Privacy Policy

1. Information We Collect

Account Information

• Email Address: Required for account creation and communication
• Name: Used for personalizing your experience
• Password: Encrypted and stored securely using industry-standard hashing
• Subscription Details: Plan type, billing status, and payment history

Usage Data

• Conversion History: Currency pairs, amounts, and conversion timestamps
• API Usage: Number of requests, rate limiting data, and service utilization
• Error Logs: Technical issues and debugging information (no personal data)
• Device Information: Browser type, IP address, and basic device specifications

Airtable Integration Data

• Base Access: Information about which Airtable bases use our extension
• Field Mappings: How currency fields are configured in your tables
• No Content Access: We never access or store your Airtable record content

2. How We Use Your Data

Service Provision

• Process currency conversion requests with real-time exchange rates
• Manage your account, subscription, and billing
• Provide customer support and technical assistance
• Monitor usage limits based on your subscription tier

Service Improvement

• Analyze usage patterns to improve our currency conversion algorithms
• Optimize performance and reliability of our services
• Develop new features based on user needs
• Prevent fraud and ensure service security

Communication

• Send important service updates and security notifications
• Provide billing notifications and subscription reminders
• Share relevant product updates (with your consent)
• Respond to support requests and feedback

3. Data Protection & Security

Security Measures

• Encryption: All data transmitted using HTTPS/TLS encryption
• Authentication: JWT tokens and secure password hashing (bcrypt)
• Database Security: Encrypted storage with Supabase enterprise security
• Access Controls: Strict employee access controls and monitoring
• Regular Audits: Quarterly security assessments and vulnerability testing

Data Retention

• Active Accounts: Data retained while your account is active
• Deleted Accounts: Personal data deleted within 30 days of account closure
• Usage Logs: Anonymized usage data retained for up to 2 years for analytics
• Legal Requirements: Some data may be retained longer for legal compliance

Data Location

Your data is primarily stored in secure data centers in the United States. We use Supabase (PostgreSQL) for database hosting and Netlify for application hosting, both of which maintain SOC 2 Type II compliance and enterprise-grade security standards.

4. Cookies and Tracking

Essential Cookies

• Authentication: Secure login sessions and user authentication
• Preferences: User settings and interface preferences
• Security: CSRF protection and security tokens

Analytics Cookies

• Usage Analytics: Google Analytics for understanding user behavior
• Performance Monitoring: Error tracking and performance optimization
• A/B Testing: Feature testing and user experience optimization

Marketing Cookies (Optional)

• Conversion Tracking: Measure effectiveness of marketing campaigns
• Personalization: Customize content based on user interests
• Social Media: Integration with social sharing platforms

Cookie Consent: You can manage your cookie preferences through our consent banner or browser settings. Essential cookies cannot be disabled as they are necessary for service functionality.

5. Third-Party Services

Payment Processing

• Paddle: Secure payment processing and subscription management
• Data Shared: Email, name, subscription details, and payment information
• Privacy Policy: Paddle Privacy Policy

Currency Data Providers

• ExchangeRate-API: Real-time exchange rate data
• Data Shared: Currency conversion requests (no personal data)
• Privacy Policy: ExchangeRate-API Privacy

Infrastructure Providers

• Supabase: Database hosting and backend services
• Netlify: Application hosting and CDN services
• Google Analytics: Website and application analytics

Due Diligence: We carefully vet all third-party providers to ensure they meet our privacy and security standards. We only share the minimum data necessary for service functionality.

6. Your Rights (GDPR & CCPA)

Data Access Rights

• Access: Request a copy of all personal data we hold about you
• Portability: Export your data in a machine-readable format
• Transparency: Understand how your data is processed and shared

Data Control Rights

• Correction: Update or correct inaccurate personal information
• Deletion: Request complete deletion of your account and data
• Restriction: Limit how we process your personal data
• Objection: Opt-out of certain data processing activities

Exercising Your Rights

To exercise any of these rights, please contact us at privacy@currencyfetcher.com or use our support portal. We will respond to your request within 30 days and may require identity verification for security purposes.

Data Protection Officer

For privacy-related inquiries or concerns, you can contact our Data Protection Officer at dpo@currencyfetcher.com.

7. Contact Information

8. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, services, or legal requirements. When we make significant changes, we will:

• Update the "Last Modified" date at the top of this policy
• Notify users via email for material changes
• Provide a prominent notice on our website
• Maintain previous versions for reference

Your continued use of Currency Fetcher after policy changes constitutes acceptance of the updated terms.