Cryptique Privacy Policy

Last Updated: July 7, 2025

1. Introduction & Definitions

Welcome to Cryptique. Your privacy and the security of your data are foundational to our services. This Privacy Policy outlines the practices of Cryptique ("we," "us," or "our") regarding the collection, use, processing, and protection of information in relation to our services.

This policy applies to:

• Clients: Businesses, developers, and individuals who register for and use the Cryptique platform to analyze their own user data.
• End-Users: Individuals who visit our Clients' websites or use their applications where our SDK is installed.
• Website Visitors: Individuals who visit our own website (https://cryptique.io).

Key Definitions:

• Personal Information: Any information that identifies or can be used to identify an individual, directly or indirectly.
• Data Controller: The entity that determines the purposes and means of processing personal data. Our Clients are the Data Controllers for the End-User data they collect using our services. Cryptique is the Data Controller for the information we collect from our Clients and Website Visitors.
• Data Processor: The entity that processes personal data on behalf of the Data Controller. Cryptique acts as a Data Processor for our Clients.

2. Information We Collect

We collect information necessary to provide, maintain, and improve our services.

2.1. Information We Collect Directly from Our Clients & Website Visitors

• Account Information: When you register as a Client, we collect your name, company name, email address, and a securely hashed password.
• Billing Information: To process payments, we collect billing details, including name, address, and payment card information. These details are processed directly and securely by our third-party payment processor (Stripe). We do not store full credit card numbers on our servers.
• Communications: We collect any information you voluntarily provide when you contact us for support, provide feedback, or make other inquiries.
• Website Usage Information: When you visit our website, we may use cookies and similar technologies to collect information about your device, browser, and how you interact with our site for analytics and improvement purposes.

2.2. Information We Process on Behalf of Our Clients (via the SDK)

When an End-User interacts with a website or application that uses the Cryptique SDK, we automatically collect certain information on behalf of our Client (the Data Controller).

Off-Chain Data:

• Session & Device Information: A unique pseudonymous user identifier generated by Cryptique, a session identifier, device type (desktop, mobile, tablet), operating system, browser name and version, and screen resolution.
• Behavioral Data: The pages visited, the time spent on each page, entry and exit pages, scroll depth percentage, elements clicked on (including CSS selectors or specific IDs), elements hovered over and for how long, and the referring website URL.
• Geolocation Data: The End-User's country, derived from their IP address. We do not store the full IP address.
• Campaign Data: Standard UTM parameters (utm_source, utm_medium, utm_campaign, utm_term, utm_content) if the End-User arrived from a marketing campaign.

On-Chain Data (Publicly Available Information):

• Wallet Information: If an End-User connects a Web3 wallet to our Client's site, we may collect their public wallet address, the wallet provider type (e.g., MetaMask, Coinbase Wallet), and the blockchain network ID (e.g., Ethereum, Polygon, Solana).
• Public Transaction Data: We analyze publicly available blockchain data associated with the connected wallet address. This includes transaction hashes, smart contract interactions (e.g., function calls for swaps, mints, stakes), value of assets transferred, token balances, and gas fees paid. We do not have access to, nor do we ever request, private keys or the ability to execute transactions.

3. Cookies and Other Tracking Technologies

We use cookies and localStorage to provide and operate our services.

• What They Are: Cookies are small text files stored on your device. localStorage is a type of web storage that allows data to be stored in a browser with no expiration date.
• How We Use Them:
  • On Our Website (for Clients): We use strictly necessary cookies to manage login sessions and secure accounts. With your consent, we use analytics cookies to understand website traffic.
  • The SDK (on our Clients' Sites): Our SDK uses localStorage to store a randomly generated userId and sessionId. This is essential for our ability to recognize returning visitors and analyze a user's journey across multiple page views for our Client's analytics. This helps provide accurate metrics like user counts and session duration.
• Your Choices & Consent: Our Clients (as Data Controllers) are responsible for obtaining appropriate consent from End-Users for the use of our SDK's tracking technology on their websites, typically through a cookie consent banner. End-Users can manage their preferences on those sites or through their browser settings.

