Privacy Policy

Cryptosystems - Algorithmic Trading Systems

Effective Date: March 1, 2026

1. Our Privacy Philosophy: Data Minimization by Design
Cryptosystems operates on a zero-knowledge architecture. We are designed so that we cannot disclose your trading activity, wallet balances, or private keys, even if compelled by third parties or legal process.

Core Principle: We cannot provide what we do not hold.

2. Corporate Identity

Services are provided by Meridian Data Processing LLC, a Wyoming limited liability company doing business as "Cryptosystems" ("we," "us," "our," or "Cryptosystems"). The technology underlying the Service is developed and maintained within the European Union by our European licensor, and all personal data is stored and processed on servers located within the EU.

All data processing complies with:

  • EU General Data Protection Regulation (GDPR)

  • Estonian Personal Data Protection Act

  • Principles of privacy by design and privacy by default

3. Zero-Knowledge Architecture

Our infrastructure is engineered to ensure that:

What We CANNOT Access (Even If We Wanted To):

  • Your trading activity - We do not track trades, positions, PnL, or portfolio allocations

  • Your wallet balances - We cannot see asset holdings or transaction history

  • Your private keys or seed phrases - Zero custody, zero access

  • Your exchange API keys - These never touch our servers (client-side only)

  • Your on-chain identity - We cannot link wallet addresses to your personal identity

Technical Implementation:

  • End-to-end encryption for data in transit (TLS 1.3)

  • Encrypted and anonymized at rest - Data stored with key separation

  • Client-side execution - Trading systems run on your infrastructure, not ours

  • Zero server-side logging of trading activity or financial data

Legal Consequence: In the event of a subpoena or legal request, we can confirm only the existence of an account associated with an email address. We cannot provide trading history, financial balances, asset locations, or wallet associations, as this data does not exist on our servers.

4. Information We Collect (Minimal Data Only)

We collect only the absolute minimum required to provide the Service:

3.1 Account Data

  • Email address or username (for authentication and critical service notifications)

  • Password hash (encrypted using bcrypt; we cannot see your actual password)

  • Subscription status (Foundation vs. Sovereign tier, billing cycle)

  • Account creation date

We do NOT collect:

  • Real names (unless voluntarily provided)

  • Physical addresses

  • Phone numbers

  • Government IDs or KYC documents

  • Social media profiles

3.2 Payment Data (Cryptocurrency Only)

  • Blockchain transaction ID (to verify payment and activate subscription)

  • Payment amount and timestamp (as recorded on the blockchain)

All payments are made in cryptocurrency (USDC on Ethereum Mainnet). We do not accept bank transfers, credit cards, or other traditional payment methods. We do not use Stripe, PayPal, or any third-party payment processor.

Clients send USDC to our company's provided deposit address. We recommend sending payments from your own CEX account (e.g., Coinbase, Kraken, Binance). When you send from a CEX, the on-chain transaction originates from the exchange's shared hot wallet, not from a wallet personally identifiable to you. This means that even though blockchain transactions are publicly visible, the source of your payment cannot be traced back to you on-chain.

By making a payment, you represent and warrant that you are not a person or entity listed on the U.S. Office of Foreign Assets Control (OFAC) Specially Designated Nationals and Blocked Persons List (SDN List), or any equivalent sanctions list maintained by the European Union, United Nations, or United Kingdom, and that you are not located in, organized under the laws of, or ordinarily resident in any comprehensively sanctioned jurisdiction. Payments originating from a regulated centralized exchange (CEX) provide an additional layer of compliance assurance, as these platforms are required by law to perform identity verification and sanctions screening on their account holders. We reserve the right to reject, reverse, or refund any payment, and to suspend or terminate access to the Service without prior notice, if we determine in our sole discretion that a transaction may involve a sanctioned person, entity, or jurisdiction, or otherwise violates applicable sanctions regulations.

After sending, you provide us with the blockchain transaction ID so we can verify payment and activate your subscription.

We do NOT store:

  • Source wallet addresses (we have no way to determine which individual sent a transaction from a shared exchange hot wallet)

  • Your personal wallet addresses or on-chain identity

  • Private keys or seed phrases

3.3 Technical & Usage Data (Security Only)

  • IP address (for abuse prevention and security)

  • Access logs (login timestamps, not activity logs)

  • Browser type and OS (for compatibility)

  • Software version downloaded (for support)

We do NOT track:

  • Trading strategies or parameters

  • System performance or profitability metrics

  • Browsing behavior or page views

  • User behavior analytics

3.4 Communications

  • Support emails (only if you contact us for help)

  • Stored only as long as necessary to resolve your inquiry

5. How We Use Your Information

Your minimal data is used exclusively for:

