cryptomat.news
BTC
ETH
SOL
Market:
Bullish:
Bearish:

Privacy Policy

Last updated: April 23, 2026

1. Introduction

This Privacy Policy explains how Cryptomat ("we", "us", "our") collects, uses, stores, and protects information when you visit cryptomat.news (the "Service").

Cryptomat is operated under the umbrella of CryptoBeast.ai. We take privacy seriously and comply with the EU General Data Protection Regulation (GDPR), the UK Data Protection Act 2018, and the California Consumer Privacy Act (CCPA). If any term in this policy conflicts with applicable law in your jurisdiction, the law prevails.

2. Data we collect

2.1 Information you provide directly

  • Email address — when you subscribe to the newsletter. Stored for delivery and unsubscribe handling.
  • Contact form submissions — name, email, subject, and message when you contact us. Used only to respond.

2.2 Information collected automatically

  • Server logs — IP address, user-agent, requested URL, timestamp, referrer. Retained for 30 days for abuse prevention and rate limiting.
  • Cookies — essential cookies (session, consent state) are always set. Analytics and preference cookies are opt-in only. See "Cookies" below.
  • Analytics events — if you consent, anonymous page-view and interaction events via Umami (self-hosted). Events do not contain personally identifying information.

2.3 Information we do not collect

  • We do not run advertising networks, trackers, or third-party marketing pixels.
  • We do not sell, rent, or share subscriber data with any third party for marketing purposes.
  • We do not profile individual readers across sessions.

3. How we use data

  • Newsletter delivery — sending subscribed content via our transactional email provider.
  • Site operation — serving pages, caching, and rate limiting.
  • Abuse prevention — blocking automated abuse of contact forms, newsletter subscriptions, or search endpoints.
  • Content improvement — aggregate (not individual) reading patterns to identify which coverage is most useful. Based on consented Umami events.
  • Legal compliance — responding to valid legal requests.

4. Legal bases for processing (GDPR)

  • Consent — for analytics cookies, preference cookies, and newsletter subscription. You may withdraw consent at any time.
  • Legitimate interest — for server logs, abuse prevention, and security monitoring.
  • Contract — for delivering the newsletter you subscribed to.
  • Legal obligation — for retention required by law.

5. Third-party processors

We use a small set of carefully selected third parties to operate the Service. Each processes data only for the purpose stated and is bound by a data-processing agreement.

  • Hetzner Online GmbH (Germany) — server hosting and backups. Location: EU.
  • Cloudflare, Inc. (USA) — DNS, CDN, DDoS protection, email forwarding. SCCs apply.
  • Resend, Inc. (USA) — transactional email delivery (newsletter confirmations). SCCs apply.
  • listmonk — self-hosted newsletter broadcast (runs on our Hetzner infrastructure, no external vendor).
  • Umami Analytics — self-hosted analytics (runs on our Hetzner infrastructure, no external vendor).
  • Meilisearch — self-hosted search engine (runs on our Hetzner infrastructure).

6. Your rights (GDPR / CCPA)

  • Access — request a copy of your data.
  • Rectification — correct inaccurate data.
  • Erasure — request deletion of your data (aka "right to be forgotten").
  • Restriction — limit how we process your data.
  • Portability — receive your data in a machine-readable format.
  • Object — object to processing based on legitimate interest.
  • Withdraw consent — revoke analytics consent via our cookie banner or by emailing us.
  • Non-discrimination (CCPA) — exercising these rights does not affect your access to the Service.

To exercise any right, email contact@cryptomat.news. We respond within 30 days (usually within a week).

7. Cookies

We use a minimal set of cookies. Categories:

  • Essential (always on) — session cookie, cookie-consent state cookie. Cannot be disabled as they are required for the site to function.
  • Analytics (opt-in) — Umami cookies to measure anonymous page-level engagement. Not set unless you accept.
  • Preferences (opt-in) — stores your theme (dark/light) and saved searches.

You can change your preferences anytime via the "Cookie settings" link in the footer.

8. Retention

  • Newsletter subscriber emails — retained until you unsubscribe, then deleted within 30 days.
  • Contact form messages — retained 12 months after resolution.
  • Server logs — 30 days rolling.
  • Analytics events — 12 months aggregated (no individual retention).

9. Security

We use industry-standard security controls: TLS 1.3 for all traffic, HSTS with preload, strict Content-Security-Policy, encrypted backups, principle of least privilege for admin access, and annual credential rotation. Report any vulnerability to security@cryptomat.news or via security.txt.

10. International transfers

Some of our processors (Cloudflare, Resend) are based in the United States. Data transfers rely on Standard Contractual Clauses (SCCs) approved by the European Commission, which provide the legally required level of protection.

11. Children

Cryptomat is not directed to children under 16. We do not knowingly collect data from children. If you believe a child has provided us data, email us at contact@cryptomat.news and we will delete it.

12. Changes to this policy

We may update this policy to reflect changes in our practices or applicable law. Material changes will be announced on the homepage and to newsletter subscribers at least 30 days in advance. The "Last updated" date above always reflects the current version.

13. Contact

Data protection queries: contact@cryptomat.news.

You also have the right to lodge a complaint with your local data protection authority. In the EU, a list of supervisory authorities is available at edpb.europa.eu.