Last Updated: April 4, 2026

Privacy Policy

Your data. Your rights. Our responsibilities.

Simple Truth: We do not use cookies, sell personal data, or build advertising profiles. We do use minimal anonymous analytics and site telemetry to understand what people read, improve the product, and keep core features reliable.

1. Information We Collect

We Don't Collect Personal Information

We do not collect any personal information. No names, no emails (unless you contact us first), no accounts, no profiles, no cookies, no tracking across websites. You are anonymous here. We don't know who you are, and we don't want to.

What We Do Collect (Minimal Anonymous Usage Data)

We use Cloudflare Web Analytics and limited first-party telemetry to understand how the site is used and whether core features are working:

  • Anonymous visitor counts and page reads
  • Aggregated referral, browser, and device information for technical optimization
  • Article votes, feedback totals, and outbound listing clicks counted in aggregate
  • Temporary live-visitor heartbeat signals used to estimate how many people are active on the site right now

This data is intended to stay minimal, aggregated where practical, and focused on site operations rather than advertising. Cloudflare Web Analytics is cookieless, and our own telemetry is used to improve the product, monitor reliability, and prevent abuse.

Direct Email Communication (User-Initiated)

If you choose to email us directly at addresses we provide (e.g., info@youbuybitcoin.com), you are voluntarily sharing your email address and message content. This is standard email communication — not data collection via our website.

2. How We Use Your Information

We use limited anonymous usage data to operate the site responsibly. Here's what that means in practice:

  • Analytics: Anonymous, aggregated data helps us understand traffic patterns and improve the site (for example, which pages are useful and where people drop off).
  • Product Signals: We count article votes, outbound listing clicks, and swap comparison activity in aggregate so we can improve rankings, content, and tool quality.
  • Operational Telemetry: Temporary live-visitor heartbeats and technical request data help us keep features working, understand load, and limit abuse.
  • Direct Emails: If you email us, we'll respond to your inquiry. We won't add you to mailing lists without permission.
  • No Personal-Data Sales: We do not sell personal data or build advertising profiles from site usage.

3. Third-Party Services

Fonts

All fonts (JetBrains Mono, IBM Plex Mono) are hosted locally on our own servers. No third-party font services are used. Your browser makes zero external requests for typography — no IP addresses are shared with font providers.

Swap Provider APIs (8 providers)

When you use the swap rate comparison tool, your browser sends requests to third-party swap providers (ChangeNOW, SimpleSwap, FixedFloat, Exolix, SideShift, Godex, ChangeHero, LetsExchange) to fetch current rates. We do not custody funds or process swaps. If you click a swap provider link, you leave our site and are subject to their privacy policies.

GDPR Art. 13(1)(e) disclosure: The swap rate request originates directly from your browser. This means your IP address is seen by each provider's API at the moment of the request. We do not control that transfer once it is initiated. The providers are independent data controllers for any data they receive from your browser.

The Orange Pages (External Listings)

When you visit an Orange Pages listing website, you leave YouBuyBitcoin.com and are subject to that third-party's privacy policy. We curate and verify listings, but we do not control or monitor external websites. Some listings may include affiliate links — these are always disclosed.

Cloudflare Web Analytics

As mentioned above, we use Cloudflare's cookieless analytics. Cloudflare does not track individual users or use cookies. All data is anonymized and aggregated. Learn more about Cloudflare Web Analytics.

First-Party Site APIs

We also use limited first-party endpoints to power article feedback totals, outbound listing click counts, aggregated swap-comparison activity, and the live visitor counter. Those requests may involve basic technical data such as IP address, user agent, timestamps, and temporary session-style identifiers for rate limiting, abuse prevention, and reliability monitoring. We do not use this data to build advertising profiles or sell personal data.

Site Search (Cloudflare Workers AI)

When you use the site search feature, your search query is sent to our Cloudflare Worker which uses Cloudflare Workers AI to generate a semantic embedding for matching against our content index. Query text is processed in real time and is not stored, logged, or shared with any third party. The AI model runs entirely within our Cloudflare account — no data leaves Cloudflare’s infrastructure. Search results may be cached briefly (up to 1 hour) to improve performance, using only the query text as a cache key.

