Privacy Policy

All sensitive data is encrypted at rest using AES-256 encryption

Data in transit is protected using TLS 1.3 encryption

Passwords are hashed using bcrypt with salt for maximum security

Database connections use SSL/TLS encryption for all operations

Credit card data is never stored on our servers - processed exclusively through PCI DSS compliant Stripe

Payment method tokens are encrypted and stored securely by Stripe

Financial transactions are processed using Stripe's bank-level security protocols

All payment data transmission uses Stripe's end-to-end encryption

Stripe handles all PCI DSS compliance requirements

Banking information for payouts is processed through Stripe Connect

Verification documents are encrypted and stored with restricted access

Identity verification data is automatically deleted after successful verification

Access to verification documents is logged and audited

Documents are stored in secure, encrypted cloud storage with access controls

Row Level Security (RLS) policies protect all user data

Database access is restricted to authenticated service roles only

All database operations are logged for security auditing

Regular security scans and vulnerability assessments are performed

Multi-factor authentication for administrative access

Role-based access control (RBAC) for all system functions

JWT tokens with expiration for secure session management

Automatic session cleanup and token refresh mechanisms

All financial transactions are processed exclusively through Stripe

Credit card data is never stored on CueCoins servers

Stripe handles all PCI DSS compliance requirements

Banking information for payouts is processed through Stripe Connect

Financial data is subject to Stripe's privacy policy and security standards

Google Places API processes location data for venue search and autocomplete functionality

Google OAuth handles user authentication and profile information

No Google Analytics is currently implemented in the application

All Google data processing follows Google's privacy standards and terms of service

Financial data is shared with Stripe for payment processing

Banking information is shared with Stripe Connect for payouts

All Stripe data sharing is covered by Stripe's privacy policy

Location data is processed by Google Places API for venue search and autocomplete functionality

Google OAuth is used for user authentication (email, profile information)

No Google Analytics tracking is currently implemented in the application

All Google data sharing follows Google's privacy standards and terms of service

Data may be shared with third parties only as required to process payments, conduct analytics, or comply with applicable legal obligations

CueCoins does not sell user data to advertising platforms

All third-party data sharing is subject to strict privacy agreements

Financial transaction records: Retained indefinitely for legal compliance and audit purposes

Identity verification documents: Deleted immediately after successful verification

User account data: Soft-deleted upon account closure, retained for audit and legal compliance

Analytics and usage data: Retained indefinitely in anonymized form for platform improvement

All deleted data is preserved in soft delete state for compliance and security auditing

User data is soft-deleted (marked as deleted) but preserved for audit and legal compliance

Database records are never physically deleted to maintain referential integrity and audit trails

Original usernames and emails are archived to prevent conflicts during re-registration

All deleted data remains accessible to authorized personnel for compliance purposes

We collect only the minimum amount of sensitive data necessary for service provision

Sensitive data is automatically purged when no longer needed

Regular audits ensure compliance with data minimization principles

User consent is required for any additional sensitive data collection