Privacy Policy

CoinCircle is a peer-to-peer cryptocurrency trader marketplace. We are the data controller for personal data collected through the Platform. Our contact for privacy matters is support@coincircle.app.

Account data: Name, email address, password (hashed), city, and region when you register.

Profile data: Information you provide in your merchant profile including display name, bio, contact details (phone, email, social handles), and trading preferences. Contact details are only revealed to paid members.

KYC documents: Identity proof and address proof documents (Aadhaar, PAN, Passport, Voter ID, Driving License, Utility Bills) submitted voluntarily for identity verification. These are stored securely and reviewed manually by CoinCircle staff.

Payment data: For UPI payments — your UPI transaction reference (UTR) number. For cryptocurrency payments — your blockchain transaction hash. We do not store card numbers or full UPI credentials.

Usage data: Pages visited, listings viewed, actions taken on the Platform, device type, browser, and IP address, collected automatically for security and platform improvement purposes.

Communications: Messages sent through the Platform's deal-room and support system.

Phone number: If you choose to verify your phone number, we store your phone number and verification status.

We use your personal data to:

• Create and manage your account and membership.
• Display your merchant profile and listings to other users (subject to membership gating).
• Process membership payments and maintain billing records.
• Verify your identity through our KYC process.
• Send transactional emails including account notifications, payment confirmations, membership renewal reminders, and support responses.
• Operate the deal-room messaging system between traders.
• Investigate disputes, reports, and potential violations of our Terms of Service.
• Maintain the security, integrity, and performance of the Platform.
• Comply with applicable legal obligations.

We do not use your data for advertising, sell your data to third parties, or use it for any purpose not described in this Policy without your consent.

We process your personal data on the following legal bases:

• Contract: Processing necessary to provide the Platform and fulfil our obligations to you as a user or member.
• Consent: For KYC document collection and phone verification, which you provide voluntarily.
• Legitimate interests: For security monitoring, fraud prevention, and platform improvement.
• Legal obligation: Where we are required to process data to comply with applicable law.

Merchant contact details (phone number, email address, social handles) entered in your merchant profile are:

• Hidden from anonymous visitors — not visible or transmitted to non-logged-in users.
• Masked for free members — partially redacted and not usable for direct contact.
• Revealed only to paid members — full contact details are transmitted to users with an active paid membership.

By adding contact details to your merchant profile, you consent to them being displayed to paid members of the Platform.

We do not sell your personal data. We share your data only in the following limited circumstances:

• Service providers: We use third-party services to operate the Platform including Vercel (hosting), Neon (database), Resend (email), and 2Factor (OTP). These providers process data only on our behalf and are bound by data processing agreements.
• Payment providers: When you make a payment, necessary transaction data is shared with the relevant payment processor (e.g. 2Factor for OTP, blockchain network for crypto payments).
• Legal requirements: We may disclose your data if required by law, court order, or government authority, or to protect the rights, property, or safety of CoinCircle, our users, or the public.
• Business transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction, subject to equivalent privacy protections.

Identity and address proof documents uploaded for KYC verification are:

• Stored encrypted in our database.
• Accessible only to authorised CoinCircle staff for the purpose of verification.
• Not shared with any third party except as required by applicable law.
• Retained for a minimum of 5 years following account closure to comply with applicable record-keeping requirements, or longer if required by law.

We retain your personal data for as long as your account is active and for a reasonable period thereafter to fulfil the purposes described in this Policy, resolve disputes, and comply with our legal obligations. When data is no longer required, we delete or anonymise it securely.

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, disclosure, alteration, or destruction. These include encrypted storage, hashed passwords, HTTPS-only transmission, access controls, and two-factor authentication options.

No method of electronic transmission or storage is 100% secure. While we strive to use commercially acceptable means to protect your data, we cannot guarantee absolute security.

Depending on your location, you may have the following rights regarding your personal data:

• Access: Request a copy of the personal data we hold about you.
• Correction: Request that we correct inaccurate or incomplete data.
• Deletion: Request that we delete your personal data, subject to legal retention obligations.
• Restriction: Request that we restrict processing of your data in certain circumstances.
• Portability: Request a copy of your data in a structured, machine-readable format.
• Objection: Object to processing of your data based on legitimate interests.
• Withdraw consent: Where processing is based on consent, you may withdraw it at any time.

To exercise any of these rights, please contact us at support@coincircle.app. We will respond within 30 days.

CoinCircle uses session cookies and authentication tokens necessary for the Platform to function. We do not use advertising cookies, tracking pixels, or third-party analytics services that share data with advertisers. We do not display advertisements.

Your data may be processed and stored on servers located outside your country of residence, including in the United States (Vercel, Neon). We ensure that any such transfers are made with appropriate safeguards to protect your data in accordance with this Policy.

CoinCircle is not directed at persons under 18 years of age. We do not knowingly collect personal data from minors. If you believe we have inadvertently collected data from a minor, please contact us immediately and we will delete it.

We may update this Privacy Policy from time to time. We will notify registered users of material changes via email or in-app notification. Your continued use of the Platform after such notification constitutes your acceptance of the revised Policy.

For any privacy-related questions, requests, or complaints, please contact us at support@coincircle.app or through the Support section of the Platform. We take all privacy concerns seriously and will respond promptly.