Back to home

Privacy Policy

Last updated: 11 May 2026

1. Who We Are

Decryptr ("Decryptr", "we", "us", "our") operates the Decryptr platform at decryptr.ai. This Privacy Policy explains how we collect, use, disclose, and protect your personal data. For the purposes of UK data protection law, Decryptr is the data controller. We are in the process of registering with the UK Information Commissioner's Office (ICO) as required by the Data Protection Act 2018.

2. Data We Collect

We collect the following categories of personal data:

  • Account data: email address, display name, username, profile photo (optional).
  • Usage data: pages visited, features used, dashboard configuration, coin watchlists, notification preferences.
  • Payment data: billing details and payment method information, processed by Stripe or NOWPayments. We never store raw card numbers or crypto private keys as payment credentials.
  • Technical data: IP address, browser type, device identifiers, session tokens, and operating system.
  • Trading credentials: Where you use the one-click trading feature, we store your Hyperliquid wallet private key or WalletConnect session credentials in encrypted form. These are used solely to submit trades on your behalf and are never shared with third parties.
  • Communications data: the content of messages you send to our support team.

3. How We Use Your Data

We use your data to:

  • Provide, operate, and improve the Service;
  • Process payments and manage your subscription;
  • Send service emails (account creation, billing receipts, important security notices);
  • Send optional marketing emails if you have opted in (you can unsubscribe at any time via the link in any marketing email);
  • Execute trades on your behalf when you use the one-click trading feature;
  • Detect and prevent fraud, abuse, or violations of our Terms of Service;
  • Comply with legal obligations, including sanctions screening and law-enforcement requests;
  • Respond to your support enquiries.

4. Legal Basis for Processing (UK GDPR)

We process your personal data on the following legal bases:

  • Contract performance (Art. 6(1)(b)): to deliver the Service you subscribe to, process your payments, and execute trades on your behalf.
  • Legitimate interests (Art. 6(1)(f)): to improve the Service, prevent fraud and abuse, ensure security, and for certain analytics. We have balanced these interests against your rights.
  • Consent (Art. 6(1)(a)): for marketing communications and non-essential cookies. You may withdraw consent at any time without affecting the lawfulness of prior processing.
  • Legal obligation (Art. 6(1)(c)): where required by applicable law, including financial regulations, sanctions obligations, and court orders.

5. Data Sharing

We do not sell your personal data. We share data only with the following categories of recipients:

  • Supabase — database hosting and authentication (data centres in EU and US).
  • Stripe — payment processing (operates globally; certified PCI-DSS Level 1).
  • NOWPayments — crypto payment processing, where applicable.
  • Vercel — platform hosting and global CDN.
  • Discord — optional notification delivery if you connect your Discord account.
  • Hyperliquid — on-chain trading protocol. Trade data is submitted on-chain and is publicly visible on the Hyperliquid network; we have no control over on-chain data.
  • Law enforcement or regulators where legally required, or to protect the rights, property, or safety of Decryptr, our users, or others.

All third-party processors are required to handle your data in accordance with applicable data protection law.

6. Data Retention

We retain your account data for as long as your account is active. If you delete your account, personal data is deleted within 90 days, except where we are required by law to retain it longer (for example, financial transaction records for 7 years under UK accounting regulations). Trading credentials (private keys / WalletConnect session data) are deleted immediately upon account deletion or wallet disconnect, whichever occurs first.

7. Your Rights

Under UK GDPR, depending on the circumstances, you have the right to:

  • Access the personal data we hold about you;
  • Rectify inaccurate or incomplete data;
  • Erase your data ("right to be forgotten") in certain circumstances;
  • Restrict our processing in certain circumstances;
  • Data portability — receive your data in a structured, machine-readable format;
  • Object to processing based on legitimate interests or for direct marketing;
  • Withdraw consent at any time for consent-based processing.

You can exercise most rights directly from Settings → Account. For other requests, or to exercise rights not available in-app, email support@decryptr.ai. We will respond within one calendar month.

Right to complain: You have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) if you believe we have not handled your personal data lawfully. The ICO can be contacted at ico.org.uk/make-a-complaint or by telephone on 0303 123 1113.

8. Cookies

We use essential cookies for authentication and session management. See our Cookie Policy for full details.

9. Security

We use industry-standard security measures including TLS encryption in transit and AES-256 encryption at rest. Wallet private keys are encrypted with an additional layer of key-encryption using a server-side secret that is never exposed to the client. We conduct regular internal security reviews. No system can be guaranteed 100% secure; you use the Service at your own risk. If you discover a security vulnerability, please report it responsibly to support@decryptr.ai.

10. International Transfers

Your data may be transferred to and processed in countries outside the UK and the European Economic Area (EEA), including the United States (Supabase, Vercel, Stripe). Where such transfers occur, we rely on appropriate safeguards, including Standard Contractual Clauses (SCCs) approved by the UK ICO, or the UK International Data Transfer Agreement (IDTA). You can request a copy of the relevant transfer mechanisms by emailing us.

11. Children's Data

The Service is not directed at, and we do not knowingly collect personal data from, individuals under the age of 18. If we become aware that we have collected data from a minor, we will delete it promptly. If you believe a minor has provided us with personal data, please contact us.

12. Changes to This Policy

We may update this policy from time to time. We will notify you of material changes by email or in-app notice at least 14 days before changes take effect. The updated date at the top of this page indicates when the policy was last revised.

13. Contact

Data protection enquiries: support@decryptr.ai

Cryptoassets are highly volatile. The value of your investment can go down as well as up and you may get back less than you invest. Cryptoassets are not regulated by the FCA — you are not protected by the Financial Services Compensation Scheme (FSCS) or the Financial Ombudsman Service (FOS). Capital gains tax may apply to profits.  |  Decryptr is not authorised or regulated by the Financial Conduct Authority. Nothing on this platform constitutes financial or investment advice. Not available to US residents.