  • Authentication - Verifying your identity to grant system access

  • Service Delivery - Providing access to software downloads and updates

  • Subscription Management - Tracking billing cycles and plan status

  • Security - Preventing unauthorized access, fraud, and abuse

  • Sanctions Screening - Screening account information (email address, IP-derived location) against applicable sanctions lists to comply with U.S. OFAC regulations and equivalent EU/UN sanctions regimes

  • Support - Responding to technical issues you report

  • Legal Compliance - Meeting obligations under applicable law, including sanctions compliance

We do NOT:

  • Sell, rent, or trade your data

  • Use your data for advertising or marketing (unless you opt in)

  • Share data with third-party analytics or advertising networks

  • Profile you for behavioral targeting

6. Legal Basis for Processing (GDPR Article 6)

  • Contract Performance (Article 6(1)(b)) - Processing necessary to provide the Service

  • Legitimate Interests (Article 6(1)(f)) - Security, fraud prevention, system integrity

  • Legal Obligation (Article 6(1)(c)) - Tax and corporate compliance under applicable law, including sanctions screening required by U.S. OFAC regulations

We do not rely on consent as the legal basis for processing personal data necessary to provide the Service. Where consent is required for any optional processing (e.g., marketing communications), it will be obtained separately and can be withdrawn at any time.

7. Data Storage & Security

6.1 Data Location

All personal data is stored on servers located within the European Union. We do not transfer personal data to servers outside the EU. For information on access from outside the EU in connection with service operations, see Section 13.

6.2 Security Measures

  • TLS 1.3 encryption for all data in transit

  • Encrypted storage at rest with key separation

  • bcrypt password hashing (industry-standard, one-way)

  • Access controls - Restricted to essential personnel only

  • Regular security audits and penetration testing

  • Distributed rights management - No single point of compromise

6.3 Your Responsibility

You are responsible for:

  • Maintaining confidentiality of your login credentials

  • Using a strong, unique password

  • Securing your own devices and API keys

  • Enabling two-factor authentication (if available)

No system is 100% secure. We employ best practices, but ultimate security depends on your own operational security.

8. Data Retention

We retain data for the minimum time necessary:

Account credentials – Until account closure + 30 days, for dispute resolution.
Access logs – 6 months, for security and abuse detection.
Support emails – Until issue resolution only. No statutory retention requirement.
Payment records (blockchain transaction IDs) – 7 years, as required by the Estonian Accounting Act.

After these periods, data is permanently and irreversibly deleted.

You can request deletion by exercising your Right to Erasure (see Section 9). Upon receiving a valid erasure request, we will acknowledge it within 30 days as required by GDPR. Certain data may be retained beyond this period where permitted under GDPR Article 17(3), including: data required for compliance with a legal obligation (e.g., 7-year tax records), data necessary for the exercise or defense of legal claims (e.g., 30-day post-closure dispute resolution window, or data relating to termination for cause under the Terms of Service).

9. Third-Party Services (Minimal Use)

We use minimal third-party infrastructure to deliver the Service. All processors are bound by GDPR-compliant Data Processing Agreements.

Server hosting – EU-based data center provider. All data stored and processed within the European Union. The hosting provider has physical access to encrypted servers but cannot decrypt data at rest.

Email delivery – EU-based email provider, used solely for account-related communications. Only your email address is shared for delivery purposes.

We do not use Google Analytics, Facebook Pixel, advertising trackers, third-party marketing cookies, or behavioral profiling services. We use only essential technical cookies for session management.

10. Your Privacy Rights
You have the following rights under applicable data protection law. Where GDPR applies (EU/EEA data subjects), these rights are guaranteed under the Articles referenced below. Data subjects in other jurisdictions may have equivalent rights under their local laws (e.g., CCPA, LGPD).

9.1 Right to Access (GDPR Article 15)
Request a copy of all personal data we hold about you.

9.2 Right to Rectification (GDPR Article 16)
Correct inaccurate or incomplete information.

9.3 Right to Erasure ("Right to Be Forgotten") (GDPR Article 17)
Request permanent deletion of your account and all associated data. We will acknowledge your request within 30 days. Deletion will be completed subject to the retention exceptions described in Section 7 (legal obligations, defense of legal claims).

9.4 Right to Data Portability (GDPR Article 20)
Receive your data in a machine-readable format (JSON/CSV).

9.5 Right to Restrict Processing (GDPR Article 18)
Limit how we use your data in certain circumstances.

9.6 Right to Object (GDPR Article 21)
Object to processing based on legitimate interests.

9.7 Right to Withdraw Consent
If any processing is based on consent, withdraw it at any time without affecting the lawfulness of processing based on other legal grounds (e.g., contract performance).

To exercise these rights:
Email: contact@cryptosystems.org

We will respond within 30 days as required by GDPR.

11. Cookies

We use minimal essential cookies only:

session_id – Keeps you logged in. Expires when you close your browser.
csrf_token – Prevents cross-site attacks. Expires when you close your browser.

