Privacy policy

Last updated 2026-05-12. Working draft — production policy will be reviewed by counsel before public launch.

What we collect

• Account ID — random identifier generated at signup.
• Transfer-key hash — argon2id digest; we never store the plaintext.
• Optional profile — only the fields you fill in on the Account tab.
• Operational logs — request method/path, status code, latency. No request bodies.

What we don't collect

• Email address (unless you set one on the Account tab).
• IP addresses outside of rate-limiting (kept ≤ 1 hour).
• End-customer identities. The hosted invoice page is anonymous.

Data export & deletion

Email privacy@coinkraft.io with your account ID. We reply within 30 days per GDPR Art. 12.