Privacy Policy

Last updated: June 2026

1. Introduction

MasterBitcoin ("we", "us", "our") is committed to protecting your personal data. This Privacy Policy explains what information we collect, how we use it, and the rights you have over your data. This policy applies to all users of the Service, including residents of the European Economic Area (EEA) whose data is processed in accordance with the General Data Protection Regulation (GDPR).

2. Data We Collect

We collect the following categories of personal data:

  • Account data: email address, username, and hashed password when you register.
  • Usage data: API request logs (endpoint, timestamp, response code) to enforce rate limits and detect abuse. These logs are retained for 30 days.
  • Payment data: processed exclusively by our payment provider (Stripe). We do not store card details.
  • Technical data: IP address, browser type, and referrer URL collected automatically for security and analytics.

3. How We Use Your Data

We process personal data for the following purposes:

  • Providing and maintaining the Service (legal basis: contract).
  • Enforcing rate limits and detecting fraud (legal basis: legitimate interest).
  • Sending transactional emails (account activation, password reset) (legal basis: contract).
  • Sending product updates and marketing, where you have given consent (legal basis: consent — withdrawable at any time).
  • Compliance with legal obligations (legal basis: legal obligation).

4. Data Sharing

We do not sell your personal data. We may share data with:

  • Infrastructure providers (hosting, CDN) under data processing agreements.
  • Payment processors (Stripe) to handle billing.
  • Law enforcement when required by law or valid legal process.

5. Data Retention

Account data is retained for the duration of your subscription plus 24 months after account closure, unless a longer period is required by law. API request logs are retained for 30 days. You may request earlier deletion (subject to legal retention obligations).

6. Your Rights (GDPR)

If you are located in the EEA, you have the following rights regarding your personal data:

  • Right of access: request a copy of your data.
  • Right to rectification: correct inaccurate data.
  • Right to erasure ("right to be forgotten"): request deletion of your data, subject to retention obligations.
  • Right to restriction: request we restrict processing in certain circumstances.
  • Right to data portability: receive your data in a structured, machine-readable format.
  • Right to object: object to processing based on legitimate interest or for direct marketing.
  • Right to withdraw consent at any time for consent-based processing.

To exercise any of these rights, contact us via the contact form on the Site. We will respond within 30 days.

7. Cookies

We use only essential cookies required for authentication and session management. No advertising or tracking cookies are deployed. You may disable cookies in your browser settings; some features of the Service may not function correctly without them.

8. Security

We implement industry-standard security measures including TLS encryption in transit, bcrypt password hashing, and access controls restricted by role. No method of transmission over the internet is 100 % secure and we cannot guarantee absolute security.

9. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be notified by email or prominent notice on the Site. The "Last updated" date at the top will always reflect the current version.

10. Contact

For privacy-related enquiries or to exercise your rights, please contact us via the contact form on the Site.