ErkeScan.com

Privacy Policy

Last Updated

1. Introduction

Welcome to ErkeScan.com, a crypto-market analytics service operated by TR8D3R LLC (“we,” “us,” or “our”). This Privacy Policy explains how and on what legal bases we collect, use, store, disclose, and process your information when you use our services. We rely on consent only where the law requires it (for example, non-essential cookies and marketing); we obtain that consent separately, and you may withdraw it at any time without affecting processing that already took place. For all other processing we rely on the legal bases described in Section 9. If you do not agree with this Privacy Policy, please do not access or use our services.

2. Information We Collect

We collect the following categories of information in connection with the services we provide:

Personal Information. When you register, we collect details such as your name and email address. We may also collect additional verification information where required to comply with applicable laws.

Account and Authentication Data. When you create an account we process authentication identifiers (such as your email and, if you choose to link it, your Discord or Telegram account) through our authentication and account-linking providers, on the basis of our contract with you.

Subscription and Payment Information. Details of your subscription plan (start date, duration, billing history) and limited payment metadata. For card payments, your card details are collected and tokenized directly by our card processor; we do not receive or store your full card number — see Section 5.

Blockchain Information. When you pay by cryptocurrency, we process the wallet address and on-chain transaction data to confirm, reconcile, and record that payment, on the basis of our contract with you and our legal and accounting record-keeping obligations. On-chain data is public by nature and is outside our control once broadcast.

Exchange API Keys. If you use the trading journal, you may connect a read-only exchange API key (for example, Binance or Bybit). We process it on the basis of our contract with you, solely to import your trade history and account analytics, and we store it encrypted. You should provision keys with read-only permissions and without withdrawal access, and you may revoke a key at any time from your exchange.

Usage Data. We automatically collect information about your interactions with our website, including IP address, device information, browser type, operating system, access times, pages viewed, features used, actions taken, and the referring URL. We derive only approximate location from your IP address; we do not collect precise (GPS-level) geolocation. We also process a limited set of security and abuse-prevention telemetry, described in Section 10.

Communications. We collect and store communications you have with us, including support inquiries, feedback, and survey responses.

Information from Third Parties. We receive limited information from the providers you choose to connect or pay through — for example, account identifiers from our authentication and account-linking providers (such as Discord or Telegram) when you link them, confirmation data from our payment processors, and trade data from an exchange whose read-only API key you connect. We do not buy personal information or build profiles of you from public databases or social-media scraping.

3. Categories of Personal Information (Notice at Collection)

For U.S. state-privacy purposes, the categories of personal information we collect are: Identifiers (name, email, account ID, Discord/Telegram IDs if linked, IP address, device identifiers); Commercial information (subscription plan, billing and transaction history); Internet or network activity (usage, browser, operating system, device, and cookie data); Geolocation (approximate location derived from IP address — not precise geolocation); Financial information (cryptocurrency wallet addresses and on-chain transaction data; card data is tokenized by the card processor and we do not store full card numbers); Professional or trading data (read-only exchange API keys and imported trade history); and Inferences drawn from usage to provide and improve the service.

We collect these from you directly, automatically through your use of the service, and from the providers you connect or pay through (Section 2), and we have collected these categories in the preceding 12 months. We use them for the business purposes described in Section 4. We do not “sell” your personal information for money, and we do not “share” it for cross-context behavioural advertising.

4. How We Use Your Information

We use the information we collect for the following business purposes:

  • To provide the Services: process your registration and subscription, authenticate you, and deliver the features you request;
  • To improve the Services: analyze usage, troubleshoot, and improve our website, products, and services;
  • To communicate with you: send service-related messages (account, security, billing) and, with your consent where required, marketing communications you may opt out of at any time;
  • To process payments: handle billing through our payment providers (see Section 6);
  • For legal and security purposes: comply with legal obligations, prevent fraud and abuse, enforce our agreements, and protect the security of our services and users;
  • For business operations: conduct research, audits, and analytics, and develop and improve products.

5. Payments and Card Data

We process payments through our payment providers, currently CryptoCloud (cryptocurrency; its checkout may be presented under the TryBit brand) and, where offered, our card payment provider (for example, Stripe). Card data is collected and processed directly by the card provider, who maintains PCI-DSS compliance for cardholder data, using secure, tokenized systems; we do not receive or store your full card number. We retain only limited billing metadata such as payment-method type, the last four digits, expiry, a payment token or reference, and transaction history. Cryptocurrency wallet addresses and on-chain transaction data are processed to confirm and record your payment.

