Privacy Policy

Effective Date: February 2026

1. Introduction

Cryptomatics ("we," "our," or "us") operates an AI-powered cryptocurrency trading platform. This Privacy Policy explains how we collect, use, store, and protect your information when you use our service.

By using Cryptomatics, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

Account Information

• Email address (used for authentication and communications)
• Firebase Authentication user ID

API Credentials

• Coinbase API key name and private key (encrypted at rest using Fernet symmetric encryption)
• API keys are stored in encrypted form and are never logged or displayed in plain text

Trading Data

• Trading configuration preferences (risk levels, coin selections, trading mode)
• Trade execution history and portfolio data retrieved from Coinbase
• AI analysis results and trading decisions

Usage Data

• Application logs for debugging and service reliability (stored in Google Cloud Logging)

3. How We Use Your Information

We use the information we collect to:

• Authenticate you and manage your account
• Execute cryptocurrency trades on your behalf via the Coinbase API
• Perform AI-powered market analysis to inform trading decisions
• Display your portfolio, positions, and trading history on the dashboard
• Send account-related notifications (e.g., team invitations via email link sign-in)
• Monitor and improve service reliability

4. Data Storage & Security

We take the security of your data seriously and employ multiple layers of protection:

• Authentication: Firebase Authentication with email/password and email link sign-in
• Encryption: Coinbase API keys are encrypted at rest using Fernet symmetric encryption (AES-128-CBC). The encryption key is stored in Google Cloud Secret Manager, separate from the encrypted data.
• Database: All application data is stored in Google Cloud Firestore with Firebase security rules
• Infrastructure: The application runs on Google Cloud Run with HTTPS encryption in transit
• Access Control: Multi-account system with role-based access (owner, admin, member, viewer)

5. Third-Party Services

Cryptomatics integrates with the following third-party services:

• Coinbase Advanced Trade API: To execute trades and retrieve portfolio data on your behalf using the API keys you provide
• Google Firebase: For user authentication (Firebase Auth) and data storage (Cloud Firestore)
• Google Cloud Platform: For application hosting (Cloud Run), secrets management (Secret Manager), and logging (Cloud Logging)
• Anthropic Claude AI: For AI-powered market analysis and trading decisions. Market data (not your personal information) is sent to Claude for analysis.
• CryptoPanic API: For aggregating cryptocurrency news used in AI market analysis

Each third-party service has its own privacy policy. We encourage you to review them.

6. Data Retention

We retain your data for as long as your account remains active. Specifically:

• Account and configuration data are retained while your account exists
• Trading history and AI analysis logs are retained as part of your account data
• Application logs in Google Cloud Logging follow Google's default retention policies (30 days)

When you delete your account, we will remove your data from our systems within a reasonable timeframe.

7. Your Rights

You have the right to:

• Access: View all data associated with your account through the dashboard
• Revoke API Access: Remove or rotate your Coinbase API keys at any time through Coinbase's interface, immediately cutting off trading access
• Deletion: Request complete deletion of your account and all associated data
• Export: Access your trading history and configuration data through the dashboard

8. Cookies & Local Storage

Cryptomatics uses browser local storage for Firebase Authentication tokens. We do not use tracking cookies or third-party analytics services. No advertising or marketing trackers are present on the platform.

9. Children's Privacy

Cryptomatics is not intended for use by anyone under the age of 18. We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal information, please contact us.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the effective date. Your continued use of the service after changes are posted constitutes acceptance of the updated policy.

11. Contact

If you have questions about this Privacy Policy or wish to exercise your rights, please contact us through the application or reach out to the account owner who invited you to the platform.