Privacy Policy

1. Introduction

Ecosanskriti Innovations (OPC) Private Limited (CIN: U27100WB2025OPC279246), operating as CryptoReportKit ("Company", "we", "us", or "our"), is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our cryptocurrency data analytics platform, website, applications, and related services (collectively, the "Services").

By accessing or using our Services, you consent to the collection and use of your information as described in this Privacy Policy. If you do not agree with our policies, please do not use our Services.

2. Information We Collect

2.1 Information You Provide

We collect information you voluntarily provide, including:

• Account Information: Email address, name (optional), password
• Profile Information: Preferences, settings, communication choices
• Payment Information: If we enable payments in the future, payments will be processed securely by a payment processor. We do not store your credit card details. (Note: Payments are not currently enabled.)
• Portfolio Data: Cryptocurrency holdings and investments you choose to enter
• Communications: Messages, feedback, and support requests you send us
• Uploads and Workspace Data: Files, spreadsheet content, prompts, dashboard settings, and other content you intentionally upload or generate when using DataLab, builder, export, or community-style features
• AI Interactions: Questions, prompts, and related output generated when you use AI-powered features
• API Keys (BYOK): If you use our Bring Your Own Key (BYOK) feature, you may provide API keys from third-party data providers (e.g., CoinGecko). See Section 2.4 below for details on how we handle these keys.

2.2 Information Collected Automatically

When you use our Services, we automatically collect:

• Device Information: Browser type, operating system, device identifiers
• Usage Data: Pages visited, features used, time spent, click patterns
• Log Data: IP address, access times, referring URLs
• Cookies: Session identifiers and preference data (see Section 6)

2.3 Information from Third Parties

We may receive information from third-party services if you connect them to your account, such as wallet addresses (if you choose to link them) or social login providers.

2.5 Uploaded Files, DataLab Content, and AI Prompts

Some features let you upload files, save parsed spreadsheet data, or submit prompts to AI-powered tools. Please do not upload unlawful content or personal data that you do not have the right to share. Uploaded files and derived data may be stored in our backend systems to provide the feature, sync your workspace, support exports, and allow later retrieval or deletion by you.

If you use AI features, your prompt and relevant context may be transmitted to our AI infrastructure or model providers to generate a response. AI outputs may be inaccurate, incomplete, or outdated and should be independently verified.

2.4 API Keys (BYOK)

We use a Bring Your Own Key (BYOK) architecture. You obtain your own API key from CoinGecko (or other providers) under their terms. Depending on the feature you use, your key may be stored locally on your device (e.g., inside an Excel workbook or in your browser storage) and may be transmitted to our servers to fetch third-party data on your behalf.

• Your Keys, Your Responsibility: You obtain API keys directly from data providers under their terms. We have no relationship with your provider account.
• Local Storage: For Excel templates, you can store your API key in a Settings sheet or named cell. For web dashboards, your key may be stored locally in your browser.
• Service Requests: When you use web dashboards, your browser may send your API key to our backend so we can fetch data from the provider and return the results to you.
• No Access Provision: We do not "provide access" to any data provider. You maintain your own provider account and are solely responsible for compliance with their terms.
• Full Control: You can change or remove your key at any time (e.g., by editing your workbook or clearing it from your browser storage). You can also rotate keys in your provider dashboard if you believe a key has been exposed.

Disclaimer: By using BYOK, you acknowledge that (a) you obtained your API keys directly from the provider, (b) you are responsible for complying with provider terms, rate limits, and policies, and (c) we are not liable for provider API changes, downtime, or your policy violations.

3. How We Use Your Information

We use your information to:

• Provide, maintain, and improve our Services
• Process your account registration and Subscriptions
• Process payments and prevent fraud
• Send important updates about your account and Services
• Respond to your inquiries and support requests
• Personalize your experience and deliver relevant content
• Analyze usage patterns to improve functionality and user experience
• Detect, prevent, and address security issues and abuse
• Comply with legal obligations and enforce our Terms of Service
• Send marketing communications (with your consent, which you can withdraw anytime)

4. How We Share Your Information

We do NOT sell your personal data.