6. How We Share Your Information; Sub-Processors

We may share your information with the following categories of recipients:

Service Providers / Sub-Processors. We share information with third-party service providers who help us operate the service and process only the data necessary for their function, currently including: Clerk (authentication and account management); Discord and Telegram (optional account linking and alert delivery); CryptoCloud (cryptocurrency payment processing; checkout may be presented under the TryBit brand); Stripe (card payment processing, where offered); Vercel (website hosting); DigitalOcean (servers and managed database hosting); Upstash (caching); Sentry (error monitoring); PostHog (first-party product-usage analytics, received server-side); and service providers supporting our customer-support tooling (for example, embedding and large-language-model providers). If you connect a read-only exchange API key, your trade-history data is retrieved from your exchange (such as Binance or Bybit) at your direction. For closed-community access, we use a third-party membership and community-access platform to provision your access. This list may change as our infrastructure evolves; the effective date above reflects the most recent review.

Legal Requirements. We may disclose information when required by law, regulation, legal process, or governmental request, or to protect our rights, property, or safety, or that of our users or others.

Business Transfers. In a merger, acquisition, reorganization, bankruptcy, or sale of all or part of our assets, your information may be transferred as part of the transaction.

With Your Consent / De-identified Data. We may share information where you have given consent, and we may share aggregated or de-identified information that cannot reasonably be used to identify you for analytics, research, and service-improvement purposes.

7. Data Retention

We retain your information only for as long as necessary for the purposes described in this Policy, unless a longer period is required or permitted by law. As a general guide:

  • Account, subscription, and billing records — for the life of your account and, after closure, for up to 7 years to meet tax, accounting, anti-fraud, and dispute-resolution obligations;
  • Payment and on-chain transaction records — up to 7 years for financial record-keeping and anti-money-laundering purposes (on-chain data remains public regardless);
  • Support communications — up to 24 months;
  • Usage, device, and analytics logs — up to 24 months, then deleted or aggregated;
  • Read-only exchange API keys and imported trades — until you disconnect them or close your account;
  • Marketing preferences — until you opt out or close your account.

International transfers of personal data are governed by Section 14.

8. Data Security and Breach Notification

We implement technical, administrative, and physical security measures designed to protect your information from unauthorized access, disclosure, use, and modification. However, no method of transmission over the Internet or electronic storage is 100% secure, and we cannot guarantee absolute security.

If we determine that a security incident has compromised, or is reasonably likely to have compromised, your personal information, we will, where and as required by applicable data-protection and breach-notification law: (a) notify the competent supervisory authority or regulator without undue delay and, where the GDPR or UK GDPR applies, within 72 hours of becoming aware (unless the breach is unlikely to result in a risk to individuals’ rights and freedoms); (b) notify affected individuals without undue delay where the breach is likely to result in a high risk, or where otherwise required by applicable law (including the Florida Information Protection Act); and (c) provide the information and take the measures those laws require. We may notify you by email, in-app or on-site notice, or other reasonable means. Except for liability that cannot be excluded or limited under applicable data-protection or breach-notification law, our liability for loss arising from a data breach is limited as set out in the limitation-of-liability section of our Terms; nothing here excludes or limits any non-waivable right or remedy you have under mandatory data-protection or consumer-protection law (including, where applicable, Article 82 GDPR or UK GDPR).

9. Legal Bases for Processing (GDPR / UK GDPR)

If you are located in the European Economic Area, the United Kingdom, or Switzerland, we process your personal data on one or more of the following legal bases:

  • Performance of a contract (Art. 6(1)(b)) — to create and manage your account and deliver the screener, alerts, signals, trading journal, and payments you request;
  • Compliance with a legal obligation (Art. 6(1)(c)) — for tax, accounting, anti-fraud, and anti-money-laundering record-keeping;
  • Our legitimate interests (Art. 6(1)(f)) — to secure, maintain, analyze, and improve the service and to prevent abuse, balanced against your rights;
  • Consent (Art. 6(1)(a)) — for non-essential cookies and marketing only, which you may withdraw at any time.

Whether you must provide data. Providing account, contact, and payment information is necessary to register and deliver the service; linking Telegram or an exchange, and receiving marketing, are optional.

Automated decisions. We do not make decisions producing legal or similarly significant effects about you based solely on automated processing, other than automated fraud-prevention, security, and eligibility or sanctions checks, which are subject to human review and where you may request human intervention by contacting us.

Complaints and supervisory authorities. EEA, UK, and Swiss users may lodge a complaint with their local data-protection supervisory authority (in the UK, the Information Commissioner’s Office, ico.org.uk). We would appreciate the chance to address your concerns first at support@erkescan.com. You may exercise your rights and contact us, including any representative we are required to designate under Article 27 GDPR or UK GDPR, using the details in Section 20.

10. Abuse Prevention and Signal-Protection Telemetry

Our signals and screener are proprietary and are frequently targeted for scraping, automated harvesting, and resale. To protect them and to detect and prevent abuse, we process a limited set of security telemetry associated with your account and access, which may include: access patterns and request metadata (timing, volume, IP address, network/ASN, and device or client characteristics); records of which signals were delivered to your account and when; and markers we may embed in delivered content to trace unauthorized redistribution. We use this information solely to detect scraping, automated collection, account- or credential-sharing, resale, and other abuse, and to attribute a confirmed leak to the responsible account.

Legal basis (legitimate interests) and balancing. We process this security telemetry on the basis of our legitimate interests under Article 6(1)(f) GDPR (and equivalent laws) in protecting our intellectual property, securing the Services, and preventing fraud and abuse — a purpose the GDPR expressly recognizes (Recital 47). We have conducted and documented a Legitimate Interests Assessment weighing this processing against your rights and freedoms. We minimize the data used, do not use it for advertising or profiling unrelated to abuse prevention, restrict access to authorized personnel, and retain it only as long as necessary. You may object to this processing under Article 21 GDPR; where you object, we will stop unless we can demonstrate compelling legitimate grounds that override your interests, or the processing is needed to establish, exercise, or defend legal claims.

Automated decisions and human review. We do not subject you to a decision producing legal or similarly significant effects based solely on automated processing. Detection signals are used to flag accounts for review; a permanent enforcement decision (such as termination for confirmed abuse) is taken only after a human reviews the evidence attributed to your account and records a stated ground, and you may contest it as described in our Terms (Section 6). This reflects your rights under Article 22 GDPR.

Retention. We retain abuse-prevention telemetry and any associated evidence for up to 12 months from collection, and longer only where necessary to establish, exercise, or defend a legal claim, to comply with a legal obligation, or to enforce our Terms, after which it is deleted or anonymized.

11. Your Privacy Rights

Depending on your jurisdiction, you may have some or all of the following rights, subject to legal limits and exceptions:

  • Access — request access to the personal information we hold about you;
  • Correction — correct inaccurate or incomplete information;
  • Deletion — request deletion, subject to legal retention requirements;
  • Restriction — request that we restrict processing in certain circumstances;
  • Objection — object to certain processing, including processing based on legitimate interests;
  • Data Portability — receive your data, or have it transferred, in a portable format;
  • Withdraw Consent — where we rely on consent, withdraw it at any time without affecting prior processing;
  • Opt out of marketing — unsubscribe from marketing communications at any time.

How to exercise your rights. Contact us using the details in Section 20. We may need to verify your identity, and you may use an authorized agent. We will respond within the time required by law (generally 45 days for U.S. state requests, extendable; one month under the GDPR or UK GDPR, extendable up to two further months). We will only decline a request where it is manifestly unfounded, excessive, or repetitive, or where an exception applies, and we will tell you why. We will not discriminate against you for exercising your rights.

Appeals. If we decline your request, you may appeal by emailing support@erkescan.com with “Privacy Appeal” in the subject line; we will respond within the time your state law requires (for example, 45 days in Colorado, and 60 days in Virginia, Connecticut, and Texas). If your appeal is denied, you may contact your state Attorney General or your supervisory authority.

Even if you opt out of marketing, we may still send you service-related communications about your account or our ongoing business relationship.

12. U.S. State Privacy Rights (California and Other States)

No sale or sharing. We do not “sell” your personal information for money, and we do not “share” it for cross-context behavioural advertising, and we have not done so in the preceding 12 months. We honor recognized opt-out preference signals, including Global Privacy Control (GPC). Because we do not sell or share personal information, we do not provide a “Do Not Sell or Share” mechanism beyond honoring these signals and your direct requests.

