We're strictly complaint with the CAN-SPAM Act 2003 and other applicable anti-spam regulations. When you sign up you can specify what types of emails you want to receive. You can change your settings or unsubscribe from our mailing lists at any time.
When you complete surveys and other offers from our advertisers, we don't receive that information. We are only sent a simple notification when an offer has been completed successfully.
We never sell personal information about you to third parties. We're compliant with data protection regulations and try to minimise the data we store wherever possible.
We don't require you to supply a password when creating your account. This actually protects your privacy, since many casual users use the same password on multiple websites. Instead all changes to your account are confirmed via a confirmation email.
As a European company, we are bound by the General Data Protection Regulation (GDPR).
This policy describes in detail how your personal data is stored, processed and shared. It also describes the control you have over your data.
We last updated this Privacy Policy to Version 3, on the 12th October 2018.
Your Email Address is a unique address, which can be used to send you electronic mail.
| Usage | Description | Default | Optional? |
|---|---|---|---|
| Storage |
We need to store your email address, so we can identity or contact you. Furthermore, may need to store additional email addresses, if you provide them to us as payment settings. |
Enabled | No |
| Processing | We need to process your email address, so we can identity or contact you. | Enabled | No |
| Sharing |
We may need to display a partially obfuscated version of your email address to other users, as part of our social proof. For example, we might display johnsmith@gmail.com as john*****@gmail.com. Additionally, in order to ensure you cannot be identified, we only share the domain names of widely used mailbox providers. For example, we might display johnsmith@johnsbakery.com as john****@****.com. We may need to share your email address with trusted third parties such as Google and Facebook, in order to link your account, or target you with relevant advertisements in the future. We do not, under any circumstances, sell your email address to any third parties. |
Enabled | No |
Your Password is a secret string of characters, which can be used to prevent others from accessing your account.
| Usage | Description | Default | Optional? |
|---|---|---|---|
| Storage |
We never store a raw version of your password. Instead it is converted into a cryptographically secure hash before storage. A hashed password is almost impossible to convert back into its raw version, particularly if you use a difficult enough password, containing a broad range of characters. |
Disabled | Yes |
| Processing |
We need to process your raw password, so we can convert it into a cryptographically secure hash. This takes place on secure servers operated by our Primary Data Processor. |
Disabled | Yes |
| Sharing |
We never share your password with any third party. |
Disabled | No |
Your IP Address is a unique return address, which is transmitted whenever you access our website or apps. We can use this data to determine which country you are in with around a 99% level of accuracy. Towns and cities can be identified with around an 80% level of accuracy, depending on the country you are in.
However, only your Internet Service Provider (ISP) knows your exact location. They manage the connection between your local internet exchange and your household.
| Usage | Description | Default | Optional? |
|---|---|---|---|
| Storage | We need to store your IP Addresses, in order to detect fraudulent activity. | Enabled | No |
| Processing | We need to process your IP Addresses, in order to detect fraudulent activity. | Enabled | No |
| Sharing | We never share your historical IP Addresses with any third parties, although they may choose to share your current IP Address with us. | Disabled | No |
When you use any of our apps we may receive your Device ID. This is a unique code, which can be used to identify your device.
| Usage | Description | Default | Optional? |
|---|---|---|---|
| Storage | We need to store your Device IDs, in order to detect fraudulent activity and to allow conversions to be tracked. | Enabled | No |
| Processing | We need to process your Device IDs, in order to detect fraudulent activity. | Enabled | No |
| Sharing | We may need to share your Device IDs with any third parties, in order to allow conversions to be tracked. | Enabled | No |
When you connect to a website using a web browser a User Agent field is also usually transmitted. This contains information about what type of device you are using, your operating system type and version, your browser type and version, and other metadata which can be used to identify your device.
| Usage | Description | Default | Optional? |
|---|---|---|---|
| Storage | We need to store your User Agents, in order to detect fraudulent activity. | Enabled | No |
| Processing | We need to process your User Agents, in order to detect fraudulent activity. | Enabled | No |
| Sharing | We never share your User Agents with any third parties. | Disabled | No |
When you create an account we will assign it a unique integer value, called your Account ID. We may then use this to identify your account with third parties, without having to expose any of your personal data.
| Usage | Description | Default | Optional? |
|---|---|---|---|
| Storage | We need to store your Account ID, in order to identify your account. | Enabled | No |
| Processing | We need to process your Account ID, in order to identify your account. | Enabled | No |
| Sharing | We need to share your Account ID, in order to identify your account. | Enabled | No |
Additionally, we provide you with a third party verification code. This is similar to your Account ID, and you can use it to verify non-personal statistics about your account via our API, with non-trusted third parties.