AI Content Assistance Tools

We use AI tools including Claude (by Anthropic) and Perplexity to assist with content writing, research, code generation, and fact-checking. These tools are used by the operator in an offline capacity only. No visitor data, search queries, or personal information is shared with these AI services. All AI-assisted content is reviewed, fact-checked, and approved by the site founder before publication.

4. Data Controller

The data controller for this website is:

  • Name: Marius Madar (known as: Marius, The Master Of Disaster)
  • Location: Oradea, Bihor, Romania
  • Email: info@youbuybitcoin.com
  • Supervisory Authority: ANSPDCP (Autoritatea Nationala de Supraveghere a Prelucrarii Datelor cu Caracter Personal) — dataprotection.ro

For full operator details, see our Impressum / Legal Information page.

5. Purposes of Processing

We process limited technical and communication data for specific operational purposes:

  • Analytics: Understanding page demand, traffic patterns, and product usage at an aggregate level.
  • Feedback totals: Counting article votes and feedback signals so we can improve content quality.
  • Outbound click counts: Measuring which directory listings people actually use.
  • Swap activity: Tracking aggregate comparison activity and redirect interactions needed to operate the swap tool responsibly.
  • Live visitor heartbeats: Estimating how many visitors are active on the site right now and keeping that feature reliable.
  • Semantic search: Processing search queries so the site can return relevant results.
  • Direct email correspondence: Responding when you contact us by email.
  • Security and abuse prevention: Rate limiting, reliability monitoring, and basic technical fraud/abuse controls.

6. Legal Bases for Processing

Where the GDPR applies, we rely primarily on the following legal bases:

  • Legitimate interests (Art. 6(1)(f)): Site security, anti-abuse controls, aggregate analytics, first-party telemetry, live visitor heartbeats, and semantic search operations needed to run and improve the website.
  • Performance of a contract / pre-contract steps (Art. 6(1)(b)): When you email us with a question, we process your message to respond to you at your request — a pre-contract step initiated by you.
  • Legal obligation (Art. 6(1)(c)) or legitimate interests where applicable: Recordkeeping, dispute handling, and compliance with applicable law.

Balancing test for legitimate interests: Where we rely on Art. 6(1)(f), we have balanced our interests against your rights and freedoms. Given the minimal, temporary, and non-sensitive nature of the data we process (aggregated, IP-hashed, short retention), we consider our legitimate interest is not overridden by your rights. You can object to processing under Art. 6(1)(f) at any time (Art. 21).

We do not rely on advertising consent banners because we do not use advertising cookies or behavioral advertising trackers.

7. Recipients / Processors

We keep the processor surface intentionally small. Depending on the feature you use, data may be processed by:

  • Cloudflare: For Pages hosting, Workers, Web Analytics, Workers AI search, and supporting storage/caching infrastructure. Cloudflare’s Data Processing Addendum is available at cloudflare.com/cloudflare-customer-dpa.
  • Microsoft 365 (via GoDaddy): Hosts our email (info@youbuybitcoin.com and contribute@youbuybitcoin.com) for standard email communication if you contact us directly.
  • Third-party swap providers and external listing websites: For details on these data flows, see Section 3: Third-Party Services above.

Cloudflare operates a global network. Data processed through Cloudflare Workers and analytics may transit through data centers outside the European Economic Area. Cloudflare maintains Standard Contractual Clauses (SCCs) and other safeguards compliant with GDPR Chapter V for international transfers.

We do not sell personal data, rent audience lists, or share personal data with advertising networks to build marketing profiles.

8. Your Rights

Under the GDPR, you may have the right to:

  • Access (Article 15): Ask what personal data we hold about you, especially if you contacted us directly by email.
  • Rectification (Article 16): Ask us to correct inaccurate personal data.
  • Erasure (Article 17): Request deletion of personal data we control, such as email correspondence, subject to legal or operational retention needs.
  • Restriction (Article 18): Ask us to limit certain processing in appropriate cases.
  • Portability (Article 20): Request your personal data in a portable format where applicable.
  • Objection (Article 21): Object to certain processing where legitimate interests are used as the legal basis.

Because much of our analytics and telemetry is aggregated or temporary, some rights may apply only to data that can reasonably be linked to you, such as direct email correspondence.

Automated Decision-Making (Article 22): We do not engage in automated decision-making, including profiling, that produces legal or similarly significant effects on individuals.

