1. Introduction
This Privacy Policy explains how BitcoinMargin ("we", "us", "our") collects, uses, and protects information when you visit our website at bitcoinmargin.com. We are committed to safeguarding your privacy and ensuring transparency about data practices in compliance with the General Data Protection Regulation (GDPR) and other applicable privacy laws.
Data Controller: BitcoinMargin, operated via bitcoinmargin.com. For privacy inquiries, contact us via the contact page.
2. Information We Collect
We may collect the following types of information:
- Usage data β pages visited, time spent, browser type, device information, and referring URLs.
- Cookies & local storage β small files stored on your device to remember preferences (e.g., theme, cookie consent, currency selection).
- Analytics data β aggregated, anonymised data to understand how visitors use the site.
- Hashed IP addresses (predictions) β when you submit a Bitcoin price prediction, we store a one-way cryptographic hash (SHA-256) of your IP address. This cannot be reversed to reveal your actual IP. It is used solely for rate limiting (one prediction per person per 14 days).
- IP addresses (sentiment voting) β when you vote in a community sentiment poll, your IP address is stored alongside the vote to enforce a one-vote-per-day limit. IP addresses associated with votes are not shared with third parties.
- IP addresses (geo-blocking) β when you visit the site, your IP address is sent to our server-side geo-check service to determine your country. This is used solely for regulatory compliance (restricting access in certain jurisdictions). Your IP is not stored permanently β it is used in real-time for the geo-lookup and discarded. Third-party IP geolocation services (ip-api.com, ipapi.co) may process your IP for this purpose.
- IP addresses (rate limiting) β all our server-side functions track IP addresses in short-lived in-memory caches (60 seconds) to prevent abuse and enforce request rate limits. This data is not persisted to any database.
- Contact form data β if you use the contact form, we collect your name, email address, subject, and message. Your IP address is also temporarily stored for rate limiting (3 messages per IP per hour). Contact form submissions are stored in our database for up to 5 minutes for deduplication purposes, after which older entries are deleted.
We do not collect payment details, government IDs, or sensitive personal information. We do not report any user data to tax authorities or regulatory bodies.
3. Cookies & Local Storage
We use the following third-party services to operate the website:
- Essential β required for the website to function (e.g., remembering your cookie consent choice, theme preference).
- Functional β remember your preferences such as selected currency, weight unit, and favourite coins.
- Analytics β help us understand traffic and usage patterns. Only set with your consent.
- Advertising β used by third-party ad networks. Only set with your consent.
| Name | Provider | Type | Purpose | Expiry |
|---|---|---|---|---|
| cookie-consent | First party | Essential | Stores your cookie consent preferences (necessary, analytics, advertising). | Persistent |
| theme | First party | Essential | Remembers your light/dark theme preference. | Persistent |
| sb-*-auth-token | Supabase | Essential | Maintains authentication session state | Session |
| favourite-coins | First party | Functional | Stores your favourite cryptocurrency selections | Persistent |
| sentiment-vote-* | First party | Functional | Caches your sentiment vote | 5 minutes |
| _ga / _gid | Google Analytics | Analytics | Tracks unique visitors and page views to help us understand site usage. | Up to 2 years |
| Third-party ad cookies | Ad networks | Advertising | Used to deliver relevant advertisements and measure campaign effectiveness. | Varies |
You can withdraw or change your consent at any time by clicking the "Cookie Settings" link in the website footer or by clearing cookies in your browser settings.
4. Legal Basis & Retention
We process the limited data described above on the following legal bases under GDPR:
- Legitimate interest (Art. 6(1)(f)) β IP addresses are processed for rate limiting, abuse prevention, geo-blocking for regulatory compliance, and enforcement of fair usage policies. Hashed IPs for predictions are irreversible and cannot identify you.
- Consent (Art. 6(1)(a)) β analytics and advertising cookies are only set after you give explicit consent via the cookie consent banner.
- Contract performance (Art. 6(1)(b)) β contact form data is processed to respond to your inquiry.
Retention periods:
- Prediction hashed IPs β retained for up to 14 days to enforce the cooldown period.
- Sentiment vote IPs β retained alongside vote records. Votes are stored indefinitely as aggregated community data, but IP addresses may be purged periodically.
- Contact form data β stored for up to 5 minutes for deduplication, then older entries are automatically deleted.
- Rate limiting data β held in memory for 60 seconds only, then automatically expired. Never written to a database.
- Geo-check IP lookups β processed in real-time and not stored. Third-party geolocation providers may have their own retention policies.
- Aggregated statistics β prediction distributions, sentiment totals, and similar anonymised metrics are retained indefinitely as they contain no personal data.