Sensitive information. We do not use or disclose sensitive personal information for purposes that would require us to offer a “Limit the Use of My Sensitive Personal Information” option, and we do not collect precise geolocation.

California, Virginia, Colorado, Connecticut, Texas, and other states. Residents of California (CCPA/CPRA) and of other states with comprehensive privacy laws have the rights described in Section 11, including access, correction, deletion, portability, opt-out, appeal, the right to use an authorized agent, and the right not to be discriminated against for exercising them. We do not profile you in furtherance of decisions that produce legal or similarly significant effects; where a state grants a right to opt out of such profiling, you may exercise it using the details in Section 20. Exercise these rights using the details in Section 20.

13. Cookies and Tracking Technologies

We use cookies and similar technologies to operate and secure our website, remember your preferences, and measure and improve our own service. Strictly necessary cookies (for example, authentication and session) do not require consent.

First-party only; no third-party advertising. We do not use, sell, or share your personal information for cross-context behavioural advertising or third-party interest-based advertising, and we do not permit third-party ad networks to track you across other sites through our service. We use cookies only for first-party purposes: authentication and session management, security, remembering your preferences, and measuring and improving our own service.

Consent and choices. For any non-essential cookies, where required by applicable law, we place them only after your prior, specific, and informed consent, with the ability to reject as easily as to accept and to change or withdraw your choice at any time. We do not treat continued use of the site or your browser settings as consent, and we recognize and honor recognized opt-out preference signals, including Global Privacy Control (GPC). You can also configure your browser to refuse cookies, though some features may not function properly.

14. International Data Transfers

We and our service providers may store and process your information in countries other than your own, including the United States. Where we transfer the personal data of EEA, UK, or Swiss individuals to a country without an adequacy decision, we rely on appropriate safeguards: (a) the recipient’s certification under the EU-US Data Privacy Framework (and the UK Extension and Swiss-US DPF where relevant); or (b) the European Commission’s Standard Contractual Clauses, together — for UK transfers — with the UK International Data Transfer Agreement or Addendum; combined with supplementary technical and organizational measures such as encryption in transit and at rest and access controls. You may request a copy of the relevant safeguards using the details in Section 20. In limited cases where no safeguard applies, we transfer only under an applicable derogation (for example, where necessary to perform our contract with you, or with your explicit consent to that specific transfer).

15. Children’s Privacy

Our services are intended only for individuals aged 18 or older. We do not knowingly collect personal information from anyone under 18, and if we learn that we have, we will delete it and terminate the account. We recognize that data-protection law sets minimum ages for a child’s own consent (16 in the EEA by default, 13 in the UK); because we require users to be at least 18, we do not knowingly process any minor’s data under these thresholds. If you believe a minor has provided us information, please contact us.

16. Marketing and Messaging

Every marketing email includes an unsubscribe link and our postal address (TR8D3R LLC, 7901 4th St N STE 300, St. Petersburg, FL 33702); we honor opt-out requests promptly and within the time required by law. You may also opt out at support@erkescan.com. Service-related (transactional, security, and billing) messages continue while your subscription is active.

When you link Telegram, you consent to receive the alerts and account or service notifications you subscribed to. We send promotional or non-transactional Telegram messages only with your consent, and you may opt out at any time (unlink Telegram or contact support); transactional and security messages continue while your subscription is active.

17. Cryptocurrency Transactions

When you make cryptocurrency payments through CryptoCloud (whose checkout may be presented under the TryBit brand) or another cryptocurrency payment processor, your transaction data is recorded on the relevant blockchain and may be publicly visible. This data may include wallet addresses, transaction amounts, and timestamps. We are not responsible for any information that becomes publicly available as a result of cryptocurrency transactions.

18. Third-Party Links and Services

Our website may contain links to third-party websites, applications, or services that we do not operate. We have no control over and assume no responsibility for their content, privacy policies, or practices, and we encourage you to review the privacy policy of every website you visit.

19. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. For material changes we will provide reasonable advance notice (by email or a prominent notice on our site) before they take effect, and where a change requires your consent we will obtain it. The “Last Updated” date above shows the latest revision. We encourage you to review this Policy periodically.

20. Contact Us

If you have any questions about this Privacy Policy, or to exercise your privacy rights, please contact us at TR8D3R LLC, 7901 4th St N STE 300, St. Petersburg, FL 33702, or by email at support@erkescan.com (for privacy requests, please include “Privacy Request” in the subject line).