Contents
- Who We Are
- Information We Collect
- Legal Basis for Processing (GDPR)
- How We Use Your Data
- Cookies & Tracking Technologies
- Sharing & Third-Party Processors
- Data Retention
- International Data Transfers
- Your Rights
- California Residents (CPRA)
- Children’s Privacy
- Security
- Changes to This Policy
- Contact & DPO
1. Who We Are
This Privacy Policy is issued by AegisIQ Limited, a company incorporated in Hong Kong SAR ("we," "us," "our"), operator of CryptoLoveYou.com and its associated services. We act as the data controller for personal data collected through this website.
We are committed to protecting your privacy in accordance with:
- GDPR — EU General Data Protection Regulation (2016/679)
- CCPA / CPRA — California Consumer Privacy Act & California Privacy Rights Act
- PDPO — Hong Kong Personal Data (Privacy) Ordinance (Cap. 486)
- PECR — UK Privacy and Electronic Communications Regulations 2003
- General international privacy best practices
2. Information We Collect
2.1 Information You Provide Directly
- Contact form submissions — name, email address, message content
- Newsletter sign-up — email address, optional name
- Comments / community — username, email (if applicable)
2.2 Information Collected Automatically
- IP address and approximate geographic location (country/city level)
- Browser type, version, and operating system
- Referring URL and pages visited
- Session duration and interaction data
- Device type (desktop, mobile, tablet)
- Cookies and similar tracking technologies (see Section 5)
2.3 Affiliate Interaction Data
When you click an affiliate link, we record an anonymized click event (timestamp, referring page, destination partner). We do not receive your personal data from affiliate partners unless you explicitly provide it on their platforms.
3. Legal Basis for Processing (GDPR)
For users in the EU/EEA and UK, we process personal data under the following lawful bases under GDPR Article 6:
| Purpose | Legal Basis |
|---|---|
| Sending newsletters you subscribed to | Consent (Art. 6(1)(a)) |
| Responding to contact form enquiries | Legitimate interests / Contract (Art. 6(1)(b/f)) |
| Analytics to improve the site | Legitimate interests (Art. 6(1)(f)) |
| Affiliate tracking (anonymised) | Legitimate interests (Art. 6(1)(f)) |
| Legal obligations (e.g. tax records) | Legal obligation (Art. 6(1)(c)) |
| Fraud prevention and security | Legitimate interests (Art. 6(1)(f)) |
Where we rely on legitimate interests, we have assessed that our interests are not overridden by your rights. You may object to processing on this basis — see Section 9.
4. How We Use Your Data
- To publish and deliver crypto, AI, and financial news content
- To send newsletters and updates to subscribers (opt-in only)
- To respond to enquiries submitted via our contact form
- To analyse site usage and improve user experience
- To display relevant affiliate content and track referral clicks
- To detect and prevent fraud, abuse, and security breaches
- To comply with legal obligations and enforce our Terms of Service
- To sync leads with our CRM (HubSpot) for editorial and sales follow-up
We never sell your personal data to third parties for their marketing purposes.
5. Cookies & Tracking Technologies
We use the following categories of cookies:
| Category | Purpose | Examples |
|---|---|---|
| Essential | Site functionality, security, CSRF protection | Session cookies |
| Analytics | Understanding visitor behaviour (anonymised) | Google Analytics (GA4), first-party analytics |
| Marketing | Affiliate tracking, retargeting | Partner pixels (Bybit, Binance referral) |
| Preferences | Storing language and display preferences | lang=en, theme cookies |
You can manage or delete cookies via your browser settings at any time. Disabling non-essential cookies will not prevent you from using the site. Google Analytics data is anonymised (IP anonymisation enabled) and retained for 14 months.
6. Sharing & Third-Party Processors
We share data only as necessary with the following categories of processors, each bound by data processing agreements:
| Processor | Purpose | Data Shared |
|---|---|---|
| Netlify (USA) | Web hosting & serverless functions | Server logs, IP addresses |
| Supabase (USA) | Database (contact form data, analytics) | Name, email, message |
| Google Analytics (USA) | Website analytics | Anonymised usage data |
| Google Tag Manager (USA) | Tag management | Page views, events |
| Resend (USA) | Transactional & newsletter email | Email address, name |
| HubSpot (USA) | CRM & lead management | Name, email, enquiry |
| Beehiiv (USA) | Newsletter platform | Email address, name |
| Affiliate Partners | Referral tracking (Bybit, Binance, Changelly, etc.) | Anonymised click ID only |
We may also disclose data: (a) to comply with law or valid legal process; (b) to protect our rights or those of others; (c) in connection with a business transfer or acquisition, with advance notice.
