Privacy Policy
Last updated: April 5, 2026
1. Introduction
Welcome to utxoIQ (“we,” “our,” or “us”). We are committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Bitcoin intelligence platform.
2. Information We Collect
2.1 Information You Provide
- —Account information (email address, hashed password)
- —Profile information (display name, preferences)
- —Payment information (processed securely through Stripe — we never store card numbers)
- —Communication data (support requests, feedback, contact form submissions)
2.2 Automatically Collected Information
- —Usage data (features accessed, time spent, API calls made)
- —Device information (browser type, operating system, IP address)
- —Analytics data (page views, click patterns, performance metrics)
- —Session tokens stored in browser memory (not localStorage)
3. How We Use Your Information
- —Provide, maintain, and improve our services
- —Process transactions and send billing-related notifications
- —Send administrative updates, security alerts, and service announcements
- —Respond to support requests and customer service enquiries
- —Generate AI-powered insights based on on-chain data (not personal data)
- —Monitor and analyse usage patterns to improve the platform
- —Detect, prevent, and address technical issues and security threats
- —Comply with legal obligations
4. Data Sharing and Disclosure
We do not sell your personal information. We may share your information only in the following circumstances:
- —Service providers: third-party vendors who perform services on our behalf (Google Cloud Platform, Stripe)
- —Legal requirements: when required by law or to protect our rights
- —Business transfers: in connection with a merger, acquisition, or sale of assets
- —With your consent: when you explicitly agree to share information
5. Data Security
We implement appropriate technical and organisational security measures, including:
- —Passwords stored as bcrypt hashes — never in plain text
- —JWT access tokens with 15-minute expiry; refresh tokens hashed in the database
- —Encryption of data in transit (TLS) and at rest
- —Access controls and role-based authentication
- —Secure cloud infrastructure (Google Cloud Platform)
- —Regular backups and disaster recovery procedures
6. Data Retention
We retain your personal information for as long as necessary to provide our services and fulfil the purposes outlined in this Privacy Policy. When you delete your account, we will delete or anonymise your personal information within 30 days, except where we are required to retain it for legal or regulatory purposes.
7. Your Privacy Rights
Depending on your location, you may have the following rights:
- —Access and receive a copy of your personal information
- —Correct inaccurate or incomplete information
- —Delete your personal information
- —Object to or restrict processing of your information
- —Data portability — receive your data in a structured format
- —Withdraw consent at any time
- —Lodge a complaint with a supervisory authority
To exercise these rights, contact us at hello@baref00t.io
8. Cookies and Tracking
We use minimal cookies — primarily for session management and security (CSRF protection). We do not use third-party advertising cookies. You can instruct your browser to refuse all cookies, though some parts of the service may not function correctly without them.
9. Third-Party Services
Third-party services we use:
- —Google Cloud Platform — infrastructure, hosting, and BigQuery analytics
- —Stripe — payment processing (PCI-DSS compliant)
- —Anthropic — AI insight generation (Claude)
- —OpenAI — AI insight generation (GPT-4o)
10. Children's Privacy
Our service is not intended for anyone under 18 years of age. We do not knowingly collect personal information from minors. If you believe a minor has provided us with personal information, please contact us immediately.
11. International Data Transfers
Your information may be transferred to and processed in countries other than your country of residence. We ensure appropriate safeguards are in place — including standard contractual clauses — to protect your information in accordance with this Privacy Policy.
12. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the “Last updated” date. Continued use of the service after changes constitutes acceptance of the updated policy.