Article 9 of the GDPR identifies certain special categories of data that require explicit consent. These concern highly sensitive data such as sexual orientation and political affiliations.
We do not store, process or share any data categories that might be considered highly sensitive .
By registering an account you grant implicit consent for us to collect and use your data, as described in this Privacy Policy.
| Data Category | Level of Consent |
|---|---|
| Email Addresses | Implicit |
| Passwords | Implicit |
| IP Addresses | Implicit |
| Device IDs | Implicit |
| User Agents | Implicit |
| Account IDs | Implicit |
This Privacy Policy does not extend your consent to third parties, with the exception of the Responsible Parties described elsewhere.
Please note that you may be asked highly sensitive questions, as part of offers or surveys on third party sites, which we may link to. We urge you to exercise caution and to read third party privacy policies carefully, before deciding to share your data.
You have the right to view all the personal data we have about you. This can be achieved simply, by typing the email address you used to register your account and pressing the 'Email My Data' button below.
We will then send you an email, containing all the personal data we have about you including: Email Addresses, IP addresses, Device IDs, User Agents and your Account ID.
Please note that if you failed to register using a valid email address, or have since deleted your account, then we will be unable to confirm your identity. Therefore, in order to protect your privacy, it will not be possible for us to grant you access to your data.
If your account remains completely inactive for an extensive period of time (greater than 3 months) we may delete it, in order to protect your privacy and ensure you are eventually forgotten.
Additionally, at any time you may delete your account yourself, by typing the word 'DELETE' in the settings tab and then updating your settings. Note that it may take several weeks for us to completely purge your personally identifiable data from all of our servers and backups.
Please note that, in order for us to monitor and prevent future fraud, we must continue to store some anonymous metadata such as IP Addresses. However, any data retained will no longer be associated with any personally identifiable data, such as email addresses or payment information.
If you delete your account you will lose all the points you have earned. Therefore you should consider this carefully before choosing to delete your account.
You have further rights, such as the right to amend your personal data and the right to request that we stop processing your data.
Wherever possible we allow you to change your privacy settings, in order to control how your data is used.
However, peventing fraud is essential to the operation of our service. We cannot allow users to amend their data or block processing, as it would inhibit our ability to combat fraud. Therefore, in order to exercise these additional rights, you may delete your account.
Here is a list of parties which handle your sensitive personal data and a description of their role:
| Type | Entity | Responsibility |
|---|---|---|
| Data Controller | CryptoWall | Overall control over data. |
| Primary Data Processor | AMAZON WEB SERVICES, INC | Secure storage and processing of relational data in the cloud. |
| Secondary Data Processor | SENDGRID, INC | Secure storage and processing of email data. |
| Secondary Data Processor | MAILGUN TECHNOLOGIES, INC | Secure storage and processing of email data. |
| Secondary Data Processor | ZENDESK, INC | Secure storage and processing of customer support data. |
| Secondary Data Processor | MAXMIND, INC | Secure storage and processing of data. |
| Secondary Data Processor | PAYPAL HOLDINGS, INC | Secure storage and processing of payment transaction data. |
Additionally, some personal data such as payment records may be disclosed with other trusted third parties in order to ensure our compliance with taxation, as a mandatory requirement for necessary auditing, or if legally obliged to do so by an empowered government agency.
Your relational data is stored and processed in multiple, highly secure data centers, all located within the United States. You can learn more about the security compliance standards achieved by our primary data processor here.
Our use of cookies has been limited to functions that are absolutely essential to the operation of our service. When we need to identify you, your Account ID is used instead of more sensitive data.
| Cookie | Description | Trigger | Expiry | Secure? |
|---|---|---|---|---|
| pp_ref |
This cookie is essential to the operation of our referral program. It cannot be used to identify you personally. Instead it merely identifies the account which referred you, using their Account ID. |
Clicking a referral link | 1 Year | Yes |
| pp_ldr | This cookie is essential to the operation of our referral program. It cannot be used to identify you personally. Instead it merely identifies the type of referral link you clicked on. | Clicking a referral link | 1 Year | Yes |
| pp_cpa | This cookie is essential to the operation of our marketing. It cannot be used to identify you personally. Instead it merely identifies the marketer which told you about us. | Clicking a marketing link | 1 Month | Yes |
| pp_act | This cookie is essential to the operation of account sessions on our website. This cookie identifies you by your Account ID. | Logging in or registering | 1 Week | Yes |
Additionally, insecure cookies may be saved by trusted third party scripts, such as Google Analytics. By using our website with cookies enabled, you consent to all cookies.
Affiliates of CryptoWall may embed our Pixels into third party websites. These Pixels contain the cookie 'pp_ref'. We do not use Pixels to store or process any data regarding your activity on third party websites.