Legal • Privacy

Privacy Policy

This policy explains what data Dappy collects, why we collect it, how we protect it, and your rights as a user. We are committed to transparency and will never sell your personal data.

Last updated: March 2025 Effective: March 1, 2025 iOS & Android
01

Information We Collect

We collect the following categories of information when you use Dappy:

Account Information
When you register, we collect your email address and a securely hashed password. We do not collect your name, phone number, or payment card details directly. Payments are processed by Apple (App Store) or Google (Google Play) and governed by their respective privacy policies.

Usage & App Data:

  • Trading pairs you select and monitor
  • Alert configurations (upper bound, lower bound, step size)
  • Notification history associated with your account
  • Device push token required to deliver notifications
  • Time zone and locale settings

Technical & Analytics Data:

  • Device type, operating system version, and app version
  • IP address (used for security and fraud prevention only)
  • Crash reports and error logs via anonymous crash reporting tools
  • Aggregated usage statistics collected via Firebase Analytics (no personal identifiers)

What We Do Not Collect:

  • Financial account credentials or brokerage data
  • Precise location data beyond your IP-derived country
  • Data from your device contacts, camera, or microphone
  • Any data for advertising or cross-app tracking purposes
02

How We Use Information

We use the information we collect for the following purposes:

PurposeData UsedLegal Basis
Deliver push notifications when price alerts triggerDevice token, alert config, pair pricesContract performance
Maintain your account and preferencesEmail, alert settings, subscription tierContract performance
Process and verify subscription statusApple/Google purchase receiptsContract performance
Monitor app performance and fix bugsCrash logs, error reportsLegitimate interest
Improve the product through usage insightsAggregated analytics (no personal IDs)Legitimate interest
Send important account notificationsEmail addressLegitimate interest
Comply with legal obligationsAs required by applicable lawLegal obligation

We do not use your data for advertising. We do not sell your data to third parties. We do not build advertising profiles about you.

03

Data Sharing & Disclosure

We do not sell, rent, or trade your personal data. We share data only in the following limited circumstances:

  • Firebase (Google LLC): Used for analytics, push notification delivery via FCM, authentication, and hosting. Data is processed under Google's Data Processing Terms.
  • Apple Push Notification service (APNs): Used to deliver notifications to iOS devices. Only your device token and the notification payload are transmitted.
  • Subscription Processors: In-app purchases are handled entirely by Apple App Store and Google Play. We receive only anonymised purchase confirmation receipts.
  • Legal Requirements: We may disclose data if required by applicable law, court order, or governmental authority.
  • Business Transfers: In the event of a merger or acquisition, user data may be transferred with advance notice provided to users.
Important
Dappy does not share your alert configurations, trading pair watchlists, or notification history with any third party for commercial purposes.
04

Data Retention

We retain your data for as long as your account is active or as needed to provide you with the service.

  • Account data is retained for the lifetime of your account. Upon account deletion, personal data is permanently removed within 30 days.
  • Alert and notification history is retained for up to 12 months on active accounts.
  • Crash logs and error data are automatically deleted after 90 days.
  • Aggregated analytics data (no personal identifiers) may be retained indefinitely for product improvement.
  • Financial/subscription records may be retained for up to 7 years to comply with applicable accounting and tax laws.
05

Security

We take reasonable and appropriate technical and organisational measures to protect your information against unauthorised access, alteration, disclosure, or destruction.

  • All data in transit is encrypted using TLS 1.2 or higher
  • Passwords are stored using industry-standard bcrypt hashing — plaintext passwords are never stored
  • Push notification device tokens are stored in encrypted form
  • Access to production systems is restricted to authorised personnel only
  • Firebase Security Rules enforce data access control at the database level
Reporting Security Issues
If you discover a security vulnerability, please report it responsibly to security@dappy.app before disclosing publicly. We commit to acknowledging your report within 48 hours.

No method of electronic transmission or storage is 100% secure. While we use commercially acceptable means to protect your data, we cannot guarantee absolute security.

06

Third-Party Services

Dappy integrates with the following third-party services. Each has its own privacy policy which we encourage you to review:

ServiceProviderPurpose
Firebase AnalyticsGoogle LLCUsage analytics (anonymised)
Firebase Cloud MessagingGoogle LLCPush notifications (Android)
Apple Push Notification serviceApple Inc.Push notifications (iOS)
App StoreApple Inc.iOS distribution & payments
Google PlayGoogle LLCAndroid distribution & payments
Binance Market Data APIBinanceLive price feed (read-only)

We use the Binance public market data API in read-only mode for price feeds. We do not share any user data with Binance, and we do not facilitate any trading activity. Dappy is not affiliated with or endorsed by Binance.

07

Children's Privacy

Dappy is not directed at children under the age of 13 years (or 16 years in the European Economic Area). We do not knowingly collect personal information from children.

If you are a parent or guardian and believe your child has provided us with personal data, please contact us immediately at privacy@dappy.app. If we become aware that we have collected data from a child without verifiable parental consent, we will take steps to delete that information promptly.

08

Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you
  • Correction: Request that we correct inaccurate or incomplete data
  • Deletion: Request that we delete your personal data ("right to be forgotten")
  • Portability: Request your data in a structured, machine-readable format
  • Restriction: Request that we restrict processing in certain circumstances
  • Objection: Object to processing based on legitimate interests
  • Withdraw Consent: Where processing is based on consent, withdraw it at any time
How to Exercise Your Rights
Contact us at privacy@dappy.app. You may also delete your account directly within the app via Settings → Delete Account. We respond to all legitimate requests within 30 days.

If you are located in the EEA or UK, you also have the right to lodge a complaint with your local data protection supervisory authority.

09

Push Notifications

Push notifications are the core feature of Dappy. Here is exactly how they work with respect to your data:

  • On install, you will be asked to grant push notification permission. You can deny or revoke this permission at any time in your device Settings.
  • If permission is granted, your device generates a unique device token provided by Apple APNs or Google FCM. This token is stored on our servers associated with your account.
  • When a price alert triggers, our server sends a notification payload containing only the pair name and price to the notification service for delivery to your device.
  • The device token does not personally identify you and changes periodically. It is used solely for notification delivery.
  • You can disable push notifications at any time in your device Settings or within the app via Settings → Notifications. This will not affect your active alert configurations.
10

International Transfers

Dappy may process and store data on servers located outside your country of residence, including in the United States (Firebase/Google infrastructure).

When we transfer data outside the EEA, we ensure appropriate safeguards are in place including:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Transfers to countries with an adequacy decision from the European Commission
  • Google's data processing terms, which include appropriate international transfer mechanisms
11

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

  • Posting the new policy on this page with an updated "Last Updated" date
  • Sending an in-app notification or email if the changes are significant

We will give you at least 14 days' notice before material changes take effect. Your continued use of Dappy after changes are posted constitutes acceptance of the updated policy.

12

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Privacy Contact
Privacy enquiries: privacy@dappy.app
Security issues: security@dappy.app
Response time: Within 30 days of receiving a verifiable request
In-app: Settings → Contact & Feedback