Privacy Policy

Feb 13, 2025

Coinkidink Ltd Privacy Policy

Last Updated: 10 February 2025

Introduction & Scope

Welcome to Coinkidink Ltd’s Privacy Policy. This policy describes how Coinkidink Ltd (“Coinkidink,” “we,” “us,” or “our”) collects, uses, and protects your personal data when you use our services. It applies to all users of our website (including Coinkidinkapp.com), our mobile applications, and any related services or platforms we operate (collectively, the “Services”).

By using our Services, you acknowledge that you have read and understood this Privacy Policy. We are committed to safeguarding your privacy and ensuring that your personal information is protected in compliance with applicable laws. If you do not agree with this policy, please do not use our Services. This Privacy Policy is an integral part of our terms of service and applies to anyone accessing or using the Services.

Legal Compliance (UK GDPR & Data Protection Act)

Coinkidink Ltd is based in the United Kingdom and is fully committed to complying with all relevant data protection laws. In particular, we adhere to the UK General Data Protection Regulation (UK GDPR) and the UK Data Protection Act 2018, as well as other applicable UK privacy laws. This means we process personal data lawfully, fairly, and transparently, and we ensure appropriate safeguards for your information.

We act as the “data controller” for the personal data we handle, which means we determine the purposes and means of processing your personal information. In doing so, we rely on lawful bases as defined under the UK GDPR, such as: your consent (where you have actively given it), performance of a contract (when processing is necessary to provide you with our Services), legal obligations (complying with laws or regulations), and legitimate interests (for purposes such as improving our Services or ensuring security, balanced against your rights). We will always ensure that we have a valid legal basis to collect and use your data, and we will respect your rights under these laws.

Data Collection: What Information We Collect

We collect personal data to provide and improve our Services. The information we collect falls into a few categories: (1) data you provide to us directly, (2) data we collect automatically when you use our Services, and (3) data we obtain from third parties. Below is a breakdown of these categories and examples of the types of data in each:

1. Information You Provide to Us

You may give us information about yourself when you: create an account, fill in forms on our site or app, subscribe to our newsletter, communicate with us, or use certain features. This information is provided directly by you and may include:

  • Contact Details: such as your name, email address, mailing address, phone number, and login credentials (username and password).

  • Profile Information: if our Service allows profile creation, details like your display name, avatar, or other information you choose to add to your profile.

  • Payment Information: if you make purchases or transactions through our Service, you may provide payment details. For example, when subscribing or buying within the app, you might input credit/debit card information or other payment data. (Please note: We use a third-party payment processor (Stripe) to handle payment transactions; see “Third-Party Services” below. Coinkidink itself does not store your full card details.)

  • Communication Content: copies of communications with us, including emails, support requests, feedback, or other correspondence. This could include any information you send us when you contact our support or respond to surveys.

  • Other Voluntarily Provided Data: any other information you choose to provide, for example when participating in promotions, contests, or user research.

We will only ask for personal information that is necessary for the relevant purpose. You can always choose not to provide certain info, but please note that some parts of our Services (for example, creating an account or processing a payment) might not be usable without the relevant information.

2. Information Collected Automatically

When you interact with our website or app, we automatically collect certain data about your device and usage of the Services. This helps us to secure the Services and improve user experience. The data we collect automatically includes:

  • Usage Data: details of how and when you use our Services. For example, this can include the pages or screens you view, features you use, the time spent on pages, the links you click, and the actions you take. If our Service includes in-app analytics or logs, we collect those usage details.

  • Device and Technical Data: information about the device and software you use to access our Services. This may include your device type (e.g. phone, tablet, computer), operating system and version, browser type and version, screen resolution, and device identifiers or advertising IDs. If you use our mobile app, we might collect device identifiers or push notification tokens.

  • IP Address and Location Data: your Internet Protocol (IP) address is collected when you use the Services. This can sometimes be used to derive your approximate geographic location (geolocation at a city or country level). We do not collect precise GPS location from your device unless you have explicitly granted permission through your device settings.

  • Cookies and Similar Technologies: we use cookies, pixels, and other tracking technologies (explained more in the Cookies & Tracking Technologies section below) to collect information about your interactions and usage. For example, cookies help us recognize you when you return to our site, and analytics scripts help us see how you navigate our Services.

This automatically collected data may be combined with information you provide directly in order to personalize your experience, prevent fraud, and ensure the Service functions properly across different devices.

3. Information from Third Parties

We may receive personal data about you from third-party sources in the following scenarios:

  • Third-Party Account Integrations: If you choose to register or log in via a third-party account (for example, using Google or another service to authenticate), we receive information from that third party, such as your name and email address, as permitted by the third party’s authentication process and your settings with them.

  • Payment Processors: When you make payments through our Services, our payment provider (Stripe) may send us limited information to confirm a transaction. This can include a payment confirmation, your name or email associated with the payment, and the amount paid. We do not receive or store your full card details from Stripe.

