as language selection) to provide a personalized experience.
  • Analytics cookies: Help us understand how users interact with the Service so we can improve it. These are only used with your consent where required by law.

You can control or delete cookies through your browser settings. However, disabling strictly necessary cookies may prevent the Service from functioning properly.

12. Children’s Privacy

The Service is not intended for use by individuals under the age of 18 (or the age of legal majority in your jurisdiction). We do not knowingly collect personal data from children. If you believe that we have inadvertently collected personal data from a child, please contact us immediately at aphrion@aphrion.com and we will take steps to delete such data.

13. Automated Decision-Making and Profiling

We do not use your personal data for automated decision-making or profiling that produces legal or similarly significant effects on you. The cryptocurrency analyses provided through the Service are general market commentary and are not personalized based on automated processing of your personal data.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, the Service, or legal requirements. When we make significant changes, we will notify you by email or through a prominent notice on the Service. The “Last updated” date at the top of this Privacy Policy indicates when it was last revised.

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your personal data. Your continued use of the Service after any changes to this Privacy Policy constitutes your acceptance of the updated policy.

15. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data processing practices, please contact us at:

Email: aphrion@aphrion.com

Website: https://aphrion.com

You also have the right to lodge a complaint with your local data protection supervisory authority if you believe that we have not handled your personal data in accordance with applicable data protection laws.

Acknowledgment

BY USING THE SERVICE, YOU ACKNOWLEDGE THAT YOU HAVE READ, UNDERSTOOD, AND AGREE TO THE COLLECTION, USE, AND PROCESSING OF YOUR PERSONAL DATA AS DESCRIBED IN THIS PRIVACY POLICY.

If you do not agree with this Privacy Policy, please do not use the Service.

Terms of ServicePrivacy PolicyLegal Disclaimer