9. Retention Periods

We aim to keep data only for as long as it is actually useful for the feature involved:

  • Live visitor heartbeat identifiers: Up to 90 seconds of inactivity, as described by the feature itself.
  • Search cache entries: Up to 1 hour for query-result performance.
  • Aggregate feedback, vote, click, and usage totals: Retained in aggregate form for product history and measurement, not as personal profiles.
  • Technical anti-abuse / rate-limit data: Retained only as long as operationally needed for security and reliability.
  • IP addresses and user agents (first-party API requests): Retained for a maximum of 7 days for security, rate-limiting, and abuse prevention, then deleted or anonymized. IP addresses are not used for tracking, advertising, or building user profiles.
  • Cloudflare Web Analytics data: Retained by Cloudflare for up to 6 months per their data retention policy. See Cloudflare's privacy documentation for details.
  • Email correspondence: Retained for up to 3 years from the date of last contact, unless longer retention is required by law, or deleted on request where appropriate.

10. Cookies and Browser Storage

We do not use cookies — no analytics cookies, no advertising cookies, no session cookies.
Some features use browser-native storage (localStorage and sessionStorage) for performance caching and temporary session data. These are not cookies, are never transmitted to our servers, and are fully described below.

Local Storage (localStorage)

We use your browser's localStorage to cache site data locally for performance — for example, listing data, education reading progress, swap rate comparisons, and your last swap comparison selection (currency and amount, 24-hour cache). This data stays on your device, is never transmitted to our servers, and can be cleared at any time through your browser settings. It is not used for tracking or advertising.

Live Visitor Counter

We display an anonymous count of active visitors to foster a sense of community. This uses a random, temporary session identifier stored in your browser tab only (sessionStorage, not cookies). It is operational telemetry, not advertising tracking. The identifier is automatically deleted when you close the tab and expires on our server within 90 seconds of inactivity.

11. Data Storage & Security

Our stack is intentionally lightweight, but it still uses limited storage and processing for core site operations:

  • No user-account database: We do not operate account registration or personal user profiles.
  • Limited browser storage: Some features may use temporary browser storage such as sessionStorage.
  • Limited server-side processing: We use server-side infrastructure for anonymous analytics, feedback aggregation, outbound click counts, rate limiting, semantic search, and live-visitor heartbeats.
  • Standard email storage: If you email us, your message is stored in Microsoft 365 (our email provider, hosted via GoDaddy) as part of normal email infrastructure.

We use reasonable technical and organizational measures appropriate to the limited amount of data we handle, but no internet service can promise absolute security.

12. Children's Privacy

Our website is not directed at children, and we do not knowingly seek personal information from anyone under 18. If you're a parent or guardian and believe a child has shared personal data with us, contact us at info@youbuybitcoin.com.

13. Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices or for legal compliance. Updates will be posted on this page with a revised "Last Updated" date at the top. Significant changes will be announced on our homepage.

14. Data Breach Notification

In the unlikely event of a data breach affecting personal data, we will:

  • Notify the relevant supervisory authority within 72 hours as required by GDPR Article 33
  • Notify affected individuals without undue delay where the breach poses a high risk to their rights (GDPR Article 34)
  • Document the breach, its effects, and remedial actions taken

Because we do not store personal data beyond hashed rate-limit keys and aggregate counters, the realistic scope of any breach is extremely limited.

15. Contact and Complaints

This website is operated by Marius, The Master Of Disaster. For full legal operator details, see our Impressum / Legal Information page.

Questions about this Privacy Policy? Contact us:

  • Email: info@youbuybitcoin.com
  • Response Time: We aim to respond within 48 hours, up to 30 days where GDPR rights requests apply.
  • Supervisory authority (Romania): ANSPDCP — www.dataprotection.ro
  • GDPR complaint right: You may also lodge a complaint with the supervisory authority in the EU member state of your habitual residence, place of work, or place of the alleged infringement.
  • EU ODR platform: ec.europa.eu/consumers/odr (online dispute resolution for EU consumers — alongside info@youbuybitcoin.com).
"We believe privacy is a fundamental right. That's why we built this platform to minimize data collection, avoid profiling you, and keep site telemetry as limited and transparent as possible. Bitcoin is about financial freedom. Your data freedom matters just as much."

𝕏 @YouBuyBitcoin