  • Analytics Providers: We use analytics services (like Google Analytics) that collect data on our behalf about your interactions. These providers may use cookies and identifiers to gather information about site traffic and usage patterns. The analytics data provided to us generally does not identify you personally (Google Analytics, for example, provides aggregate statistics, though it may collect IP addresses as part of its service).

  • Advertising or Marketing Partners: If we run marketing campaigns, we might receive information from advertising networks or social media platforms about the success of ads (e.g., how many users installed our app after clicking an ad). This information is usually statistical and not tied to your personal identity, except in cases where you have explicitly consented to share your information with those partners.

  • Service Providers: Other vendors that help us run the Service (such as Firebase for data storage, or Microsoft 365 for email) might collect or provide data incidentally. For instance, if we email you via Microsoft 365 Outlook, Microsoft’s systems will process your email address to deliver our message. Similarly, if our app uses Firebase, we receive data that Firebase gathers on our behalf (like crash reports or analytics on app performance).

We only collect data from third parties if we have assurances that they have lawful rights to provide this data to us (for example, you have consented to them sharing it, or it’s provided under their privacy policy in a way that is compatible with your privacy rights). We treat this combined data with the same care as information you give us directly.

Third-Party Services We Use

To provide our Services efficiently and securely, Coinkidink Ltd uses certain trusted third-party service providers. These third parties help us with various functions such as payment processing, analytics, email communications, and data hosting. We share your data with these providers only to the extent necessary for them to perform their services, and each provider is contractually obligated to protect your information and use it only for the purposes we specify. The key third-party services we use (and what we use them for) are:

  • Stripe (Payment Processing): We use Stripe to handle secure payment transactions (for example, when you make a purchase or subscription through Coinkidink). When you provide payment details, that information is transmitted directly to Stripe via secure encryption. Stripe processes your payment information in accordance with strict data security standards (they are PCI-DSS compliant). Coinkidink does not store your sensitive card details on our servers; Stripe may store and use your payment information to process transactions and for fraud prevention. Stripe may also collect identifying information about you for verification (such as name, billing address, email, and IP address) as needed to process payments and comply with anti-fraud and legal requirements. Stripe’s role: Stripe acts as a data processor on our behalf for payment processing, and in some cases as an independent data controller for compliance purposes. For more details, you can review Stripe’s own Privacy Policy (available on Stripe’s website) to understand how they handle your personal data.


  • Google Analytics (Website/App Analytics): We utilize Google Analytics to understand how users find and use our website and app. Google Analytics uses cookies and similar technologies to collect information about your interaction with our Services, such as which pages you visit, how long you stay, and what website referred you to us. This information helps us analyze user traffic and improve our features and content. The data collected via Google Analytics may include your IP address and device information, but we have configured Google Analytics to anonymize IP addresses where possible (which means Google truncates the IP address in most cases for privacy). Google Analytics provides us with aggregated statistical data — we do not receive personally identifying information like your name from Google Analytics. Data sharing and opt-out: Google may process this analytics data on servers outside the UK (see the “International Data Transfers” section for how we safeguard such transfers). You can opt out of Google Analytics tracking if you wish, by using a browser plugin provided by Google or by adjusting your cookie preferences (see Cookies & Tracking Technologies below). For more details on Google’s privacy practices, you can review Google’s Privacy Policy.


  • Microsoft 365 (Email and Document Services): Coinkidink Ltd uses Microsoft 365 (a suite of services by Microsoft, including Outlook for email and OneDrive/SharePoint for document storage). This means that when you email us at our official contact (for example, operations@coinkidinkapp.com), your email is processed and stored on Microsoft’s systems. Likewise, any documents or spreadsheets containing personal data (like a user list or support log) may be stored on Microsoft’s cloud via OneDrive or SharePoint. Microsoft acts as our data processor for these services, handling your data on our behalf. Microsoft is a large company that adheres to strong security and privacy standards; they will have access to your information only as needed to perform the email/storage service and are contractually obligated to keep it confidential. Personal data in these emails or documents is not used by Microsoft for any purpose other than providing the service to us. You can refer to Microsoft’s privacy statements for information on how they protect data in Microsoft 365.


  • Firebase (Database and Hosting): Our application relies on Firebase, a platform by Google, for data storage, database, and hosting services. Firebase helps us store your account information and other data (for example, your profile details, settings, and usage data) in the cloud so that the app and website can function smoothly and sync your data in real-time. As a result, personal data (such as your email, username, and any content you generate within the app) may be stored on Firebase servers. Google (Firebase’s provider) processes this data on our behalf under strict confidentiality and security measures. Firebase implements robust security practices including data encryption at rest and in transit. Some Firebase services we use might also collect analytics or crash reports to help us fix issues; for instance, Firebase Analytics or Crashlytics could automatically gather information about your device model or app version at the time of an error. Data location and access: Firebase data may be stored on servers located in the European Economic Area (EEA) or in the United States or other countries. Google is committed to protecting data transfers (see International Data Transfers below for more details on safeguards). Google will not use Firebase-stored user data for any purpose other than to provide services to Coinkidink, according to Google’s Firebase terms. You can find more about how Google handles data in Firebase in Google’s privacy documentation.


