Privacy Policy
1. Who we are
This site is operated by RTBFOX OÜ (registry code 16511688), with registered address Voka, Toila vald, Ida-Viru maakond, Estonia. The CoinPilot App project will be transferred to CoinPilot OÜ in Q3 2026; this policy will be updated when that transition completes. For all privacy questions, contact [email protected].
2. What we collect
We deliberately collect the minimum data we need to run the waitlist, attribute traffic to its source, and operate the website:
- Email address — when you submit the waitlist form. Stored on EU-region infrastructure.
- Submission metadata — timestamp, source path (e.g.
/or/ru/), country (inferred from IP, not the raw IP), and User-Agent class, used to prevent abuse. - Visit analytics (self-hosted) — page views, scroll depth, time on page, clicks on tracked elements, country/city/device class, referrer, UTM parameters, and click IDs from ad networks (
fbclid,gclid). Stored under an anonymous visit ID (cookietds_cid, 30 days). We use this to understand how visitors reach the site, especially from paid advertising, and to improve content. - Bot-detection signals — passive signals (e.g. presence of automation flags, honeypot interactions) used to filter out automated traffic from our metrics and from any advertising-network feedback. No biometric or behavioural fingerprint is built for individual users.
If you submit the waitlist form, your email is linked to the anonymous visit ID so we can attribute the signup to its source (which campaign, which page). This linkage stays within our own infrastructure and is not shared with advertising networks beyond optional, hashed (SHA-256) match data described in section 4a.
We do not collect: name (unless you provide it), phone, postal address, payment information, financial holdings, government IDs, mouse-movement trails, keystrokes, screen recordings, or location data beyond city-level inference from IP.
3. Why we collect it (lawful basis)
- Email — consent (Art. 6(1)(a) GDPR), given by submitting the waitlist form.
- Submission metadata — legitimate interest (Art. 6(1)(f) GDPR) in preventing spam/abuse.
- Self-hosted analytics and attribution (cookie
tds_cid) — legitimate interest in understanding which channels and pages produce real interest, and in measuring the effectiveness of paid advertising we may run. The cookie is first-party, the data stays on infrastructure we control in the EU, and you can opt out at any time (see section 7). - Bot detection — legitimate interest in keeping our metrics and ad-network feedback clean.
4. How we use your email
We use your email to:
- Confirm your waitlist signup.
- Send launch announcements (soft launch in November 2026, full launch in 2027).
- Send up to four product/beta updates between signup and launch.
We never sell, rent, or share your email with third parties for marketing purposes.
3a. The Panda Helper chat widget (AI assistant)
The website hosts a chat widget called Panda Helper that lets you ask questions about CoinPilot App and receive answers from an AI model. When you click it and send a message, the following happens:
- Your message text is sent to our own backend (a Cloudflare Worker we operate on EU edge nodes).
- The backend forwards the message — together with the running context of your current chat session — to one of several AI providers, chosen by failover priority: Groq (USA), Cerebras (USA), Google AI Studio (Gemini) (USA/global), Cloudflare Workers AI (EU edge), and as paid fallback Mistral (France/EU). The exact provider used is logged so we can monitor quality.
- Before forwarding, we strip obvious email addresses and phone numbers from your message and replace them with placeholders.
- Your IP address is used by our backend only for rate-limiting (counting how many messages you've sent this hour/day). Providers receive only the text of your messages and a short rolling history, not your IP.
- The conversation history is stored on our infrastructure in Cloudflare Workers KV with a 60-minute sliding TTL — so if you don't chat for an hour, the history is automatically discarded. You can also clear it instantly using the "Clear chat" button (↻) in the widget.
What the AI is allowed to discuss: the product, the team, the waitlist, the funding round, and educational topics about tokenized finance. The system prompt explicitly forbids financial or investment advice. The widget is a preview of the in-app Panda Helper, not a financial advisor.
Lawful basis: legitimate interest in providing customer-support-style information about our product (Art. 6(1)(f) GDPR). You can use the site fully without ever opening the widget.
International transfer: the AI providers above are based in the USA (Groq, Cerebras, Google), France (Mistral), and globally for Cloudflare Workers AI. Transfer relies on the European Commission's Standard Contractual Clauses. If you do not consent to that transfer, simply do not use the widget; everything else on the site works without it.
4a. Optional hashed match data shared with advertising networks
If we run paid advertising (e.g. Meta/Facebook, Google), the advertising network needs to know which of our signups originated from which ad. To support this in a privacy-preserving way, when you submit the waitlist form we may transmit a SHA-256 hash of your email address to the advertising network's Conversions API together with the click identifier (fbclid / gclid). The network uses this only to confirm that a particular ad click resulted in a signup — it does not receive your raw email from us.
SHA-256 hashing is one-way and not reversible to your original email by us or by the advertising network. You can object to this processing under Art. 21 GDPR by emailing [email protected]; in that case we will mark your record so no hashed match data is dispatched.
5. Where data is stored
Site content is served from a self-managed origin server in Germany (Hetzner) with Cloudflare in front for caching and TLS. Our self-hosted analytics also runs on that same German server. Waitlist email addresses are stored primarily in ConvertKit (the email service we use to send the launch and beta announcements you signed up for) and mirrored to a private Google Sheet under our control for backup and auditability. ConvertKit and Google are US-based processors and rely on the European Commission's Standard Contractual Clauses (SCCs) for EU-to-US data transfer; if you do not consent to that transfer, do not submit the form and email us at [email protected] instead and we'll add you manually to an EU-only path. Cloudflare, ConvertKit and Google act as our data processors under DPAs compliant with GDPR Art. 28. The optional hashed match data described in section 4a is sent only when you trigger a measured action and only in SHA-256 hashed form.
6. Retention
We retain waitlist email addresses until 30 days after the public launch of CoinPilot App, or until you unsubscribe — whichever happens first. After that, addresses are deleted from active storage and from any backup within 90 days.
7. Your rights (GDPR)
You have the right to access, rectify, erase, restrict, or port your data, and to object to processing. You can exercise any of these rights by emailing [email protected]. We respond within 30 days. You may also lodge a complaint with the Estonian Data Protection Inspectorate (aki.ee).
8. Cookies
This website does not set tracking cookies. We use Cloudflare Web Analytics, which is cookieless. We may set strictly necessary cookies in the future (e.g. a session cookie for the closed beta dashboard); a cookie banner will appear at that time. See our Cookie Policy for details.
9. Children
CoinPilot App is rated 12+. We do not knowingly collect data from children under 13 (under 16 in the EU). If you believe a minor has submitted data, contact us and we will delete it.
10. Changes to this policy
If we change this policy, we will update the "Last updated" date and, for material changes, email everyone on the waitlist. You can always check the most current version on this page.