CoinMarketCal
Try the API

Privacy policy

Last updated · 13 May 2026

On this page · 13 sections
  1. 01Summary
  2. 02Data controller
  3. 03Data we collect
  4. 04How we use it
  5. 05Cookies
  6. 06Sub-processors
  7. 07International transfers
  8. 08Retention
  9. 09Security and breach notification
  10. 10Your rights
  11. 11Children
  12. 12Changes
  13. 13Contact

01Summary

  • We don't sell personal data.
  • We don't run behavioral advertising profiles.
  • Cookies: essential by default, analytics opt-in where required.
  • To access, export, or delete your data, email contact@coinmarketcal.com.

This policy applies to CoinMarketCal SARL (we, us) and the website, API, developer dashboard, communications, paid features, and ad placements (the Service). Read it with the Terms of service.

02Data controller

CoinMarketCal SARL · 8 Place Roger Salengro, 31000 Toulouse, France · contact@coinmarketcal.com.

03Data we collect

DataSourceWhy
Account (name, email, hashed password, organization)YouSign-in, support
API credentials (hashed key, scopes)You / usAuth, rate limit
Newsletter subscriptionYouSend the newsletter
Billing (name, address, VAT, last-4 of card)You / StripeInvoicing, tax
Usage logs (IP, user agent, request paths, timestamps)AutoSecurity, debug, capacity
Cookies and local storageAutoSee section 05

We don't knowingly collect special-category data (health, biometric, political opinions, etc.). Don't send it to us.

04How we use it

PurposeGDPR basis
Run the Service (accounts, API, payments, support)Contract
Service notices and repliesContract / legitimate interests
Marketing and sponsored email (opt out anytime)Consent / legitimate interests
Operate ads and sponsorships (no behavioral profiles)Legitimate interests
Improve the product, fix bugsLegitimate interests
Stop fraud and abuseLegitimate interests
Meet accounting, tax, and legal obligationsLegal obligation

We don't use personal data for automated decision-making with legal or similarly significant effects.

05Cookies

CategoryPurposeRequired
SessionSign-in state, CSRFYes
PreferencesTheme, filters, UI stateYes
AnalyticsFirst-party page metricsOpt-in

On first visit, a cookie banner asks for your consent to analytics cookies. You can change your choice anytime through the cookie preferences link in the footer. Required cookies are exempt from consent under the ePrivacy Directive.

We don't run third-party advertising trackers, behavioral profiling, Meta Pixel, Google Ads remarketing, or LinkedIn Insight. Disabling required cookies through your browser will break sign-in and similar features.

06Sub-processors

We share personal data only with the providers needed to run the Service. Each one has signed a DPA with EU Standard Contractual Clauses for transfers outside the EEA.

ProcessorPurposeRegion
Stripe Payments EuropePayments, billingIE / US (DPA + SCCs)
Amazon Web Services (AWS)Hosting, storage, email deliveryEU (eu-west-1) / US (DPA + SCCs)
CloudflareCDN, WAF, DNSGlobal (DPA + SCCs)

We may also disclose data to professional advisors (legal, accounting, audit) when needed for their services to us, and to authorities where required by law, regulation, or court order.

07International transfers

Your data may be processed outside the European Economic Area, including in the United States, by the providers listed in section 06. Where there is no adequacy decision, transfers rely on the European Commission's Standard Contractual Clauses (and the UK Addendum where applicable). Email contact@coinmarketcal.com for a copy of the safeguards in place.

08Retention

DataRetention
AccountFor the lifetime of the account, plus a reasonable post-closure period
NewsletterUntil you unsubscribe (we then keep a suppression record)
Billing records10 years (French Code de commerce)
Server and API logsUp to 12 months for security and debugging

We may retain data longer for an active claim, dispute, or legal hold. Once we no longer need it, we delete or anonymize it.

09Security and breach notification

We use commercially reasonable technical and organizational measures to protect personal data: encryption in transit, scoped access controls, and audited sub-processors. No system is impregnable; if a personal-data breach affecting your rights occurs, we'll notify the CNIL within 72 hours and inform affected users without undue delay, as required by GDPR Articles 33 and 34.

10Your rights

Under GDPR (and equivalents in the UK, California, and elsewhere) you can:

  • Access: get a copy of your data
  • Correct: fix anything wrong
  • Delete: close your account and erase your data
  • Export: download a portable copy
  • Object: to processing based on legitimate interests, including direct marketing
  • Withdraw consent: for anything we asked consent for
  • Complain: to your local DPA (in France, the CNIL)

To use any of these, email contact@coinmarketcal.com. We may verify your identity before responding.

We do not sell personal information or use it for cross-context behavioral advertising as defined under California law.

11Children

The Service is not for children. If you believe a child gave us data, email contact@coinmarketcal.com and we'll delete it.

12Changes

If we update this policy we change the date above. Significant changes get a service notice.

13Contact

contact@coinmarketcal.com · CoinMarketCal SARL · 8 Place Roger Salengro, 31000 Toulouse, France