7. Data Retention
| Data Type | Retention Period |
|---|---|
| Contact form submissions | 2 years from submission |
| Newsletter subscriber records | Until unsubscribe + 1 year |
| Analytics data | 14 months (Google Analytics default) |
| Server / access logs | 90 days |
| Affiliate click records (anonymised) | 3 years (commission auditing) |
| Legal correspondence | 7 years (HK Companies Ordinance) |
When retention periods expire, data is securely deleted or anonymised.
8. International Data Transfers
As we use cloud-based processors primarily located in the United States, your data may be transferred outside the EU/EEA. We rely on the following safeguards:
- Standard Contractual Clauses (SCCs) — for transfers to US-based processors under GDPR Chapter V
- EU-US Data Privacy Framework — where applicable processors are certified
- Adequacy decisions — where available for the destination country
Transfers to/from Hong Kong are governed by the PDPO, which applies comparable protections. You may request a copy of our transfer safeguards by contacting us.
9. Your Rights
Depending on your jurisdiction, you have the following rights:
GDPR / UK GDPR Rights (EU & UK residents)
- Access — obtain a copy of your personal data we hold
- Rectification — correct inaccurate or incomplete data
- Erasure ("right to be forgotten") — request deletion where no legitimate basis remains
- Restriction — ask us to limit processing in certain circumstances
- Portability — receive your data in a structured, machine-readable format
- Objection — object to processing based on legitimate interests
- Withdraw consent — at any time, without affecting prior lawful processing
- Automated decisions — not to be subject to solely automated decisions with significant effects (we do not conduct such processing)
You also have the right to lodge a complaint with your local supervisory authority (e.g. ICO in the UK, your national DPA in the EU).
PDPO Rights (Hong Kong residents)
- Access personal data we hold about you
- Correct inaccurate personal data
Requests can be made to the Privacy Commissioner for Personal Data (PCPD).
To exercise any right, email: privacy@cryptoloveyou.com. We respond within 30 days (or 1 month for GDPR). Identity verification may be required.
10. California Residents (CPRA)
Under the California Consumer Privacy Act (CCPA) as amended by the CPRA, California residents have these additional rights:
- Know — the categories and specific pieces of personal information collected
- Delete — personal information we have collected (subject to exceptions)
- Correct — inaccurate personal information
- Opt-Out of Sale/Sharing — we do NOT sell or share personal information for cross-context behavioural advertising
- Limit Use of Sensitive Information — we do not collect sensitive personal information as defined by CPRA
- Non-Discrimination — we will not discriminate against you for exercising these rights
To submit a CPRA request: email privacy@cryptoloveyou.com with subject "CPRA Request." We will respond within 45 days. You may designate an authorised agent to make requests on your behalf.
Categories of personal information collected in the prior 12 months: identifiers (email, IP), internet activity data (browsing history on our site), commercial information (affiliate clicks), inferences drawn from usage data.
11. Children’s Privacy
CryptoLoveYou.com is not directed at children under 18 years of age. We do not knowingly collect personal data from minors. If you believe we have inadvertently collected data from a child under 18, please contact us immediately at privacy@cryptoloveyou.com and we will delete it promptly. We comply with the Children’s Online Privacy Protection Act (COPPA) for users in the United States.
12. Security
We implement industry-standard technical and organisational measures to protect your personal data, including:
- HTTPS/TLS encryption for all data in transit
- AES-256 encryption for sensitive data at rest (e.g. API tokens)
- Access controls and role-based permissions
- Regular security audits and dependency updates
- Multi-factor authentication (MFA) for all administrative access
No system is 100% secure. In the event of a data breach affecting your rights, we will notify you and relevant authorities as required by applicable law (within 72 hours under GDPR).
13. Changes to This Policy
We may update this Privacy Policy to reflect changes in law, our practices, or our services. When we make material changes, we will update the "Last Updated" date at the top of this page. For significant changes affecting your rights, we will provide more prominent notice (e.g. a banner on the site or email notification to subscribers). Your continued use of the site after changes take effect constitutes acceptance of the updated policy.
14. Contact & DPO
Privacy Enquiries
Controller: AegisIQ Limited
Jurisdiction: Hong Kong SAR
Privacy Email: privacy@cryptoloveyou.com
Legal Email: legal@cryptoloveyou.com
Website: cryptoloveyou.com/contact/
We aim to respond to all privacy requests within 30 days. For complex requests requiring extension, we will notify you within the first 30 days.