Privacy Policy - Coins App

Privacy Policy - Coins

Last updated: 2025 August 28

Scope

This policy describes how we collect, use, disclose, and protect personal data when you use the Coins mobile app (iOS/Android) for cryptocurrency market predictions, insights, and related in-app experiences. Coins is not an exchange or wallet and does not execute real cryptocurrency transactions.

What we collect

Account and identifiers: anonymous authentication UID by default; email only if you voluntarily provide it; device identifiers (e.g., Firebase App Instance ID, RevenueCat subscriber ID), push token.
Profile and app content: watchlists, saved coins, in-app preferences, and any settings you configure (no private keys or wallet seed phrases are collected).
Usage and diagnostics: app events/analytics, crash logs, performance data, approximate device data (model, OS, app version), IP-derived coarse location.
Payments/subscriptions metadata: store receipts, transaction identifiers, product identifiers, subscription status (no full card numbers are collected by us).
Support communications: messages you send to us.

Why we process data (GDPR legal bases)

Provide and operate the service (Art. 6(1)(b)): authentication, syncing your preferences, entitlement checks for subscriptions, push notifications for service messages.
Improve and secure the app (Art. 6(1)(f)): analytics, crash diagnostics, fraud/abuse prevention, service quality, debugging.
Comply with law (Art. 6(1)(c)): tax, accounting, consumer protection, requests from authorities where applicable.
With your consent where required (Art. 6(1)(a)): optional marketing communications and non-essential notifications (you can withdraw any time in-app or via email).

What we don’t do

No financial/investment advice. No real-money trades or crypto transfers are executed by the app.
No custody of crypto assets; we do not request or store private keys or seed phrases.
No advertising SDKs or cross-context behavioral advertising; ad tracking and ad personalization are disabled.
We do not sell, rent, or trade your personal data.

How we use data

Deliver core features: show predictions/insights, maintain your watchlists and preferences across devices, restore purchases/subscriptions.
Diagnostics: understand crashes and performance to fix issues; protect against abuse.
Analytics: measure feature usage to prioritize improvements; measure non-personalized campaign attribution if applicable.

Sharing and disclosures

We share data only with service providers (processors) who help us run Coins, bound by contracts to process data solely per our instructions:

Google Firebase: Authentication, Database, Analytics, Crashlytics, Cloud Messaging, Remote Config. Policies: https://firebase.google.com/support/privacy
Apple/Google app stores: in-app purchase processing and receipts. Policies: https://www.apple.com/legal/privacy/ and https://policies.google.com/privacy
RevenueCat (if used): subscription entitlements and receipt validation. Policies: https://www.revenuecat.com/privacy/

Analytics configuration:
We do not enable Google Signals or advertising features in Firebase Analytics. We set ad-related consents (ad_storage, ad_personalization, ad_user_data) to “denied.” We do not use IDFA. On iOS, we disable IDFV collection at the app level; on Android, we do not request the Advertising ID permission and explicitly disable AD ID collection.

Corporate transactions: if we merge, acquire, or sell assets, personal data may transfer under this policy’s protections.
Legal: when required to comply with law or to protect rights, security, and integrity of users and our services.

Refund-Related Data Sharing with Apple App Store Customers

When you purchase a subscription or other in-app content through the Apple App Store and subsequently request a refund, Apple may ask us to confirm how (and whether) you used that content. By using Coins and completing an in-app purchase, you consent to the following data-sharing practice:

Data shared: strictly limited "consumption data," such as purchase identifier, subscription tier, and time-stamped logs showing when premium features were accessed or content was opened.
Purpose: exclusively to help Apple verify refund eligibility and prevent misuse of the refund process.

International transfers

We are based in Sweden and may transfer data internationally. For transfers outside the EEA/UK, we rely on appropriate safeguards (e.g., Standard Contractual Clauses) with our processors, supplemented by technical and organizational measures.

Retention

Account and app data: retained while your account is active and for a reasonable period after last activity; you can request deletion.
Diagnostics and analytics: typically 14–26 months unless a shorter period is configured or longer is needed for security/legal reasons.
Purchase records: retained as required for accounting, tax, and fraud prevention.

Security

We implement technical and organizational measures appropriate to the risk (encryption in transit, access controls, least privilege). No system is 100% secure; we work continuously to improve our defenses. We also follow data-minimization principles and retain only the data necessary to operate and improve the app.

Children and age restrictions

Coins is not directed to individuals under 18. We do not knowingly collect personal data from users under 18. If you believe someone under 18 has provided personal data, contact us to remove it.

Your rights

EEA/UK (GDPR): access, rectification, erasure, restriction, portability, objection (including to processing based on legitimate interests), and withdrawal of consent. You can also lodge a complaint with your local supervisory authority.
California (CPRA): rights to know/access, correct, delete, and to non-discrimination.
How to exercise: Use in-app settings where available or contact us at [email protected]. We may need to verify your request and will respond within 45 days (extendable once by 45 days where necessary).

Applicability note: These California disclosures apply to the extent required by law; where not required, we provide them voluntarily for transparency.

CalOPPA disclosures (California Online Privacy Protection Act)

Do Not Track (DNT): Browser DNT is not standardized; we currently do not respond to DNT signals. For California residents, we honor applicable opt-out preference signals (e.g., GPC) as required by law.
Third-party tracking: Our analytics/diagnostics providers may collect information about your use of the app as described above.

State-specific notes (summary)

California (CPRA): We do not sell/share personal information. We provide access, correction, and deletion rights, and honor opt-out preference signals as applicable. Sensitive personal information is not used for additional purposes beyond service delivery.
Other US states: Where state privacy laws grant similar rights, you may exercise them using the methods above.

Push notifications

Service-related notifications are part of the app experience (e.g., account, subscription status). You can control notifications via device settings. Marketing notifications are sent only with consent where required.
Price alerts and product updates may be sent where enabled; you can opt out any time in device settings.

Market data and third-party content

Cryptocurrency market data or news (if displayed) may be provided by third parties and can be delayed, incomplete, or inaccurate. Accessing such content may involve the third party processing limited device/request data to serve content. Loheden AI Solutions AB is not responsible for the accuracy or reliability of third-party data.

Changes to this policy

We may update this policy from time to time. We will post the updated version at this site and update the effective date. Continued use after the effective date constitutes acceptance.

Contact

Email: [email protected]
Address: Vretavägen 26 71993 Vintrosa Sweden