Each of these third-party services is carefully chosen to support our operations. We have Data Processing Agreements in place with these providers where required, obligating them to comply with UK GDPR standards for privacy and security. We do not sell or rent your personal information to third parties. Aside from the services listed above, we will not share your personal data with others unless: (a) we have your explicit consent, (b) it is necessary to fulfill a contract with you or provide the Services, (c) we are required by law or lawful request (e.g., court order, law enforcement) to disclose the information, or (d) to protect our rights, property, or safety or that of our users (such as sharing information with fraud prevention services or to prevent an imminent harm).

If you have questions about any third-party with whom your data might be shared, you can always contact us for more information. We aim to be transparent about how and with whom your data is shared.

How We Use Your Data

Coinkidink Ltd uses the personal data we collect for specific, explicit, and legitimate purposes. We will not use your information in a way that is incompatible with the purposes for which it was collected, unless we obtain your consent or are required by law. Below we outline the various purposes for which we process your data, along with examples for clarity:

  • To Provide and Maintain the Services: We use your information to create and manage your account, authenticate you when you log in, and deliver the features of our website and app. For example, we use your login credentials to allow you access, and your profile information to display your account within the app. If the service has any social or interactive features, we use your submitted content or info to operate those as well. Processing your data for these purposes is usually based on contract necessity – i.e., it’s necessary for us to fulfill our obligations to you under our Terms of Service.


  • To Process Transactions and Payments: When you make a purchase or subscription through Coinkidink, we use the personal and payment information provided to process that transaction. This includes sending your payment details to our payment processor (Stripe) and receiving confirmation of payment. We might also use your contact information to send you receipts or transaction notices. This processing is based on contract (completing the purchase you requested) and our legal obligations (financial record-keeping and fraud prevention).


  • To Communicate with You: We use your contact information (like email address or phone number) to send service-related communications. This includes:


    • Responding to Inquiries and Support Requests: If you contact us for help or with questions, we will use your information to respond and resolve your issues.

    • Sending Important Alerts: We may send you emails or notifications about important updates such as changes to our terms or this privacy policy, security alerts, password reset messages, or updates about the status of your account.

    • Transactional Messages: communications confirming actions you’ve taken, like sign-up emails, order confirmations, billing notices, or similar.

  • These types of communications are necessary for running the Service and are sent based on our contract with you or legitimate interest in keeping you informed.


  • For Marketing and Promotional Purposes: If you have opted in or if we have a lawful right (such as a legitimate interest under applicable law), we may use your email or other contact details to send you newsletters, offers, or promotions about our new features, products, or events we think may interest you. You will only receive marketing communications from us if you have consented to such messages or if you are an existing customer and we believe you might legitimately benefit from updates about our similar products/services (in which case we will always provide a clear opt-out opportunity). You have the right to opt out of marketing emails at any time (for example, by clicking the “unsubscribe” link in our emails or contacting us directly with your preference). We will not spam you or share your contact information with third-party advertisers without your explicit consent.


  • Analytics and Service Improvement: We analyze usage information (including data from Google Analytics and Firebase Analytics) to understand user behavior and preferences. This helps us troubleshoot problems, optimize our user interface, and improve the overall user experience. For example, we might look at how many users use a certain feature or where users encounter errors, so we can make that feature better or fix bugs. Wherever possible, we use aggregated or anonymized data for this purpose, which does not identify you personally. Using data for analytics is usually based on our legitimate interest in improving our Services. If required by law (for example, for non-essential cookies), we will obtain your consent for analytics tracking.


  • Personalization: In some cases, we may use data to personalize your experience. This could include remembering your preferences (such as language or font size) or tailoring content to you. For instance, if our Service has a dashboard or feed, we might use information about your past activity to show relevant content. Any personalization aims to make the Service more useful to you. We might rely on legitimate interest for basic personalization, and on consent if it involves more significant profiling or use of cookies.


  • Security and Fraud Prevention: We process certain data (like IP addresses, device info, and usage patterns) to maintain the security of our Services, accounts, and users. This includes using data to detect and prevent fraud, abuse, illegal activities, or technical issues. For example, we might use your IP and login attempts to detect suspicious logins, or use cookies to enforce security features. We also may use data to verify identity where necessary (for instance, during password recovery or to prevent unauthorized access). Processing data for security is in our legitimate interests and is often also part of our legal obligations to protect data.


  • Compliance with Legal Obligations: We may use your personal information to comply with applicable laws, regulations, and legal processes. This includes retaining and disclosing certain data as required by law (e.g., tax laws requiring us to keep transaction records, or responding to government requests or court orders). If necessary, we will use your data to enforce our legal rights, to defend against legal claims, or to investigate violations of our Terms of Service or any fraud or security issues. These uses are based on legal obligation or legitimate interest in protecting our rights and complying with the law.


  • Other Purposes (with Notice to You): If we intend to use your data for any purpose that is different from the original purpose we collected it for, we will inform you and, if required, obtain your consent. For example, if we ever wanted to use your data in a new application or share it with a new partner, we would provide you with notice and the opportunity to consent or object.