5. Sub-Processors & Third-Party Services
We use the following third-party services to operate the website:
| Service | Purpose | Data Processed |
|---|---|---|
| Supabase | Database hosting, edge functions (API proxy, voting, predictions) | Hashed IPs, vote data, contact form submissions, API request metadata |
| Hostinger | Static site hosting and CDN | Standard web server logs (IP, user agent, timestamps) |
| CoinGecko | Cryptocurrency price data | No user data sent β server-side API calls only |
| Binance API | Real-time ticker and futures data | No user data sent β server-side API calls only |
| Yahoo Finance | Commodity and metal price data | No user data sent β server-side API calls only |
| ip-api.com / ipapi.co | IP geolocation for regulatory geo-blocking | Visitor IP address (processed in real-time, not stored by us) |
| Google Analytics | Traffic analytics (only with consent) | Anonymised usage data, cookies |
| SMTP Provider | Sending contact form email notifications | Name, email, subject, message (from contact form only) |
Non-affiliate third-party references β such as CoinGecko, Bitcoin, Ethereum, and other cryptocurrency or platform names β appear for informational purposes only and do not imply any data-sharing arrangement between us and those entities.
6. Affiliate Links & Referral Tracking
Some links on this website are affiliate links, including links to Binance (via our referral identifier). When you click an affiliate link and register on the partner platform, we may earn a commission at no extra cost to you. This does not influence our content or recommendations.
Affiliate links contain a referral parameter (e.g., ref=...) in the URL. When you visit a partner site through such a link, the partner may set its own cookies or tracking identifiers to attribute the referral. We do not receive any personal data from these partners β only aggregated commission reports.
For details on how affiliate partners handle your data, please review their respective privacy policies (e.g., Binance Privacy Policy).
7. Geo-Blocking & Access Restrictions
For regulatory compliance, we restrict access to the website from certain jurisdictions. When you visit the site, a server-side function determines your approximate location using your IP address via third-party geolocation services. If you are in a restricted region, a visual overlay is displayed indicating the site is not available in your location.
The underlying page content remains in the browser DOM but is not interactable. Your IP address is not stored as part of this process β it is used only for the real-time country lookup and then discarded.
8. Tax Reporting
While our educational content discusses tax regulations (such as the EU's DAC8 directive), we do not report any user data to tax authorities, financial regulators, or government agencies. We are an informational website, not a crypto-asset service provider. Any tax reporting obligations rest with the exchanges and platforms you use directly.
9. Data Security
We implement the following security measures to protect your data:
- All data transmitted between your browser and our servers is encrypted via HTTPS/TLS.
- Database access is restricted via Row-Level Security (RLS) policies β the client-side API key can only read public data, not write or modify records.
- All server-side functions enforce IP-based rate limiting to prevent abuse.
- Contact form inputs are sanitised to prevent injection attacks.
- Sensitive operations (writes, deletes) require a server-side service role key that is never exposed to the client.
However, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security of data transmitted to our site.
10. Your Rights Under GDPR
If you are in the European Economic Area (EEA), you have the following rights under the GDPR:
- Right of access (Art. 15) β you may request a copy of the personal data we hold about you.
- Right to rectification (Art. 16) β you may request correction of inaccurate personal data.
- Right to erasure (Art. 17) β you may request deletion of your personal data ("right to be forgotten").
- Right to restriction (Art. 18) β you may request that we limit the processing of your data.
- Right to data portability (Art. 20) β you may request your data in a structured, machine-readable format.
- Right to object (Art. 21) β you may object to processing based on legitimate interest.
- Right to withdraw consent (Art. 7(3)) β you may withdraw cookie consent at any time via the cookie settings banner.
- Right to lodge a complaint β you may file a complaint with your local Data Protection Authority (DPA) if you believe your rights have been violated.
To exercise any of these rights, please contact us via the contact page. Since we collect minimal personal data (primarily IP addresses for rate limiting and voting), most requests can be fulfilled by clearing your browser cookies and cache.
11. International Data Transfers
Our infrastructure providers (Supabase, Hostinger) may process data in regions outside the EEA. Where this occurs, appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) as required by GDPR Chapter V. By using the website, you acknowledge that some data processing may occur outside your jurisdiction.
12. Children's Privacy
This website is not directed at individuals under the age of 18. We do not knowingly collect personal data from minors. If you are a parent or guardian and believe your child has provided data to us, please contact us and we will promptly delete it.
13. Changes to This Policy
We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last updated" date. We encourage you to review this page periodically. Continued use of the website after changes constitutes acceptance of the updated policy.
Last updated: April 2026