1. Controller
The controller responsible for data processing under the GDPR is:
2. Data We Collect
When you register, we collect your email address and a hashed password. This data is necessary for the performance of the contract (Art. 6(1)(b) GDPR).
If you add mining wallets, we store the wallet addresses (public blockchain addresses) and encrypted Vast.ai API keys. Legal basis: performance of a contract (Art. 6(1)(b) GDPR).
We store timestamped hashrate and earnings snapshots to display historical charts. This data is retained for a rolling maximum of 90 days.
When you activate a Premium subscription, we store the on-chain transaction hash for verification purposes. No credit card or banking details are processed.
IP addresses are processed temporarily for rate-limiting and abuse prevention and are not stored permanently. Legal basis: legitimate interest (Art. 6(1)(f) GDPR).
If you enable email notifications, we store your email address and configured thresholds (e.g. hashrate drop, PRL price). Legal basis: consent (Art. 6(1)(a) GDPR). You can withdraw this consent at any time in Settings.
3. Third-Party Services
To retrieve your mining statistics, requests are sent to the PearlHash pool API (pearlhash.xyz), which receives your wallet address. PearlHash's own privacy policy applies.
When using the Akoya pool, wallet addresses are transmitted to the Akoya pool API (akoyapool.com). Akoya's own privacy policy applies.
For transaction verification, wallet addresses and transaction hashes are sent to the Pearl Blockchain Explorer (explorer.pearlresearch.ai).
If you provide a Vast.ai API key, it is stored encrypted and used exclusively to make requests to the Vast.ai API on your behalf. Vast.ai's own privacy policy applies.
PRL price data is fetched from the pearl-otc.com API. No personal data is transmitted in this process.
For sending alert emails we use: [Email provider — please set in Admin → Legal]. Your email address is used solely to deliver the notifications you have configured.
4. Retention Periods
Personal data is deleted as soon as the purpose of processing no longer applies:
- Account data: until account deletion upon request
- Hashrate and earnings snapshots: rolling maximum of 90 days
- IP addresses (rate-limiting): for the duration of the session only, not stored permanently
- Transaction hashes: retained indefinitely for subscription verification
5. Your Rights
Under the GDPR you have the following rights:
- Access (Art. 15): Request information about what data we hold about you
- Rectification (Art. 16): Correct inaccurate data
- Erasure (Art. 17): Request deletion of your data ("right to be forgotten")
- Restriction (Art. 18): Restrict the processing of your data
- Portability (Art. 20): Receive your data in a machine-readable format
- Objection (Art. 21): Object to processing based on legitimate interests
- Withdrawal: Consents (e.g. for alerts) can be withdrawn at any time in Settings
To exercise your rights, contact us at: [Email — please set in Admin → Legal]
You also have the right to lodge a complaint with a data protection supervisory authority. A list of EU authorities is available at: edpb.europa.eu
6. Data Security
All connections to this service are encrypted via HTTPS. Passwords are stored as hashes. Vast.ai API keys are encrypted server-side.
7. Cookies & Tracking
We use only technically necessary session cookies for authentication. No tracking cookies, marketing cookies, or analytics services (e.g. Google Analytics) are used.