Privacy Policy
graphGURU.ai is an analysis-only market-data site run by its individual operator ("we", "us"), designed to work with as little personal data as possible. This policy explains what we collect, why, how long we keep it, and the choices you have. Questions or requests: privacy@graphguru.ai.
The short version
- We collect as little as possible. Browsing and reading all analysis work without an account.
- Live prices are streamed by your own browser directly from Binance — that connection does not pass through us.
- If you create a free account, we store only what authentication needs: your email, a hashed password or Google sign-in identity, hashed session tokens, and short-lived one-time codes.
- We run no analytics, no advertising tags, and no cross-site tracking, and we do not sell personal data.
- We keep standard server logs (including IP addresses) to operate, rate-limit, and protect the service.
What we collect
Browsing and analysis requests
When you open a coin or timeframe, your browser requests pre-computed analysis from our servers. To serve those requests, apply rate limits, prevent abuse, and diagnose problems, our infrastructure (Cloudflare) processes standard web-server log data — the requested URL, timestamp, IP address, and user-agent. These logs are used to operate and protect the service, not to build advertising profiles.
Live price data comes from your browser
The live price ticker connects from your device straight to Binance's public WebSocket feed. That connection is between your browser and Binance — our servers are not in the middle of it and do not receive your price stream. Binance's own terms and privacy practices apply to that connection.
Account data (only if you sign up)
- Email address — your account identifier, used for sign-in codes and account recovery.
- Password — stored only as a salted PBKDF2-SHA256 hash; we never store or see your plain password.
- Google sign-in (optional) — we receive your Google account ID, email, name, and profile picture from Google to create or log in to your account.
- Sessions — we store cryptographic hashes of random session tokens, not the tokens themselves. Sessions expire after about 90 days.
- One-time codes — sign-in and reset codes are stored as peppered hashes and expire after about 10 minutes.
Email notification preferences (optional)
If you save email-alert preferences, we store the coins, timeframes, thresholds, and destination email address you choose, so the feature can remember your settings. Customer market-signal emails are currently paused while the notification feature is redesigned; any future notification emails will be sent only to contacts who have verified their address and explicitly opted in, and every such email will include a working unsubscribe.
Donations
Donations are voluntary crypto transfers sent directly from your own wallet to a published address — the site does not collect your identity, wallet credentials, or payment details to make one. Note that blockchain transactions are public and permanent by the nature of the blockchain and cannot be erased by us.
Cookies and local storage
We set exactly one cookie: a short-lived (10-minute), HttpOnly cookie that protects the Google sign-in flow against cross-site request forgery. Everything else — your theme, your session token, and interface preferences — lives in your browser's local storage and stays on your device. We do not use advertising cookies, analytics cookies, or any cross-site tracking technology.
How we use data
- to operate, secure, rate-limit, and debug the service;
- to authenticate you and keep your account working;
- to deliver emails you have explicitly requested (verification codes, and any future opted-in notifications);
- to comply with legal obligations.
We do not sell personal data, and we do not use personal data to build advertising profiles.
Who processes data for us
We share data only with the service providers that make the site work, and only as needed:
- Cloudflare — hosting, edge caching, and the database that stores account data;
- Resend — delivers authentication and notification email;
- Google — only if you choose Google sign-in;
- Binance — public market data; the live-price connection is made directly by your browser, not by us.
We may also disclose data where we are legally required to, or to protect the service and its users from abuse or attack.
Data retention and deletion
- Account data is kept until you delete your account (you can do this yourself on the account page), which removes the associated profile and preference data.
- Sessions expire after about 90 days; one-time codes after about 10 minutes.
- Server logs are retained briefly by our infrastructure provider according to its standard practices.
- Blockchain records of donations are public and permanent and cannot be deleted by us.
Your rights and choices
- Use the site anonymously — no account or email required.
- Access, correct, or export the data we hold about you by emailing privacy@graphguru.ai.
- Delete your account from the account page, which removes the associated profile data.
- Unsubscribe from any optional email via the link in the message, or ask us to remove a stored address.
- Depending on where you live (for example under the GDPR), you may have additional rights — such as objecting to or restricting processing, or complaining to a supervisory authority. Contact us and we will honor the rights that apply to you. We will not discriminate against you for exercising them.
Security
Passwords, session tokens, and one-time codes are stored only as cryptographic hashes; traffic is served over HTTPS; and access to systems is limited. No method of storage or transmission is 100% secure, but we design the service to hold as little as possible in the first place.
International transfers
Our processors (Cloudflare, Resend, Google) operate globally and may process data in countries other than yours, including the United States. By using the service you understand that your data may be transferred to and processed in those locations, subject to the safeguards described above.
Children
The service is not directed at anyone under 18, and we do not knowingly collect personal data from children.
Changes to this policy
We may update this policy as the service evolves. The "Last updated" date below shows the current version; material changes take effect when posted on this page.
Last updated: 18 July 2026.