We do not engage in any automated decision-making, including profiling, that produces legal or similarly significant effects on you without human involvement. Any automated processes we have (such as automatically filtering spam messages or recommending features) do not negatively affect your rights or privacy; however, you have the right to object if you believe any aspect of our data processing is problematic (see Your Rights below).

Cookies & Tracking Technologies

Like most online services, Coinkidink uses cookies and similar tracking technologies to provide, personalize, and improve our Services, as well as to deliver advertising (if applicable) and analytics. This section explains what these technologies are, how we use them, and what choices you have regarding them.

What Are Cookies? Cookies are small text files that are placed on your device (computer, smartphone, etc.) when you visit a website. Cookies allow the website to recognize your device and store certain information about your preferences or past actions. There are also similar technologies such as pixel tags (small images or scripts that load on a page to track that view) and mobile identifiers (unique codes on your phone for apps) – for simplicity, we refer to all these as “cookies and tracking technologies.”

How We Use Cookies: Coinkidink uses cookies and tracking technologies for a variety of purposes, including:

  • Essential Cookies: These cookies are necessary for our website or app to function properly. Without them, you wouldn’t be able to use core features of the Service. For example, authentication cookies that keep you logged in as you navigate pages, or cookies that remember your cookie consent choices. Essential cookies are always active because they are required for the operation of the Service; however, they do not collect any information for marketing purposes.


  • Preference Cookies: These remember your settings and preferences to provide a more personalized experience. For instance, a cookie might store your chosen language or other interface customizations so that you don’t have to set them each time. This improves usability.


  • Analytics Cookies: We use these to collect information about how users interact with our Service, which pages are visited, and any errors encountered. Specifically, Google Analytics may set cookies (such as _ga, _gid, etc.) to gather data on site usage. The information collected (including possibly your IP address and device info) is transmitted to and stored by Google on their servers. We use the insights from these cookies to improve our Service’s functionality and content. We have configured our analytics settings to respect privacy as much as possible (e.g., anonymizing IP addresses and not sharing detailed data with Google beyond our own analysis). Analytics cookies will only be set on your device with your consent where required by law. On our website, you will be presented with a cookie notice or preferences tool when you first visit, allowing you to accept or decline non-essential cookies like analytics.


  • Advertising and Marketing Cookies: As of the date of this Policy, Coinkidink is not displaying third-party ads on our platform. If this changes in the future and we or our partners use cookies to personalize ads to you, we will update this policy and obtain your consent where legally required. These types of cookies would track your browsing habits on our site and possibly across other sites to show you relevant advertisements. We will always comply with applicable laws regarding advertising cookies (which typically require opt-in consent). You can rest assured that we do not share personally identifying information with advertisers without your permission.


  • Third-Party Cookies: In addition to the cookies we set, some third-party services we use may set their own cookies on our site or app. For example, Stripe might set cookies to help with payment processing or fraud prevention when you make a payment, and Google Analytics sets cookies for analytics as mentioned. These third-party cookies are controlled by the providers themselves, not by Coinkidink, but we ensure that we only allow third-party cookies that serve a necessary function in our Service. We also provide you with information and choices about these cookies via our cookie consent mechanism.


Your Choices for Cookies: You have several options to control or limit how cookies and similar technologies are used:

  • Cookie Consent Banner: On our website, we provide a cookie notice (and/or a preferences center) that allows you to accept or reject non-essential cookies. You can choose to accept all cookies, decline those that are not strictly necessary, or customize your preferences. If you decline analytics (and other optional cookies), those cookies will not be placed on your device. Note that you may still see generic, non-personalized content or messages, but they won't be tailored using cookies.


  • Browser Settings: Most web browsers allow you to refuse new cookies, delete existing cookies, or notify you when new cookies are set. You can usually find these controls in your browser’s “preferences” or “settings” menu. Please note that disabling all cookies might affect the functionality of our Service – for example, you might not be able to stay logged in or some features might not work properly if cookies are turned off.


  • Google Analytics Opt-Out: If you want to opt out of Google Analytics specifically, Google provides an official Google Analytics Opt-out Browser Add-on. Installing this add-on in your browser prevents Google Analytics from collecting information on that browser for any site. Alternatively, you can adjust your cookie settings as described above to block Google Analytics cookies.


  • Do Not Track Signals: Some browsers have a “Do Not Track” feature that lets you tell websites you do not want to be tracked. Our Service honors Do Not Track signals for tracking cookies: if your browser is set to DNT, we will treat it as an opt-out of analytics/marketing cookies. However, note that Do Not Track is a voluntary standard; not all websites respond to DNT and DNT does not affect essential cookies.


  • Mobile Advertising IDs: If our mobile app uses advertising or analytics that rely on your device’s advertising ID, you can usually reset or limit tracking on your mobile device. Check your device settings (for example, on iOS there’s an option to “Limit Ad Tracking,” and on Android to “Opt out of Ads Personalization”).


We also maintain a Cookie Notice or Cookie Policy (if separate from this Privacy Policy) on our website where you can find more detailed information about the specific cookies in use and update your preferences at any time.

By continuing to use our website/app with cookies enabled after seeing our cookie banner, you are agreeing to our use of cookies in line with your preferences. Remember, you can change your mind and modify your consent choices at any time through the tools described above.

Data Retention: How Long We Keep Your Data

Coinkidink Ltd will retain your personal data only for as long as it is necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. We have policies in place to determine the appropriate retention period for different types of data, considering the nature of the data, the volume, the sensitivity, the purposes for which we process it, and applicable legal requirements. Below we outline our general retention practices for various categories of data:

  • Account Information: If you create an account with us, we will keep your account profile information (such as your name, email, login details, and any profile data) for as long as your account remains active. If you choose to delete your account or if your account is inactive for an extended period, we will initiate the deletion or anonymization of your personal data associated with the account. Inactive accounts: We may consider an account inactive after a prolonged period of no use (e.g., 12 months or more of inactivity), and we might contact you to confirm if you wish to keep it. If we decide to remove inactive accounts, we will give notice via your registered email. In any event, upon your request to delete your account, we will remove or anonymize personal data that can identify you, except for any data we are required or permitted to retain by law (as described below).


  • Transaction and Payment Data: Records of transactions you’ve made through our Service (such as purchase history, amounts, and timestamps, as well as billing name or address if provided) are retained as long as necessary for our financial records and compliance. Legal requirement: UK law and tax regulations often require businesses to keep transaction records for a minimum period (for example, six (6) years) for tax and accounting purposes. Therefore, even if you delete your account or ask us to erase data, we may retain certain payment-related information in our financial records until the end of the required period. However, this information will only be used for those legal purposes and not for marketing or other business uses once your account is deleted.


  • Communications and Support Inquiries: If you correspond with us (via email or support chat, etc.), we may retain those communications and our responses for a period of time. This helps us maintain a record of your request and our response in case of follow-up, and to train or audit our customer service. Typically, we would keep routine support emails for roughly 1-2 years after resolution, unless you ask us to delete them sooner. In some cases, where communications might be relevant to a legal dispute or required for our legitimate interests (e.g., reports of abuse, or instructions about your account), we might need to retain them for a longer period.


  • Analytics Data: Data collected via Google Analytics and similar tools may be stored by Google according to their retention settings. We have set our Google Analytics data retention to an appropriate period (for instance, 26 months) after which Google automatically deletes the data. Additionally, we often only view aggregate analytics, but if any user-level analytics data exists, we typically do not store it beyond the analytics platform’s retention window. Any exported reports or aggregated data we keep will not identify individual users.


  • Server Logs and Device Data: Our servers may automatically keep logs of certain events (like login attempts, IP addresses, errors) for security and debugging purposes. These logs are generally rotated or deleted within a short timeframe, usually within a few months, unless we need to investigate specific incidents. If any log data is retained longer (for instance, logs related to security incidents or fraudulent activity), it will be to support our investigations and it will be deleted or anonymized when no longer needed.


  • Marketing Data: If you have subscribed to our newsletter or marketing emails, we will keep your contact details on our mailing list until you unsubscribe or withdraw consent. If you opt-out of marketing, we will remove you from the active mailing list promptly. However, we might keep a record of your email on a suppression list (a minimal record of those who have unsubscribed) to ensure we honor your opt-out and do not send you further communications by accident. This suppression list is maintained indefinitely as required to comply with your opt-out request.


  • Backup and Archive: Like many companies, we perform routine backups of our systems to prevent data loss. Backup files are retained for a limited time and are securely stored. If personal data is removed from our live systems (because you deleted your account or made a deletion request), that data will also be removed from our active databases. It’s possible that residual copies might temporarily remain in backups. However, all backups eventually expire and are overwritten, and we also have processes to delete or render personal data inactive in backups if we must restore from a backup. We will not restore or use a backup for anything other than system recovery.


After the applicable retention period ends, we will either securely delete your personal data or anonymize it (so that it can no longer be associated with you) for statistical purposes. If for technical reasons we cannot delete the data entirely (for example, data stored in long-term archives), we will ensure it is isolated and secured from further processing until deletion is possible.

Your Rights (GDPR/Data Protection Rights)

As a user of our Services and as a data subject under the UK GDPR and Data Protection Act, you have a number of important rights regarding your personal data. Coinkidink Ltd is committed to respecting and upholding these rights. Below, we outline your key rights and explain how you can exercise them. Please note that these rights are subject to certain conditions and exceptions under the law; in some cases, they may not apply or may be limited (for example, we might not delete data we are required by law to keep, even if you request erasure, but we will inform you if such an exception is relevant).

1. Right to Be Informed: You have the right to be informed about the collection and use of your personal data. This Privacy Policy, along with any just-in-time notices we provide (like pop-up explanations at the point of data collection), is intended to keep you informed about what data we collect, how we use it, who we share it with, and your rights. We strive to be transparent in line with this right.

2. Right of Access: You have the right to access the personal data we hold about you. This is sometimes called a “Data Subject Access Request.” You can request a copy of the information we hold on you and verify that we are processing it lawfully. On request, we will provide you with a copy of your personal data in our records, typically free of charge. If your request is unusually complex or repetitive, we may charge a reasonable fee or take longer to respond (we will inform you of any such need and the reasons why). We will ask you to provide information to verify your identity before releasing data, to ensure we don’t give your data to an unauthorized person.

3. Right to Rectification: If any of your personal data that we have is inaccurate or incomplete, you have the right to have it corrected. You can ask us to update or correct erroneous details (such as updating your contact info or fixing a misspelled name). Where possible, we provide self-service tools in your account profile to edit certain information; for anything you cannot change yourself, you can contact us and we will make the corrections for you.

4. Right to Erasure: Also known as the “right to be forgotten,” this right allows you to request the deletion of your personal data. You can ask us to erase your personal data when it is no longer necessary for the purpose we collected it, or if you have withdrawn consent (and no other legal basis for processing applies), or if you object to processing and we have no overriding legitimate grounds to continue, or if we unlawfully processed your data, or to comply with a legal obligation. In plain terms, if you want us to delete your data, contact us with your request. We will honor this right wherever possible, by deleting or anonymizing your personal information from our systems. Keep in mind there are exceptions – we may retain certain information if required (for example, we cannot delete your transaction records that we must keep for legal/tax reasons, and we might keep minimal information to record that we honored your request). If an exception applies, we will explain it to you in our response.

5. Right to Restrict Processing: You have the right to request that we limit the processing of your personal data in certain circumstances. This means we would mark certain data as “restricted” and only use it for specific reasons. You might exercise this right if: you contest the accuracy of the data (we then restrict processing while verifying accuracy); or if processing is unlawful but you oppose erasure and prefer restriction; or if we no longer need the data but you need us to keep it for a legal claim; or if you have objected to processing (see next right) and we are considering whether our legitimate grounds override yours. When processing is restricted, we will still store your data, but not use it further except for those allowed purposes (such as legal claims or protecting others’ rights) until the restriction is lifted.

6. Right to Data Portability: For data that you have provided to us and that we process by automated means under consent or contract (for example, data in your profile, or content you’ve generated), you have the right to receive that data from us in a commonly used, machine-readable format (such as JSON or CSV), and you have the right to transmit that data to another controller (or have us transfer it, where technically feasible) if you so choose. This right is intended to allow you to take your data to other services easily. We will provide portable data when requested, to the extent it applies to our Service. Note that this right only covers certain data (it doesn’t apply to data we create about you from our analysis, for instance, and not to paper records).

7. Right to Object: You have the right to object to our processing of your personal data in certain situations:

  • Direct Marketing: You can always object to the use of your data for direct marketing purposes. If you object, we will stop using your data for marketing immediately. (An easy way to do this is by unsubscribing from emails or contacting us with a request to opt out of marketing.)

  • Legitimate Interests: If we are processing your data based on a “legitimate interest” legal basis, you have the right to object to that processing if you feel it impacts your rights or freedoms. If you object, we will consider your request and stop processing the data in question unless we have compelling legitimate grounds that override your rights (or if we need to continue processing for legal claims). For example, if we process your data for improving services (a legitimate interest), and you object, we’ll weigh our reasons against your privacy rights.

  • Automated Decisions: If we were doing any automated decision-making with significant effects (we are not, as noted), you would have the right to object and request human intervention.

8. Right to Withdraw Consent: In cases where we rely on your consent to process data (such as for sending marketing emails or certain cookies), you have the right to withdraw that consent at any time. Withdrawing consent will not affect the lawfulness of any processing we did based on your consent before withdrawal. It simply means that going forward, we will stop the processing that was based on consent. For example, you can withdraw consent for marketing by unsubscribing, or withdraw consent for analytics cookies by changing your cookie settings.

9. Right to Lodge a Complaint with a Regulator: If you believe that we have handled your personal data improperly or violated your privacy rights, you have the right to make a complaint with the supervisory authority in the UK. In the UK, the supervisory authority is the Information Commissioner’s Office (ICO). You can contact the ICO for advice or to file a complaint. We encourage you to contact us first, so we have the opportunity to address your concerns directly, but you are not obligated to do so. The ICO’s contact details can be found on their official website (ico.org.uk).

Exercising Your Rights: You can exercise any of your rights by contacting us using the contact information provided in the Contact Information section at the end of this policy (email is usually best for a written record). Please state clearly which right you wish to exercise and provide us with enough information to verify your identity (for example, by contacting us from the email associated with your account). We will respond to your request as soon as possible, and no later than one month from receiving it, in accordance with the GDPR. If your request is complex or if we have received many requests, we may extend this period by up to two further months, but we will inform you and explain why if an extension is needed.

There is generally no fee for exercising your rights. However, if a request is unfounded or excessive (for instance, repetitive requests without basis), we are permitted by law to charge a reasonable fee or refuse the request. We will obviously endeavor to assist with all legitimate requests.

We value your privacy and will do our best to uphold your rights. If you have any questions about your rights or how to exercise them, please contact us and we will be happy to help.

