Privacy Policy

Effective Date: 31 January 2024 | Last Updated: 5 July 2025

Crescent Tracking Corporation — a Delaware C-corporation (“Company”, “we”, “us”) — is committed to protecting your privacy. This Policy explains how we collect, use, and share information when you access our website or mobile application (the “Service”). The Service provides informational tools only and never stores private keys.

Registered Address (for statutory notices): 214 Majestic Pines Ln NW, Bemidji, MN 56601, USA

1 · Information We Collect

Categories include:

  • Identification Information (name, email)
  • API Keys (read-only; AES-256 encrypted at rest)
  • Device / Log Data (IP, user-agent, crash reports)
  • Approximate Location (derived from IP)
  • Usage Metrics (pages visited, clicks)
  • Cookies / JWTs (essential + analytics — see §7)
  • OAuth Profile Data (Google / X basic profile)
  • Portfolio Data (wallet addresses, balances)
  • Communications (support tickets, surveys)

2 · How We Use Information & Lawful Basis

  • Service Delivery — authenticate & display your portfolio (Contract / Legitimate Interest)
  • Product Improvement — debug, analyse, develop features (Legitimate Interest)
  • Marketing — send product news (Consent / Legitimate Interest, opt-out any time)
  • Legal Compliance & Security — prevent fraud, comply with law (Legal Obligation / Legitimate Interest)

3 · Sharing of Information

We do not sell personal information. We disclose only to:

  • Cloud & infrastructure providers (Azure, SendGrid, etc.)
  • Analytics & error-logging vendors (contract-bound)
  • Professional advisers (law, accounting)
  • Government or law-enforcement where required

4 · Security Measures

TLS 1.2+, AES-256 at rest, least-privilege roles, annual penetration testing.

5 · Data Retention

We keep data while your account is active; deleted accounts are purged within 30 days (live systems) and 90 days (back-ups).

6 · Your Privacy Rights

To exercise access, correction, deletion, or portability rights, email privacy@crescenttracking.com with “Privacy Rights Request” in the subject. We verify identity and respond within statutory timelines (30–45 days).

We honour Global Privacy Control (GPC) signals — analytics cookies are disabled when a valid GPC header is present.

7 · Cookies & Tracking

Essential cookies (JWT) are required; analytics cookies remain off until you click “Accept All” in the banner.

8 · Children’s Privacy

Not directed to under-18s; we delete any such data on discovery.

9 · International Transfers

Data processed in the USA; Standard Contractual Clauses used for EEA/UK transfers.

10 · Third-Party Links

We are not responsible for external sites’ privacy practices.

11 · Changes to This Policy

Material changes announced via email or in-app notice; continued use = acceptance.

12 · Contact Us

Email privacy@crescenttracking.com or visit /contact-us.

13 · Data Protection Officer / EU Representative

EU/UK residents may contact our DPO at dpo@crescenttracking.com.