Legal

GDPR
Compliance

Last updated: April 2026  ·  Regulation (EU) 2016/679

CFXDATA complies with the General Data Protection Regulation (GDPR), in force since May 25, 2018. This document describes how we collect, use, and protect your personal data, as well as the rights you hold as a resident of the European Economic Area.

Data Controller

CFXDATA acts as the data controller for all personal data collected through the platform and API. Any request relating to your data may be addressed directly to our team via official contact channels.

DPO Contact: Reachable via Discord or Telegram. We respond within a maximum of 72 hours.

Personal Data Collected

We collect only the data strictly necessary to provide our services:

  • Account data — email address, username, encrypted password
  • Billing data — cryptocurrency wallet addresses (no bank card stored)
  • Technical data — IP addresses, browser type, request timestamps
  • Usage logs — API access logs, credit consumption, endpoints called
  • Communications — messages sent through our support (Discord / Telegram)

Legal Basis for Processing

In accordance with Article 6 of the GDPR, our processing activities are based on the following legal grounds:

  • Contract performance — processing necessary to provide the subscribed API access
  • Legitimate interest — abuse prevention, platform security, service improvement
  • Legal obligation — data retention required by applicable law
  • Consent — for optional marketing communications only

Purposes of Processing

Your data is used exclusively to:

  • Provide, maintain, and improve access to the CFXDATA API
  • Manage your account and subscriptions
  • Detect and prevent abusive or fraudulent usage
  • Provide customer support and respond to your requests
  • Comply with our legal and regulatory obligations

Data Sharing & Transfers

CFXDATA never sells, rents, or transfers your personal data to third parties for commercial purposes. Transfers may only occur in the following cases:

  • Upon request from a competent judicial or administrative authority
  • To technical sub-processors (hosting, infrastructure) bound by GDPR-compliant contractual clauses
  • To protect the rights, property, or security of CFXDATA or its users

Data Retention

  • Account data — retained for the duration of the active subscription, then deleted within 30 days of cancellation
  • API logs — retained for 90 days for security and debugging purposes
  • Billing data — retained for 5 years in accordance with legal accounting obligations
  • Support data — retained for 12 months after the ticket is closed

Your GDPR Rights

As an EEA resident, you hold the following rights, which you may exercise at any time:

Right of Access
Right to Rectification
Right to Erasure
Right to Object
Right to Restriction
Right to Portability

To exercise any of these rights, contact us via Discord or Telegram. We acknowledge receipt within 72 hours and process your request within a maximum of one month, in accordance with Article 12 of the GDPR.

Data Security

CFXDATA applies state-of-the-art technical and organisational security measures:

  • All communications encrypted via HTTPS / TLS 1.3
  • Passwords hashed using the bcrypt algorithm (high cost factor)
  • API keys encrypted and never stored in plain text
  • Access to production data restricted to authorised personnel only
  • Continuous access monitoring with anomaly alerts

Cookies & Trackers

CFXDATA uses only cookies strictly necessary for the platform to function (authentication session, language preferences). No advertising or third-party tracking cookies are placed on your device. No additional consent is required for these essential cookies.

Right to Lodge a Complaint

If you believe that CFXDATA's processing of your personal data does not comply with the GDPR, you have the right to lodge a complaint with the supervisory authority in your country of residence. In France, this is the CNIL (Commission Nationale de l'Informatique et des Libertés) — www.cnil.fr.