We may share your information with:

• Service Providers: Third parties who help us operate our Services:
  • Payment Processor: Once payments are enabled, payment processing and subscription management will be handled by a third-party payment processor. Payment details will be shared directly with that processor. (Note: Payments are not currently enabled.)
  • Supabase: Database, storage, and authentication services
  • Vercel: Website hosting, deployment, and analytics infrastructure
  • Resend: Transactional email delivery
  • Groq or other model providers: AI-response generation for AI-enabled features
  • Data Providers: Market data aggregation services (CoinGecko, etc.)
• Legal Requirements: If required by law, court order, or government request
• Protection of Rights: To protect our rights, property, or safety, or that of our users
• Business Transfers: In connection with a merger, acquisition, or sale of assets

5. Data Security

We implement industry-standard security measures to protect your data:

• All data transmitted via HTTPS/TLS encryption
• Secure password hashing (bcrypt)
• Regular security assessments and updates
• Access controls limiting employee access to personal data
• Database encryption at rest

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

6. Cookies and Tracking Technologies

We use cookies and similar technologies to:

• Essential Cookies: Keep you signed in and remember your preferences
• Analytics Cookies: Understand how users interact with our Services
• Functional Cookies: Enable enhanced features and personalization
• Consent Storage: Save your cookie choices in browser local storage

You can control cookies through your browser settings. Disabling certain cookies may affect the functionality of our Services.

Cookie Controls (EU/UK): Where required by law, we only set analytics cookies after you opt in via our cookie banner. You can withdraw consent anytime using the cookie settings link in the footer or through your browser settings.

We do not use advertising cookies or sell your data to advertisers.

For more detail, including current categories and controls, see our Cookie Policy.

7. Data Retention

We retain your personal data for as long as your account is active or as needed to provide you with our Services. We may also retain data as necessary to:

• Comply with legal obligations
• Resolve disputes
• Enforce our agreements
• Maintain business records

If you delete your account, we will delete or anonymize your personal data within 30 days, except where retention is required for legal or legitimate business purposes.

• Account and profile data: retained while your account is active, then deleted or anonymized within a reasonable period
• Uploaded spreadsheet/workspace data: retained until you delete it, close your account, or we remove stale content under our retention rules
• Support communications: retained for support, audit, and dispute-resolution purposes
• Billing and tax records: retained for the period required by applicable law if payments are enabled
• Security and access logs: retained for fraud prevention, abuse detection, and security investigation

8. Your Rights and Choices

Depending on your location, you may have the right to:

• Access: Request a copy of your personal data
• Correction: Update or correct inaccurate information
• Deletion: Request deletion of your account and personal data
• Portability: Receive your data in a portable format
• Opt-out: Unsubscribe from marketing emails at any time
• Restrict Processing: Limit how we use your data in certain circumstances

To exercise these rights, contact us at support@cryptoreportkit.com. We will respond to your request within 30 days.

12. Children's Privacy

Our Services are not intended for users under 18 years of age. We do not knowingly collect personal data from children. If we learn that we have collected data from a child under 18, we will take steps to delete such information promptly. If you believe a child has provided us with personal data, please contact us.

13. International Data Transfers

Our Services are operated globally, and your data may be processed in countries other than your own. By using our Services, you consent to the transfer of your information to countries which may have different data protection laws than your jurisdiction. We take appropriate measures to ensure your data remains protected in accordance with this Privacy Policy.

Where required, we rely on contractual safeguards, provider security commitments, and access controls designed to protect personal data during cross-border transfers.

14. Third-Party Links

Our Services may contain links to third-party websites, services, or applications. We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party services you access.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on our website and updating the "Last updated" date. For significant changes, we may also notify you by email. Your continued use of our Services after any changes constitutes acceptance of the updated Privacy Policy.

16. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: