Privacy Policy

Welcome to CryptoShill (“CryptoShill”, “we”, “our”, or “us”).

This Privacy Policy explains what data we collect, why we collect it, how we use it, and the choices you have.

Using our platform, Telegram bot, dashboards or any related services (collectively the "Services") means you consent to this Policy.

Not Legal Advice: This document is for transparency; obtain independent legal counsel for regulatory or compliance decisions.

This Policy covers data processed when you:

• Visit our website or landing pages.
• Create or manage an account.
• Hire or act as a shiller / promoter.
• Submit project information, marketing briefs, creatives, or feedback.
• Interact with our Telegram bot, dashboards, emails, support, or analytics.

Sensitive Data: We do not intentionally collect sensitive personal data (e.g., government IDs). Please do not submit unnecessary sensitive data.

If you submit third‑party personal data (e.g. team member contacts) you confirm you have lawful basis to do so.

We process data to:

1. Provide & Maintain Services – account provisioning, campaign orchestration, shiller coordination.
2. Optimize Performance – analyze which features deliver ROI.
3. Security & Abuse Mitigation – detect spam, Sybil behavior, multi‑account fraud.
4. Communications – transactional emails, service notices, security alerts.
5. Payment – verifying completed promotions, generating receipts.
6. Compliance – responding to lawful requests, enforcing Terms of Service.
7. Product Development – anonymized aggregate insights to improve tools.
8. Marketing (Limited) – only with appropriate consent / legitimate interest; you may opt out.

We maintain principles of data minimization and purpose limitation.

Where applicable, we rely on:

• Contract Necessity – core functionality you request.
• Legitimate Interests – security, analytics, service improvement (balanced against your rights).
• Consent – optional marketing communication, certain cookies.
• Defense of Claims – preserving necessary records.

We use first‑party and (limited) third‑party technologies:

• Essential – auth session tokens, CSRF protection.
• Functional – UI preferences (dark mode, language).
• Analytics – engagement metrics (aggregated).
• Fraud / Security – rate-limiting tokens, anomaly detection.

You can control cookies via browser settings. Disabling essential cookies may break core features.

We currently do not respond to “Do Not Track” signals (industry standard incomplete).

We retain data only as long as necessary for the purposes stated:

• Payment proves: payment prove info (e.g. 1–6 months) for dispute resolution.
• Security logs: typically 90–180 days unless linked to investigations.
• Legal / financial records: as required by applicable law.

When deletion occurs we use secure erasure or anonymization.

We do not sell personal data.

We may share with:

• Service Providers (e.g., analytics, anti‑fraud, email) under contractual confidentiality.
• Operational Partners / Shillers only limited project briefing info required for execution (not your billing data).
• Legal & Compliance authorities if lawfully requested.
• Business Transfers – merger, acquisition, restructuring (users notified where feasible).
• Aggregated Insights – non‑identifiable statistics (e.g., average impressions) for marketing.

All recipients must only process data per our instructions.

Depending on your jurisdiction you may have rights to:

• Access a copy of your personal data.
• Rectify inaccurate data.
• Delete (erase) certain data (“right to be forgotten”) (contact support).
• Withdraw consent (where processing is based on consent).
• Lodge a complaint with a supervisory authority.

Requests: Contact us (see Contact Us) with sufficient detail to verify identity. We may decline manifestly unfounded / excessive requests.

Measures include (non‑exhaustive):

• Segregated environments & least‑privilege access.
• Encryption in transit (HTTPS) & at rest (cloud provider tooling).
• Rate limiting, anomaly & abuse detection.
• Regular dependency patching & key rotation.
• Logical monitoring & audit logging.

No system is 100% secure; you share responsibility (e.g., safeguarding credentials). Report incidents promptly.

The Services are not directed to children under 13 (or minimum required age in your jurisdiction). We do not knowingly collect data from minors. If you believe a minor provided data, contact us for prompt removal.

We may update this Policy to reflect operational, legal, or regulatory changes.

• Notice: Material changes via in‑app banner, email, or revision highlight.
• Versioning: “Last Updated” date below.

Continued use after effective date signifies acceptance.

Questions, requests, or complaints:

CryptoShill Privacy Team
Email: support@cryptoshill.io Support: Use the Contact Support link in the footer.

For faster resolution include: account email, a clear description.

• Personal Data: Any info relating to an identified or identifiable person.
• Processing: Any operation performed on data (collection, storage, deletion).
• Controller: Entity determining purposes & means of processing.
• Processor: Entity processing data on behalf of controller.
• Anonymization: Irreversibly removing identifiability.
• Pseudonymization: Replacing identifiers while allowing controlled re‑linking.