The Bitcoin Bay
Privacy

Privacy policy

What we collect, why, for how long, and how to exercise your rights.

Data controller

The data controller for personal data collected via thebitcoinbay.net is The Bitcoin Bay, whose details are listed in the legal notice.

Data collected and purposes

  • Audit request funnel (Advisory page) — we collect: email (required), phone (optional), funnel answers (objective, budget, timing, location, notes). Purpose: respond to your request and deliver the audit service if you commission it. Legal basis: pre-contractual measures at your request (GDPR art. 6.1.b).
  • Anti-spam — a SHA-256 hash of your IP (never the IP in clear) is stored to limit abusive submissions. Legal basis: legitimate interest (GDPR art. 6.1.f).
  • No third-party analytics — the site uses no third-party analytics tools (no Google Analytics, no Plausible, no Matomo). The only logs collected are aggregated Vercel technical logs (latency, HTTP codes), retained 30 days by Vercel, with no identifying personal data.

Retention

  • Leads contacted at least once: 3 years after the last contact (B2B commercial prospecting).
  • Leads never replied to: 1 year from submission.
  • Paid audit clients: 10 years for invoices (accounting obligation), 3 years for other data after delivery.
  • Anti-spam IP hash: rolling 30 days.
  • Vercel technical logs: rolling 30 days.

Recipients

Your data is not shared with any third party except:

  • Resend (Germany, EU) — sending the confirmation email and internal notifications.
  • Supabase (configured EU region) — database hosting.
  • Vercel (United States) — website hosting. Contractual guarantees: Data Processing Addendum + Standard Contractual Clauses.

In particular, your data is never shared with hosting operators or partner vendors without your prior consent during an explicit introduction (for example, after accepting a quote).

Your rights

Under GDPR, you have the following rights:

  • right of access;
  • right of rectification;
  • right of erasure;
  • right of portability;
  • right to object to processing;
  • right to lodge a complaint with the CNIL (www.cnil.fr).

To exercise these rights: slashbinslashnoname@gmail.com. We respond within 30 days maximum.

Security

Data is encrypted at rest (Supabase EU with AES-256 encryption) and in transit (TLS 1.3). Admin access is protected by email + password authentication and Postgres RLS policies. IP addresses are never stored in clear text.

Politique de confidentialité / Privacy policy | The Bitcoin Bay