We do not use advertising, analytics, or tracking cookies.
You can block cookies in your browser settings, but this may prevent login functionality.

12. Children's Privacy

Our Service is not intended for individuals under 18 years of age. We do not knowingly collect data from minors. If discovered, such data will be immediately deleted.

13. Data Breach Notification

In the event of a data breach affecting personal information:

  • You will be notified within 72 hours (GDPR Article 33)

  • Relevant authorities (Estonian Data Protection Inspectorate) will be informed

  • We will provide details about the breach, affected data, and mitigation steps

Due to our zero-knowledge architecture, most data breaches would expose only encrypted email addresses and subscription statuses — not trading activity or financial information, which we do not hold.

14. International Data Transfers

All personal data is stored on servers located within the European Union. We do not transfer personal data to servers outside the EU.

To the extent that personal data is accessed from outside the EU in connection with service operations (e.g., by personnel of the data controller or affiliated entities), such access is governed by Standard Contractual Clauses (SCCs) approved by the European Commission and/or the EU-U.S. Data Privacy Framework, ensuring adequate safeguards under GDPR Article 46.

If future circumstances require material changes to our data transfer practices, we will:

  • Implement additional safeguards as required under GDPR Article 46

  • Notify users of such changes with 30 days' notice

  • Update this Privacy Policy accordingly

15. Legal Disclosure Policy

In the event of a valid subpoena, court order, or other compulsory legal process, we may disclose the following data to the extent it exists at the time of the request:

Account information: confirmation that an email address is or was associated with an account, subscription status, and billing cycle dates.
Payment records: blockchain transaction IDs associated with subscription payments. These are publicly visible on-chain and do not contain personally identifying information.
Access logs: IP addresses and timestamps, subject to our 6-month retention period. Logs older than 6 months are permanently deleted and cannot be recovered.
Data we do not collect or store, and therefore cannot produce under any legal process:
Client trading activity, positions, profit and loss, or portfolio data. All trading systems operate on client-owned infrastructure under client control.
Client wallet balances, private keys, seed phrases, or exchange API credentials.
Proprietary system architecture, algorithms, or trading strategies. These constitute trade secrets and are protected under Section 4.5 and Section 9 of the Terms of Service.
We will notify affected users of any legal request for their data unless prohibited by law or court order. For your obligations regarding our proprietary information in response to legal process, see Section 9.3 of the Terms of Service.

16. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email to your registered address at least 30 days before they take effect. If you do not agree with the revised policy, you may close your account before the effective date.


17. Data Controller Information

Data Controller:
Meridian Data Processing LLC (d/b/a Cryptosystems)
Email: contact@cryptosystems.org

Personal data is stored and processed within the European Union on behalf of the data controller by our European licensor, acting as a data processor under a GDPR-compliant Data Processing Agreement.

18. Supervisory Authority

You have the right to lodge a complaint with the competent data protection authority. The Estonian Data Protection Inspectorate is the supervisory authority for the data processing activities described in this policy, as personal data is stored and processed within Estonia.

Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon)
Website: https://www.aki.ee/en
Email: info@aki.ee
Address: Tatari 39, 10134 Tallinn, Estonia
Phone: +372 627 4135


19. Contact Us

For privacy-related inquiries, data access requests, or to exercise your privacy rights:

Entity: Meridian Data Processing LLC (d/b/a Cryptosystems)
Email: contact@cryptosystems.org
Website: https://www.cryptosystems.org
Registered Agent: 30 N Gould St, Sheridan, WY 82801

Response Time: Within 30 days (GDPR requirement)

Cryptosystems
Sovereign execution infrastructure for the post-fiat era.

Systems

Services

Plans

Intelligence

Contact

Cryptosystems provides automated execution software. We are not a registered investment advisor, broker-dealer, or financial institution. All assets remain 100% non-custodial. Past performance of algorithms does not guarantee future results. Trading digital assets involves significant risk.



© 2025 Cryptosystems. All rights reserved. · Terms of Service · Privacy Policy

Cryptosystems
Sovereign execution infrastructure for the post-fiat era.

Systems

Services

Plans

Intelligence

Contact

Cryptosystems provides automated execution software. We are not a registered investment advisor, broker-dealer, or financial institution. All assets remain 100% non-custodial. Past performance of algorithms does not guarantee future results. Trading digital assets involves significant risk.



© 2025 Cryptosystems. All rights reserved. · Terms of Service · Privacy Policy

Cryptosystems
Sovereign execution infrastructure for the post-fiat era.

Systems

Services

Plans

Intelligence

Contact

Cryptosystems provides automated execution software. We are not a registered investment advisor, broker-dealer, or financial institution. All assets remain 100% non-custodial. Past performance of algorithms does not guarantee future results. Trading digital assets involves significant risk.



© 2025 Cryptosystems. All rights reserved. · Terms of Service · Privacy Policy