Data Security: How We Protect Your Information

Coinkidink Ltd takes the security of your personal data very seriously. We implement a variety of technical and organizational security measures to protect your information from unauthorized access, loss, misuse, alteration, or destruction. While no service can guarantee absolute security, we strive to use industry best practices and constantly improve our safeguards to keep your data safe. Here are some key aspects of our data security approach:

  • Encryption in Transit and At Rest: Our website is secured via HTTPS, which means that any data you send to us is encrypted in transit using TLS/SSL encryption. This helps prevent eavesdropping on data as it travels between your device and our servers. We also ensure that personal data stored in our databases or on cloud services (such as Firebase) is encrypted at rest whenever those services support it (Firebase, for example, encrypts data on its servers). Encryption makes it much harder for unauthorized parties to access data even if they were to gain access to the storage.


  • Access Controls and Confidentiality: We limit access to personal data strictly to Coinkidink staff, contractors, and service providers who need to access it for the purposes described in this policy. For example, our customer support team can see the information needed to assist you, but they will not have access to data they do not require. All personnel with access to personal data are bound by confidentiality obligations and are trained in data protection. We follow the principle of least privilege, meaning each team member’s account has only the minimum permissions required for their role.


  • Authentication and Account Security: If you have an account on our Service, it is protected by a password (and possibly additional authentication methods). We store user passwords in a hashed form (a one-way cryptographic format) which means we do not keep your actual plaintext password. We strongly encourage you to choose a unique, strong password and keep it confidential. We will never ask you for your password via email or phone. If we offer two-factor authentication (2FA) or login verification options, we encourage you to use them for added security on your account.


  • Network and Application Security: Our servers and cloud services are protected by firewalls and network security monitoring to guard against external attacks. We keep our software and systems updated with the latest security patches. We conduct regular security assessments, such as vulnerability scans and, where appropriate, penetration testing, to identify and address potential security weaknesses. For our mobile application, we follow secure coding practices to prevent common vulnerabilities. We may also utilize intrusion detection and prevention systems to monitor for suspicious activities in our infrastructure.


  • Data Minimization: We try to collect and retain only the personal data that we truly need. By minimizing what data we have, we reduce the risk associated with storing large amounts of personal information. If we don’t need certain data, we won’t ask for it; if we no longer need data, we make sure to dispose of it securely (as described in the Data Retention section).


  • Secure Payment Processing: As mentioned, we outsource payment processing to Stripe. This means that when you enter payment details, that information is processed securely by Stripe, which is certified to handle financial data. We do not store sensitive financial information on our own servers, which adds an extra layer of security for your payment data.


  • Third-Party Security Measures: We choose reputable third-party service providers (like Microsoft, Google, Stripe) that have strong security track records. We review their security and privacy practices (for example, Google and Microsoft have robust security certifications such as ISO 27001, and Stripe is PCI-DSS compliant). Our agreements with them require them to maintain appropriate security measures. While we can’t publicly detail all measures for security reasons, please know that we take care in selecting partners who meet high security standards.


  • Monitoring and Breach Response: We monitor our systems for potential vulnerabilities and attacks. In the unfortunate event of a data breach or security incident affecting your personal data, we have an incident response plan in place. We will respond promptly to contain and investigate the issue. If a personal data breach occurs that poses a high risk to your rights and freedoms, we will inform you and the relevant authorities (such as the ICO) as required by law, without undue delay.


It’s important to remember that you also play a role in keeping your data secure. Ensure that you keep your account credentials private, use a strong password, and log out of accounts when using shared devices. Be cautious of “phishing” attempts — Coinkidink will never request sensitive information like your password via email. If you have any reason to believe that your interaction with us or your account is no longer secure (for example, if you feel your account has been compromised), please contact us immediately so we can assist.

International Data Transfers

Coinkidink Ltd is a UK-based company, and the data we collect from you will primarily be stored and processed within the United Kingdom or the European Economic Area (EEA). However, some of our third-party service providers are located in, or may store data in, other countries outside the UK. Notably, the United States is a location where providers like Google (for Firebase and Analytics), Microsoft, and Stripe might process data. Whenever your personal data is transferred outside of the UK (or EEA), we take steps to ensure that an equivalent level of data protection is applied to it, as required by UK data protection law.

Transfers to the EEA: The UK government has recognized the EEA (which includes EU member states, Norway, Iceland, Liechtenstein) as providing an adequate level of data protection. This means we can freely transfer data to and from the EEA much like within the UK. Many of our systems are potentially in the UK or EU data centers, so such transfers are common and legally allowed under an “adequacy” decision.

Transfers to Other Countries (e.g., United States): When we transfer or allow access to personal data outside the UK/EEA to countries that have not been deemed “adequate” by the UK (for instance, the U.S. currently does not have a blanket adequacy decision from the UK), we will ensure appropriate safeguards are in place. The measures we rely on include:

  • Standard Contractual Clauses (SCCs): These are contractual clauses approved by the European Commission (and recognized in the UK) that impose data protection obligations on the foreign recipient of the data. For example, our contracts with service providers like Google, Microsoft, and Stripe typically incorporate Standard Contractual Clauses to cover any transfers of personal data to the U.S. or other countries. This means that those providers are contractually bound to protect your data to GDPR standards even when your data leaves Europe/UK.


