Our Privacy Commitment

Core Privacy Principles:

• Minimal Data Collection: We only collect data essential for service operation
• No Private Key Access: We NEVER request, collect, or have access to private keys
• Non-Custodial Architecture: Your funds remain in YOUR control on the blockchain
• No KYC/AML Requirements: As a non-custodial DeFi protocol, we don't require identity verification
• Transparency: All blockchain transactions are public and verifiable
• User Control: You can delete your account and data at any time

Regulatory Framework: As a non-custodial DeFi protocol, CatReads operates outside the scope of:

• MiCA (Markets in Crypto-Assets) data requirements
• CASP (Crypto Asset Service Provider) KYC obligations
• Traditional financial service provider regulations
• VASP (Virtual Asset Service Provider) reporting requirements

1. Introduction

CatReads ("we," "our," or "us") is committed to protecting your privacy while providing a non-custodial trading platform. This Privacy Policy explains our data practices for our decentralized finance (DeFi) protocol.

Important: This policy applies to off-chain data only. Blockchain transactions are public, permanent, and cannot be deleted.

2. Information We Collect

Information We DO Collect:

• Discord Account Data: Username, Discord ID, avatar (via OAuth)
• Public Wallet Address: Your Solana wallet address (public information)
• Trading Statistics: Volume, PnL, trade count (derived from public blockchain data)
• Vault Information: Vault address, balance, settings (public blockchain data)
• Technical Data: IP address (for rate limiting), browser type, timestamps
• Usage Data: Commands used, feature interactions, error logs

Information We NEVER Collect:

• Private keys or seed phrases
• Personal identification documents
• Real names or physical addresses
• Phone numbers or email addresses (unless voluntarily provided for support)
• Banking or credit card information
• Government-issued ID numbers

Blockchain Data:

All transactions on Solana are public. Anyone can view:

• Transaction history of any wallet
• Token balances and transfers
• Smart contract interactions
• Trade execution details

3. How We Use Your Information

Primary Uses:

• Service Provision: Execute trades, manage vaults, process commands
• User Experience: Display statistics, leaderboards, portfolio tracking
• Security: Detect and prevent abuse, enforce rate limits
• Communication: Service announcements, critical updates (via Discord)
• Improvement: Analyze usage patterns, fix bugs, develop features

We Do NOT Use Your Data For:

• Selling to third parties
• Targeted advertising
• Credit scoring or profiling
• Government reporting (unless legally required)
• Marketing without consent

4. Legal Basis for Processing (GDPR)

For users in the European Economic Area, we process data based on:

5. Data Storage and Security

Security Measures:

• Encryption at Rest: Database encryption using AES-256
• Encryption in Transit: TLS 1.3 for all connections
• Access Control: Role-based access, multi-factor authentication
• Infrastructure: Secure cloud hosting with DDoS protection
• Monitoring: 24/7 security monitoring and intrusion detection
• Backups: Encrypted backups with geographic redundancy

Data Location:

Data may be processed and stored in:

• Primary servers: [Location]
• Backup locations: [Location]
• CDN edge locations: Global

6. Data Sharing and Disclosure

We May Share Data With:

• Public Leaderboards: Username and trading stats (if opted in)
• Service Providers:
  • MongoDB Atlas (database hosting)
  • Discord (authentication and bot services)
  • Cloudflare (CDN and DDoS protection)
  • Analytics providers (anonymized data only)
• Legal Requirements: When required by law, court order, or to protect rights
• Safety: To prevent fraud, abuse, or harm to users
• Business Transfers: In case of merger, acquisition, or sale (with notice)

We NEVER Share:

• Data with marketing companies
• Personal information for advertising
• Trading strategies or private positions
• Information with competitors

7. Third-Party Services

Our platform integrates with services that have their own privacy policies:

We recommend reviewing their privacy policies for complete information.

8. Your Privacy Rights

You Have the Right To:

• Access: Request a copy of your personal data
• Rectification: Correct inaccurate or incomplete data
• Erasure: Delete your account and associated data
• Portability: Export your data in a structured format
• Restriction: Limit how we process your data
• Objection: Object to certain data processing
• Withdraw Consent: Revoke previously given consent

How to Exercise Rights:

• Use Discord commands: `/delete-account`, `/export-data`
• Contact support: support@catreads.io
• Response time: Within 14 days

9. Data Retention

Retention Periods:

Deletion Process:

• Account deletion removes all personal data
• Trading statistics are anonymized
• Discord association is severed
• Blockchain data remains (immutable)

10. Cookies and Tracking

Cookies We Use:

• Essential Cookies: Authentication, session management
• Functional Cookies: User preferences, language settings
• Security Cookies: CSRF protection, rate limiting

Cookies We DON'T Use:

• Third-party advertising cookies
• Cross-site tracking cookies
• Social media tracking pixels
• Behavioral profiling cookies

Managing Cookies:

You can control cookies through browser settings. Disabling essential cookies may affect functionality.

11. Children's Privacy

• We do not knowingly collect data from minors
• Users must confirm they are 18+ during signup
• If we discover a user is underage, we immediately delete their account
• Parents/guardians should contact us if their child has provided information

12. International Data Transfers

Your data may be transferred internationally. We ensure appropriate safeguards:

• EU Users: Standard Contractual Clauses (SCCs)
• UK Users: UK-approved transfer mechanisms
• Encryption: All transfers are encrypted
• Access Controls: Limited to necessary personnel

By using our service, you consent to these transfers.

13. California Privacy Rights (CCPA)

California residents have additional rights:

• Right to Know: What personal information we collect and how it's used
• Right to Delete: Request deletion of personal information
• Right to Opt-Out: We don't sell personal information
• Non-Discrimination: Equal service regardless of privacy choices

To exercise rights, contact: support@catreads.io

14. Data Breach Notification

In case of a data breach:

• We will notify affected users within 72 hours via Discord
• Notification will include: nature of breach, affected data, mitigation steps
• We will cooperate with relevant authorities
• Public announcement on Discord and website
• Steps to minimize impact will be provided

15. Updates to Privacy Policy

We may update this policy periodically:

• Material changes announced via Discord and website
• 30-day notice for significant changes
• Continued use constitutes acceptance
• Previous versions available upon request
• Right to export data before changes take effect

16. Contact Information

Data Protection Contact:

• Support: support@catreads.io
• Discord: https://discord.com/invite/ePz3NmwEAC
• Response Time: Within 30 days for privacy requests

Supervisory Authority:

EU residents may lodge complaints with their local Data Protection Authority.

17. Consent and Acknowledgment

By using CatReads, you acknowledge and consent to:

• Collection and processing of data as described
• Public nature of blockchain transactions
• International data transfers
• Use of cookies for essential functions
• Non-custodial nature of the service