4. Legal Basis for Processing Information (GDPR)

If you are in the European Economic Area (EEA), we process your personal information on the following legal bases:

• Performance of a Contract: We process our Clients' account and billing information as it is necessary to perform the service contract we have with them.
• Under the Direction of a Data Controller: We process End-User data as a Data Processor strictly on the documented instructions of our Clients.
• Legitimate Interests: We may process information for our legitimate interests, such as for improving our platform, security monitoring, and fraud prevention, provided these interests are not overridden by your data protection rights.
• Consent: For activities like sending non-essential marketing communications, we will rely on your explicit consent.

5. How We Use Information

• To Provide Services to Our Clients: Our core purpose is to process the data collected via our SDK to provide our Clients with our services. This includes:
  • Attribution Modeling: Connecting off-chain campaign data to on-chain conversions.
  • User Segmentation: Creating detailed user profiles by fusing on-chain and off-chain behavior.
  • AI-Powered Insights: Using our CQ Intelligence™ engine to generate strategic recommendations and answer complex questions about user behavior.
  • Data Visualization: Creating dashboards, funnels, and heatmaps for our Clients. All data collected for a specific Client is strictly siloed and used solely for the benefit of that Client.
• To Manage Client Accounts: We use our Clients' information for billing, support, and service notifications.
• To Improve Our Platform: We use aggregated and fully anonymized data to analyze trends, conduct research, and improve the functionality, security, and intelligence of the Cryptique platform.

6. How We Share Information

We do not sell your personal information. We may share information only under the following limited circumstances:

• With Sub-processors: We use trusted third-party services to help us operate our platform, such as cloud hosting providers (Google Cloud), payment processors (Stripe), and vector databases (Pinecone). We maintain a list of our sub-processors, which is available to our Clients upon request. These services are contractually bound to protect your information.
• For Legal Reasons: We may disclose information if required by law, regulation, or a valid legal process.
• Business Transfers: If Cryptique is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.

7. Data Security

We implement robust technical and organizational measures to protect the information we process. These measures include:

• Encryption: Data is encrypted in transit using TLS 1.2+ and at rest using industry-standard algorithms like AES-256.
• Access Control: We enforce strict access controls within our organization based on the principle of least privilege.
• Infrastructure Security: Our infrastructure is hosted on Google Cloud, which provides a secure, state-of-the-art environment. We employ network segmentation, firewalls, and regular vulnerability scanning.
• Personnel: Our team receives regular security training.

8. Data Retention

• Client Account Data: We retain your account information as long as your account is active and for a reasonable period thereafter for legal or operational purposes.
• Data Processed for Clients: We retain the data collected via our SDK according to the terms of our agreement with our Client.

9. Your Data Rights

Depending on your location, you may have certain rights regarding your personal information under laws like the GDPR or CCPA/CPRA. These rights may include: the right to access, rectify, erase, restrict processing, data portability, object to processing, and withdraw consent.

California Residents (CCPA/CPRA): You may have additional rights, including the right to know what personal information is collected, the right to delete it, and the right to opt-out of the "sale" or "sharing" of your personal information. Cryptique does not sell personal information.

How to Exercise Your Rights:

• For Our Clients: You can exercise most of these rights directly through your account settings or by contacting us at privacy@cryptique.io.
• For End-Users: As we are the Data Processor, you should direct any requests to exercise your data rights to the owner of the website or application you were using (the Data Controller). We will assist our Clients in responding to these requests.

10. International Data Transfers

Your information may be transferred to, and maintained on, computers located outside of your jurisdiction where data protection laws may differ. We ensure that appropriate safeguards, such as Standard Contractual Clauses (SCCs), are in place for such transfers.

11. Children's Privacy

Our services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any significant changes by posting the new policy on this page and, if you are a Client, by sending you an email notification.

13. Dispute Resolution & Contact Us

If you have any questions or concerns about this Privacy Policy or our data practices, please contact us first. If your issue is not resolved, you may have the right to lodge a complaint with your local data protection authority.

Email: privacy@cryptique.io