  • International Data Transfer Agreement (IDTA) or Addendum: The UK has its own framework (IDTAs or the UK addendum to SCCs) to accompany Standard Contractual Clauses post-Brexit. Where applicable, we use the UK’s approved mechanisms to make sure transfers are compliant with UK requirements.


  • Privacy Frameworks or Certifications: We also consider whether the data importer is certified or following any approved frameworks. For instance, as of the date of this policy, new frameworks like the EU-US Data Privacy Framework (DPF) have been introduced. If our providers are certified under such a framework and the UK accepts it (or a UK extension of it), that might be an additional safeguard. (We will monitor developments for a UK-US data transfer arrangement; currently, our main method is SCCs.)


  • Provider Policies and Security: The companies we use (Google, Microsoft, Stripe) are leaders in data protection. They implement strong security measures and have comprehensive privacy programs. While this alone doesn’t legally permit transfer, it gives assurance that your data is handled securely overseas. We also conduct Transfer Impact Assessments where necessary to evaluate risks involved in transferring data to certain countries, and we take supplementary measures (like encryption) if needed to mitigate risks.


Your Rights with International Transfers: Regardless of where your data is processed, we will uphold your rights and protect your data as described in this policy. If you have questions about international data transfers or want more details about the safeguards in place (such as requesting a copy of the relevant contractual clauses, subject to confidentiality), you can contact us.

By using our Services, you understand that your personal data may be transferred to our facilities and those third parties with whom we share it as described above, even if they are located in other countries. We will always ensure such transfers are done in compliance with applicable laws to maintain the confidentiality and security of your information.

Governing Law & Dispute Resolution

This Privacy Policy, and any dispute or claim (including non-contractual disputes or claims) arising out of or in connection with it or with our handling of personal data, is governed by and shall be construed in accordance with the laws of England and Wales, United Kingdom. In other words, the data protection and privacy laws of the UK (as applicable) will apply to the handling of your information, even if you access our Services from outside the UK.

By using our Services, you agree that any disputes regarding privacy or this policy will be subject to the exclusive jurisdiction of the courts of England and Wales. We also acknowledge that as a data subject, you have the right to seek assistance from the appropriate supervisory authority (like the ICO in the UK, or potentially your local data protection authority if applicable) or to seek remedies through the courts if you believe your rights have been violated.

Before pursuing legal action, we sincerely encourage you to contact us directly to discuss and hopefully resolve any issue. We are committed to addressing your concerns and will do our best to find a fair resolution to any privacy-related complaints. However, this section does not limit your right or ability to seek remedies under the law; it simply clarifies which laws and jurisdictions will govern those proceedings.

Please note that your use of our Services may also be subject to additional terms and conditions (such as our Terms of Service), which may include separate dispute resolution provisions for non-privacy issues (like service usage or intellectual property matters). Those terms and this Privacy Policy should be read together, but if there is a conflict specifically about how we handle personal data, this Privacy Policy will prevail.

Changes to This Privacy Policy

We may update or revise this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or for other operational reasons. When we make changes, we will let you know by updating the “Last Updated” date at the top of this policy. In case of significant or material changes that affect your rights or how we use your personal data, we will take additional steps to notify you: for example, we might post a prominent notice on our website or send you an email notification of the changes.

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. If you continue to use our Services after a change to the policy has been posted, this will signify your acceptance of the updated terms, to the extent permitted by law. If required by applicable law, we will also seek your explicit consent to new processing activities or to certain updates (for instance, if we were to expand the ways we use personal data beyond what we have told you here, we would get your consent or give you the chance to opt in or out).

For minor changes or clarifications that do not materially affect your rights, we may not send out an individual notice, so please check the effective date to see if it has been updated since your last read. We will always indicate what has changed either within the policy text (if it's a clarification) or in the notice.

If you disagree with any changes to this Privacy Policy, you should stop using our Services and you may contact us if you wish to delete your account or have concerns. We will not reduce your rights under this Privacy Policy without your consent (where required), and we aim to always be transparent about any updates.

Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or any aspect of our privacy practices, please do not hesitate to contact us. We are here to help and will gladly address any inquiries you have.

Coinkidink Ltd
 Email: operations@coinkidinkapp.com
Address: 101 New Cavendish St, London W1W 6XH, United Kingdom
Website: www.coinkidinkapp.com (you may find additional contact options and information on our website)

When contacting us, please provide sufficient detail about your question or request, and if you are an existing user, it may help to include the email address associated with your account or any relevant context so we can assist you more efficiently.

We will endeavor to respond to all legitimate requests as promptly as possible, and at the latest within any timeframes required by law. If you are contacting us to exercise any of your data protection rights, please see the Your Rights section above for information on the process and what to include.

Thank you for reading our Privacy Policy. Your privacy is important to us, and we are committed to protecting and respecting your personal data as you use Coinkidink’s Services.

Terms ›