Privacy Policy

Privacy Policy

Effective: April 17, 2025

1. Data controller

SatoshiMedia ("we", "us") operates satoshimedia.fi. This policy describes how we collect, use, and protect your information when you use our Service.

2. Data we collect

We collect minimal data. We do not require email addresses, names, phone numbers, or any personally identifiable information. The data we process includes: your Ethereum-compatible wallet address (public blockchain data visible to anyone), your Telegram user ID and username if you voluntarily link your Telegram account, hashed IP addresses (SHA-256, not the original IP) for rate limiting and abuse prevention, browser cookies for session management (wallet address and subscription tier), and anonymous analytics data via Ahrefs.

3. Legal basis for processing (GDPR)

We process data on the following legal bases: contract performance (wallet address and subscription status are necessary to provide the Service you paid for), legitimate interests (IP hashing for security, rate limiting, and anti-abuse), and consent (Telegram linking is voluntary and optional).

4. Wallet addresses

Your wallet address is public blockchain data. When you connect your wallet, we store it server-side in cookies and server cache to verify your subscription status by reading the on-chain smart contract. We do not have access to your private keys, seed phrases, or the ability to make transactions on your behalf.

5. Subscription and payment data

All subscription data (payment amounts, expiry dates, trial activation) is stored on the Polygon blockchain via an immutable smart contract. This data is publicly visible to anyone who queries the blockchain. We maintain a server-side cache of membership status to reduce blockchain queries, but the on-chain contract is the authoritative source.

6. Telegram data

Linking your Telegram account is voluntary. If you do, we store your Telegram user ID and username alongside your wallet address solely to manage access to the private signals channel (adding you when active, removing you when expired). We do not read, store, process, or have access to your Telegram messages, contacts, or other account data.

7. IP addresses

We store only SHA-256 hashes of your IP address — not the original IP. These hashes are used for rate limiting API requests, preventing trial abuse (maximum 3 trials per IP), detecting account sharing (unusual session patterns), and security monitoring. IP hashes are automatically deleted after 60 days.

8. Cookies

SatoshiMedia uses first-party cookies and browser localStorage for session management. Specifically: sm_wallet (your connected wallet address), sm_tier (your subscription tier: paid, trial, expired, admin), and sm_lastActivity (timestamp for 24-hour auto-disconnect). These are functional cookies necessary for the Service to operate. We do not use third-party tracking cookies. Third-party services embedded on the site (Ahrefs analytics, a-ads.com advertising) may set their own cookies subject to their own privacy policies.

9. Third-party services

We use the following third-party services: Ahrefs (website analytics), a-ads.com (cryptocurrency advertising), Polygon blockchain (smart contract and payment processing), Polymarket API (prediction market data), SharpAPI (sportsbook odds data), Binance API (cryptocurrency price data), and Telegram Bot API (channel management). Each service operates under its own privacy policy. We do not sell, share, or transfer your data to third parties for marketing or advertising purposes.

10. Data retention

Cookies and localStorage expire after 24 hours of inactivity or upon manual disconnect. Server-side session cache is deleted after 48 hours. IP hashes are deleted after 60 days. Telegram link data is retained while your subscription is active and deleted upon written request. On-chain data (subscription records on the Polygon blockchain) is permanent and immutable — it cannot be deleted by any party due to the nature of blockchain technology.

11. Your rights (GDPR)

Under applicable data protection law, you have the right to: access all data we store about your wallet address, request deletion of your Telegram link data, withdraw consent for Telegram linking at any time by disconnecting, and lodge a complaint with a supervisory authority. To exercise these rights, contact us via Telegram. Note: on-chain data cannot be deleted as it exists on the public Polygon blockchain.

12. Data security

All web traffic is encrypted via HTTPS/TLS. Server-side data is stored with restricted file permissions. Session identifiers are generated using cryptographically secure random bytes. The smart contract is immutable and publicly verified on Polygonscan. We never store private keys, passwords, or seed phrases. Wallet authentication uses message signing (EIP-191) — no private key is ever transmitted.

13. International transfers

Blockchain data is inherently global and publicly accessible worldwide. Server infrastructure is located in the EU. Third-party services may process data outside the EU under their own privacy policies and applicable transfer mechanisms.

14. Children

The Service is not intended for persons under 18 years of age. We do not knowingly collect data from minors. If we become aware that a minor has used the Service, we will take steps to remove their data.

15. Changes to this policy

We may update this policy periodically. Changes take effect upon posting with an updated date. Continued use constitutes acceptance.

16. Contact

Privacy inquiries: @SatoshiMediaBot