Data protection

Your account data is stored in UK and EU regions only. Application database and authentication run on Supabase (eu-west-2 / Ireland). Application hosting and edge functions run on Vercel's EU edge. Billing data is stored by Stripe in the UK.

We do not transfer personal data outside the UK or EEA except where covered by an adequacy decision or the UK International Data Transfer Agreement.

• You — and any team-mates you've explicitly invited via the seats UI
• Our service-role admin — strictly for support, debugging, and compliance, and itself audit-logged
• Our sub-processors:
  • Supabase — application database + auth (EU / UK)
  • Vercel — application hosting + edge functions (EU edge)
  • Stripe — subscription + one-off billing (UK)
  • Resend — transactional email (EU)
  • CoinGecko — market price data only; no PII transferred (Global)

We never sell your data, never hand it to advertisers, and never use it to train machine-learning models.

• Wallets and transactions — until you delete them
• Filed-report snapshots — until you ask us to remove them
• Audit log entries — kept immutably for 7 years to cover the HMRC enquiry window
• On account closure — all non-audit personal data is purged within 30 days

These retention rules mirror clause 7 of our Data Processing Agreement.

Under the UK GDPR (Articles 15-20) you have the right to:

• Access (Art. 15) — request a copy of all personal data we hold about you
• Rectification (Art. 16) — ask us to correct inaccurate or incomplete data
• Erasure (Art. 17, "right to be forgotten") — ask us to delete your data, subject to the audit-log retention
• Restriction (Art. 18) — ask us to pause processing while a complaint is resolved
• Portability (Art. 20) — get a machine-readable copy of your data in a common format (CSV / JSON)

Email us at support@cryptolens.uk from the address on your account, telling us which right you want to exercise. We respond within 30 days.

If you're unhappy with our response, you have the right to complain to the Information Commissioner's Office at ico.org.uk/make-a-complaint.

CryptoLens is operated as a personal project and is pre-revenue. ICO registration is required for commercial data processing in the UK; we'll apply for registration before the first paying customer and publish the reference number here once issued. UK firms can verify any registration in the public register at ico.org.uk/ESDWebPages/Search.