Privacy Policy

Last updated: March 9, 2026

1. Who We Are

CryptoGated ("we", "us", or "our") operates the platform at cryptogated.xyz. We provide a subscription management platform enabling Telegram and Discord channel hosts to monetize their communities using Solana-based cryptocurrency payments.

For privacy inquiries, contact us at: privacy@cryptogated.xyz

2. Information We Collect

We collect the following categories of personal data:

Account Information

Email address (if you register with email/password or Google)
Display name and profile image (if provided)
Hashed password (never stored in plain text)
Account creation date and role (subscriber, host, platform owner)

Telegram Data

Telegram user ID (if you authenticate via Telegram)
Telegram username and first/last name (if provided by Telegram)
Telegram group membership status (managed by our bot for access control)

Discord Data

Discord user ID (if you authenticate via Discord)
Discord username (if provided by Discord)
Discord server role assignments (managed by our bot for access control)

Blockchain & Payment Data

Solana wallet public addresses associated with your account
Subscription payment history (amounts, dates, statuses)
Platform fee payment records
Referral payout records
Encrypted private keys for managed wallets (encrypted at rest using AWS KMS; only decrypted within our secure worker environment for processing transactions)

Usage & Technical Data

IP address (logged for security and fraud prevention)
Browser type and user agent (standard HTTP headers)
Pages visited and actions taken (for audit logging of platform-owner actions)
Session tokens (stored in secure, httpOnly browser cookies)

We do not use advertising trackers, analytics SDKs, or any third-party marketing pixels. We do not sell your data.

3. How We Use Your Information

Service delivery: Processing subscriptions, managing Telegram and Discord channel access, processing SOL payments, and operating the referral program.
Account management: Authentication, password resets, role management, and profile updates.
Security & fraud prevention: Detecting suspicious activity, enforcing rate limits, and maintaining audit logs for platform integrity.
Wallet operations: Executing subscription payments, disbursing referral payouts, and processing payout requests on behalf of hosts.
Legal compliance: Retaining transaction records as required by applicable law.
Communications: Sending service-related notifications (e.g., subscription expiry, payment confirmations) where you have provided contact information.

4. Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA) and United Kingdom, we process personal data under the following legal bases:

Contract performance (Art. 6(1)(b)): Processing necessary to provide the subscription management service you signed up for.
Legitimate interests (Art. 6(1)(f)): Security monitoring, fraud prevention, and audit logging to protect the platform and its users.
Legal obligation (Art. 6(1)(c)): Retention of financial transaction records where required by law.
Consent (Art. 6(1)(a)): Where you have explicitly consented to a specific use (e.g., optional marketing communications).

5. Data Sharing

We do not sell, rent, or trade your personal information. We share data only as follows:

Infrastructure providers: Our hosting provider (Amazon Web Services) processes data on our behalf under data processing agreements. This includes compute, database, and key management services.
Helius (Solana RPC): Solana wallet addresses are sent to Helius to query on-chain balances and process webhook payment notifications.
Telegram: Telegram user IDs and group membership actions are exchanged with Telegram's API to manage channel access.
Discord: Discord user IDs and role assignments are exchanged with Discord's API to manage server access.
OAuth providers: Google, Discord, and X (Twitter) may receive authentication requests if you use those sign-in methods.
Legal requirements: We may disclose information if required by law, court order, or to protect the rights and safety of our users or the public.
Business transfers: If CryptoGated is acquired or merges with another entity, your data may be transferred as part of that transaction, subject to the same privacy commitments.

6. Blockchain Data

Important: Transactions conducted on the Solana blockchain are public and permanent. Your wallet's public address and all associated on-chain transactions are visible to anyone querying the blockchain. This is an inherent characteristic of public blockchain networks and is outside our control. We have no ability to delete or modify on-chain data.

7. Cookies

We use only strictly necessary cookies required for the platform to function. These include session management cookies set by our authentication system (Auth.js). We do not use advertising, analytics, or tracking cookies.

For full details, see our Cookie Policy.

8. Data Retention

Account data: Retained for the lifetime of your account plus 90 days after deletion to allow for dispute resolution.
Transaction records: Retained for a minimum of 7 years as required for financial record-keeping obligations.
Audit logs: Retained for 2 years for security and compliance purposes.
Session data: Session tokens expire automatically per our authentication configuration. Inactive sessions are cleared periodically.

9. Your Rights (GDPR / UK GDPR)

If you are located in the EEA or United Kingdom, you have the following rights:

Right of access: Request a copy of the personal data we hold about you.
Right to rectification: Request correction of inaccurate data.
Right to erasure: Request deletion of your data, subject to our legal obligations to retain certain records (e.g., financial transaction history). Note that on-chain blockchain data cannot be erased.
Right to restriction: Request that we limit processing of your data in certain circumstances.
Right to portability: Request your data in a structured, machine-readable format.
Right to object: Object to processing based on legitimate interests.
Right to withdraw consent: Where processing is based on consent, withdraw it at any time.

To exercise any of these rights, contact us at privacy@cryptogated.xyz. We will respond within 30 days. You also have the right to lodge a complaint with your local data protection authority.

10. Children's Privacy

CryptoGated is not intended for users under the age of 18. We do not knowingly collect personal information from minors. If you believe a minor has created an account, please contact us and we will delete the account promptly.

11. International Data Transfers

Your data may be transferred to and processed in countries outside your country of residence, including the United States (where our cloud infrastructure is hosted). We ensure appropriate safeguards are in place for such transfers in accordance with applicable data protection laws, including standard contractual clauses where required.

12. Security

We implement industry-standard security measures including:

TLS encryption for all data in transit
Encrypted database storage for sensitive fields
AWS KMS envelope encryption for private keys in managed wallet mode
HttpOnly, Secure, SameSite session cookies
Rate limiting on authentication and sensitive endpoints
Regular security audits

No method of transmission or storage is 100% secure. We cannot guarantee absolute security and disclaim liability for any breach beyond our reasonable control.

13. Changes to This Policy

We may update this Privacy Policy periodically. Material changes will be announced via a notice on the platform or by email if you have provided one. Continued use of the platform after changes take effect constitutes acceptance of the updated policy.

14. Contact

For privacy questions, data requests, or concerns:

Email: privacy@cryptogated.xyz
Website: cryptogated.xyz