Privacy Policy

1. Introduction

Deep Blue Alpha ("we", "us", "our") respects your privacy. This Privacy Policy explains what information we collect, how we use it, and your rights regarding your data when you use our website and services at deepbluealpha.io.

2. Information We Collect

Information You Provide

• Account Data: Email address and hashed password when you create an account
• Payment Data: Payment processing is handled by Stripe (credit cards) and NOWPayments (cryptocurrency). We do not store your full credit card number, bank account details, or private keys. We receive only transaction confirmation details.
• Alert Preferences (Whale tier): If you configure Alerts, we store your notification preferences including alert types, thresholds, delivery channels, and quiet-hours settings. If you connect a Telegram account for alert delivery, we store your Telegram chat ID to route notifications to your account. You may disconnect Telegram or disable all alerts at any time from your Alerts settings page.
• Communications: Any messages you send us via email or support channels

Information Collected Automatically

• Usage Data: Pages visited, features used, API endpoints called, and timestamps
• Device Data: Browser type, operating system, screen resolution, and language preference
• Network Data: IP address (handled per the privacy practices of our analytics and security providers; not retained alongside account-level identifiers in our own systems), referral source
• Cookies: Authentication tokens and analytics cookies set by first- and third-party analytics services. Analytics cookies are set only when you grant analytics consent via the Cookie Preferences modal. See our Cookie Policy for the complete list of cookies and their durations.

Information We Do NOT Collect

• Your cryptocurrency wallet private keys or seed phrases
• Your trading positions on any exchange
• Full credit card numbers (handled exclusively by Stripe)
• Government identification documents

3. How We Use Your Information

• Service Delivery: To provide, maintain, and improve Deep Blue Alpha
• Authentication: To verify your identity and manage your subscription
• Communication: To send service updates, security alerts, and (with consent) product announcements
• Analytics: To understand site usage. We use first- and third-party analytics services that may set cookies and collect device/usage data when analytics consent is granted. We do not combine analytics data with account-level personal data to build cross-site advertising profiles, and we do not sell or share analytics data for cross-context behavioral advertising. See our Cookie Policy for the cookies these services may set and how to opt out.
• Security: To detect fraud, abuse, and unauthorized access
• Legal Compliance: To comply with applicable laws and legal requests

4. Data Sharing

We do not sell your personal data and we do not share your personal data for cross-context behavioral advertising. We share data only with the following categories of recipients, in the limited circumstances described:

• Payment Processors: Stripe and NOWPayments process your payments under their own privacy policies.
• Infrastructure Providers: Our hosting provider processes data as needed to run the Service. Categories shared: account email (for system access logs), session metadata, and request metadata.
• CDN/Security: Cloudflare provides CDN and DDoS protection, processing traffic data per their privacy policy.
• Telegram (Alerts delivery, Whale tier): If you connect a Telegram account to receive alerts, your Telegram chat ID and alert message content are transmitted to Telegram's servers to deliver your notifications. Telegram's handling of this data is governed by Telegram's Privacy Policy. We transmit only the minimum data necessary to route and display your alert. You may disconnect Telegram at any time from your Alerts settings.
• Analytics Providers: First- and third-party analytics services we use to measure site usage receive page-view and device data only when analytics consent is granted via the Cookie Preferences modal. We may also pass a non-personally-identifying categorical attribute indicating your subscription tier (for example, "free" or "alpha") so that aggregated reports can distinguish member cohorts. They do not receive your account email, password, payment data, or any other personally identifying information.
• Legal Requirements: When required by law, subpoena, or legal process.
• Safety: To protect the rights, property, or safety of Deep Blue Alpha and its users.

If you are a data subject under EU/UK GDPR or another regime that affords you the right to obtain a list of specific subprocessors, you may request the current list by emailing team@deepbluealpha.io.

5. Data Retention

We retain your account data for as long as your account is active. If you delete your account, we will remove your personal data within 30 days, except where retention is required by law or for legitimate business purposes (e.g., fraud prevention). Anonymized analytics data may be retained indefinitely.

