Privacy Policy

1. Introduction

CrypTok LLC ("CrypTok," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the CrypTok platform, mobile applications, and related services (collectively, the "Platform").

By using CrypTok, you consent to the data practices described in this policy. If you do not agree with these practices, please do not use the Platform.

2. Information We Collect

2.1 Information You Provide

• Account Information: Name, email address, username, password, profile photo, bio, and date of birth
• Content: Posts, comments, messages, photos, videos, stories, and other content you share
• Financial Information: Public wallet addresses when you connect a Solana or EVM-compatible wallet. We never access or store your private keys or seed phrases
• Communications: Messages you send to other users, support requests, and feedback
• OAuth Data: If you sign up via Google, Meta, or X (Twitter), we receive your public profile information as permitted by the respective provider

2.2 Information Collected Automatically

• Device Information: Device type, operating system, browser type, screen resolution, and unique device identifiers
• Usage Data: Pages visited, features used, timestamps, interaction patterns, and referring URLs
• IP Address: Used for security, fraud prevention, and approximate geolocation
• Log Data: Server logs including access times, error logs, and request metadata

2.3 Information from Third Parties

• Blockchain Data: Publicly available on-chain transaction data from Solana, Ethereum, and other supported blockchains
• Payment Processors: Transaction confirmations from Stripe, PayPal, and Coinbase Commerce (we do not store full payment card numbers)
• Analytics Providers: Aggregated usage statistics to improve the Platform

3. How We Use Your Information

• To provide, operate, and maintain the CrypTok platform
• To personalize your feed, recommendations, and user experience
• To process on-chain transactions, tips, and platform payments
• To send notifications about activity on your content, messages, and account
• To enforce our Terms of Service and community guidelines
• To detect and prevent fraud, abuse, spam, and security threats
• To communicate service updates, security alerts, and promotional content (with opt-out options)
• To analyze usage patterns and improve platform features
• To comply with legal obligations

4. Blockchain Data & Wallet Information

When you connect a wallet and send or receive tips using the $CRYPTOK token, these transactions are recorded on the Solana blockchain. Blockchain transactions are publicly visible, immutable, and not controlled by CrypTok. We display on-chain data for your convenience but cannot modify or reverse blockchain transactions.

Your public wallet address is stored in association with your account to facilitate tipping and DeFi features. We never request, access, or store private keys, seed phrases, or wallet passwords.

5. Cookies & Tracking Technologies

CrypTok uses the following tracking technologies:

• Essential Cookies: Required for authentication, session management, and core platform functionality. These cannot be disabled.
• Preference Cookies: Store your settings such as language, theme (light/dark mode), and notification preferences.
• Analytics Cookies: Help us understand how users interact with the Platform to improve performance and features.
• Push Notification Tokens: OneSignal service worker tokens for delivering push notifications to your device.

You can manage cookie preferences through your browser settings. Disabling essential cookies may prevent the Platform from functioning correctly.

6. Third-Party Services & Integrations

CrypTok integrates with the following categories of third-party services, each with their own privacy policies:

• Blockchain Infrastructure: Solana (via Helius RPC), Ethereum and EVM chains (via Alchemy)
• Wallet Providers: Phantom, Solflare, MetaMask, Trust Wallet, Coinbase Wallet, Backpack, and 35+ others
• Payment Processors: Stripe, PayPal, Coinbase Commerce
• Real-Time Communication: Agora (WebRTC for voice/video calls and live streaming)
• Push Notifications: OneSignal
• Email Services: ZeptoMail (transactional emails)
• File Storage: DigitalOcean Spaces (CDN and media storage)
• Authentication: Google OAuth, Meta Login, X (Twitter) OAuth
• Market Data: DexScreener, GeckoTerminal, CoinGecko, Jupiter

We recommend reviewing the privacy policies of these third-party services for additional information about their data practices.

7. Data Sharing & Disclosure

We do not sell your personal information. We may share your data in the following circumstances:

• With Your Consent: When you explicitly authorize sharing (e.g., connecting a wallet, posting public content)
• Service Providers: With trusted third-party services that assist in operating the Platform, subject to confidentiality agreements
• Legal Requirements: When required by law, regulation, legal process, or governmental request
• Safety & Security: To protect against fraud, abuse, or threats to user safety
• Business Transfers: In connection with a merger, acquisition, or sale of assets, with appropriate user notification

8. Data Security

We implement industry-standard security measures to protect your data, including:

• TLS/SSL encryption for all data in transit (HTTPS)
• Secure password hashing using modern algorithms
• Encrypted messaging for direct conversations
• Rate limiting and CSRF protection on all API endpoints
• Regular security audits and vulnerability assessments
• Firewall protection and intrusion detection
• Regular encrypted backups

While we take reasonable measures to protect your data, no method of transmission or storage is 100% secure. You use the Platform at your own risk.

9. Data Retention & Account Deletion

We retain your personal information for as long as your account is active or as needed to provide services.

Account Deactivation: You may temporarily deactivate your account at any time. Your profile will be hidden and notifications paused, but all data is preserved. You can reactivate by logging back in — there is no time limit.

Account Deletion: When you request account deletion, your account enters a 30-day recovery period during which you may cancel by logging back in. After 30 days, the following data is permanently deleted: your profile information, posts, comments, media files, friends/followers lists, and chat history. Posts you authored may be retained in anonymized form (attributed to “Deleted User”).

Legal Retention: We are required by law to retain certain financial transaction records (including cryptocurrency tips, token transfers, and payment history) for up to 7 years in anonymized form for tax and regulatory compliance. Blockchain transactions are permanent and immutable and cannot be deleted by CrypTok or any third party.

You may delete your account in-app via Settings > Account Management, or on the web at cryptok.me/delete-account.

10. Your Rights & Choices

All Users

• Access: View and download your personal data through account settings
• Correction: Update inaccurate or incomplete personal information at any time
• Deletion: Delete your account through settings (with 30-day recovery window) or at cryptok.me/delete-account
• Deactivation: Temporarily deactivate your account to hide your profile while preserving all data
• Opt-Out: Unsubscribe from promotional emails and manage notification preferences
• Data Portability: Request an export of your data in a machine-readable format

GDPR Rights (European Economic Area)

If you are located in the EEA, you have additional rights under the General Data Protection Regulation (GDPR), including the right to access, rectification, erasure, restriction of processing, data portability, and the right to object to processing. You also have the right to lodge a complaint with your local data protection authority.

CCPA Rights (California)

If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information we collect, the right to delete your personal information, and the right to opt out of the sale of personal information. CrypTok does not sell personal information.

To exercise any of these rights, contact us at [email protected]. We will respond to verified requests within 30 days.

11. Children's Privacy

CrypTok is not intended for children under 13. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal information, please contact us immediately and we will take steps to remove such information.

12. International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place for international data transfers in compliance with applicable laws.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on the Platform and updating the "Last updated" date. Continued use of CrypTok after changes constitutes acceptance of the revised policy.

14. Contact Us

For privacy-related questions, data requests, or concerns, contact us at:

• Email: [email protected]
• Support: cryptok.me/support

CrypTok LLC