6. Data Security

We implement industry-standard security measures including:

• HTTPS encryption for all connections (TLS 1.2+)
• Password hashing with PBKDF2-HMAC-SHA256 (100,000 iterations)
• API keys stored as SHA-256 hashes (originals never stored)
• Cloudflare DDoS protection and Web Application Firewall
• Rate limiting on authentication and API endpoints

No system is 100% secure. We cannot guarantee absolute security. In the event of a confirmed personal-data breach, we will notify affected users without undue delay, and where required by applicable law (including GDPR Article 33 and applicable U.S. state data-breach notification statutes), notify the relevant supervisory authority within seventy-two (72) hours of becoming aware of the breach.

7. Your Rights

Depending on your jurisdiction, you may have the right to:

• Access: Request a copy of the personal data we hold about you
• Correction: Request correction of inaccurate data
• Deletion: Request deletion of your account and associated data
• Portability: Receive your data in a machine-readable format
• Objection: Object to certain processing of your data
• Withdraw Consent: Where processing is based on consent, you may withdraw it at any time

To exercise these rights, contact us at team@deepbluealpha.io.

8. International Users

Deep Blue Alpha is operated from the United States. If you access the Service from outside the United States, your data will be transferred to and processed in the United States and other jurisdictions in which our infrastructure or service providers operate.

EU / UK / EEA Users — Cross-border transfer mechanism. For transfers of personal data from the European Economic Area, the United Kingdom, or Switzerland to the United States, we rely on the European Commission's Standard Contractual Clauses (SCCs), the UK International Data Transfer Addendum, and applicable adequacy decisions, supplemented by appropriate technical and organizational measures including encryption in transit and at rest. We do not rely on user consent as the sole basis for these transfers.

9. Children's Privacy

Deep Blue Alpha is not intended for users under 13 years of age (the Children's Online Privacy Protection Act, "COPPA," threshold in the United States). For users in the European Economic Area or the United Kingdom, the digital-services age threshold ranges from 13 to 16 depending on the member state; we apply the local minimum where required. We do not knowingly collect personal data from a child below the applicable threshold. If we learn that we have collected data from a child below the applicable threshold, we will delete it promptly. A parent or legal guardian who believes a child has provided personal data may contact us at team@deepbluealpha.io to request deletion.

10. Your California Privacy Rights (CCPA / CPRA)

If you are a California resident, the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), gives you certain rights regarding your personal information.

We do not sell or share your personal information for cross-context behavioral advertising. We have not sold or shared personal information of California residents for monetary or other valuable consideration in the preceding twelve months, and we have no current plans to do so.

Categories of personal information we collect (per CCPA categories): identifiers (email, account ID), commercial information (subscription tier, payment history), internet/electronic activity (page views, feature usage), and geolocation data inferred from IP at country/region level only.

Sources: directly from you (account creation, payments) and automatically from your interactions with the Service.

Purposes: as described in Section 3 of this policy.

Your rights as a California resident:

• Right to know: Request the categories and specific pieces of personal information we have collected about you.
• Right to delete: Request deletion of personal information, subject to legal exceptions.
• Right to correct: Request correction of inaccurate personal information.
• Right to opt out of sale or sharing for cross-context behavioral advertising: Although we do not sell or share for these purposes, you may exercise this right at any time at Do Not Sell or Share My Personal Information or by emailing team@deepbluealpha.io. We will honor a Global Privacy Control (GPC) signal as a valid opt-out request where required by law.
• Right to limit use of sensitive personal information: We do not collect or use sensitive personal information for any purpose that would trigger this right.
• Right to non-discrimination: We will not discriminate against you for exercising any of these rights.

To exercise any of these rights, email team@deepbluealpha.io from the email address associated with your account, or use the contact path described above. We will respond within 45 days as required by CCPA.

Do Not Sell or Share My Personal Information. As stated above, we do not sell or share personal information for cross-context behavioral advertising. If you wish to record your preference on file, email team@deepbluealpha.io with the subject line "Do Not Sell or Share — CCPA" and include the email address on your account.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users of material changes. The "Last updated" date at the top reflects the most recent revision.

12. Contact

For privacy-related questions or requests, contact us at team@deepbluealpha.io.