Last Updated: 24 February 2026

​

This Privacy Policy describes how CRYPTALIC Ltd. ("Cryptalic", "we", "us", or "our") processes personal data in connection with our website and related communications.

This policy is provided for transparency purposes under applicable data protection laws, including the General Data Protection Regulation (EU) 2016/679 (“GDPR”), where applicable.

Nothing in this Privacy Policy shall be construed as creating contractual obligations, representations, warranties, or guarantees.

​

1. Data Controller

The data controller responsible for personal data described in this Privacy Policy is:

CRYPTALIC Ltd.
Company ID: 517225140
Email: sales@cryptalic.com

Cryptalic operates as a business-to-business technology provider.

Cryptalic is not required to appoint a Data Protection Officer under Article 37 GDPR.

​

2. Scope of This Policy

This Privacy Policy applies solely to:

• Visitors to www.cryptalic.com

• Individuals who contact us directly

• Business representatives of organizations engaging with us

This Privacy Policy does not apply to:

• Customer data processed through Cryptalic software products

• Data processed by customers within their own infrastructure

• Third-party websites linked from our website

Customers remain solely responsible for the lawful processing of data within their own environments.

​

3. Categories of Data We May Process

We do not actively seek to collect personal data beyond what is necessary for basic website functionality and business communication.

Depending on your interaction with us, we may process:

A. Technical and Log Data

Automatically generated technical information, including:

• IP address

• Date and time of access

• Browser type and version

• Operating system

• Referrer URL

This data is processed strictly for operational, diagnostic, and security purposes.

Legal basis (where applicable):
Article 6(1)(f) GDPR — Legitimate Interest.

B. Direct Communications

If you contact us voluntarily, we may process:

• Name

• Business email address

• Business phone number

• Company name

• Any information you choose to provide

We do not require submission of sensitive personal data.
You should not provide personal data beyond what is necessary for your inquiry.

Legal basis (where applicable):

• Article 6(1)(b) GDPR — Pre-contractual steps

• Article 6(1)(f) GDPR — Legitimate Interest

C. Cookies and Tracking Technologies

We may use cookies and similar technologies.

Non-essential cookies are deployed only subject to your consent via our consent management platform.

Legal basis (where applicable):
Article 6(1)(a) GDPR — Consent.

You may withdraw consent at any time.

​

4. No Sale or Commercialization of Personal Data

Cryptalic does not sell, rent, or trade personal data.

We do not engage in behavioral advertising profiling.

We do not monetize visitor data.

 

5. Data Sharing

We may share limited personal data with service providers strictly as necessary for business operations (e.g., hosting providers, email infrastructure providers).

Such providers act under contractual arrangements and process data only under our instructions.

We do not control third-party infrastructure environments and cannot guarantee uninterrupted service or absolute security of third-party systems.

 

6. International Data Transfers

Where data is transferred outside the European Economic Area (EEA), such transfers may occur pursuant to:

• Adequacy decisions

• Standard Contractual Clauses

• Other lawful transfer mechanisms as available

International data transfers inherently involve regulatory and operational risks that may be outside Cryptalic’s direct control.

​

7. Data Retention

We retain personal data only for as long as reasonably necessary for legitimate business purposes or legal compliance.

Indicative retention periods may include:

• Website log data: limited operational retention (typically short-term)

• Business inquiries: retained as needed for correspondence and recordkeeping

• Contractual records: retained in accordance with applicable legal requirements

Retention periods may be extended where necessary for legal defense, dispute resolution, or regulatory compliance.

We reserve discretion to determine appropriate retention duration consistent with applicable law.

​

8. Security Measures

Cryptalic implements technical and organizational measures that we consider appropriate in light of the nature of our operations and applicable legal requirements.

However:

• No system can be guaranteed to be fully secure.

• Transmission of data over the internet inherently carries risk.

• We do not warrant or guarantee absolute security.

Users transmit information at their own risk.

​

9. No Automated Decision-Making

Cryptalic does not engage in automated decision-making or profiling that produces legal or similarly significant effects under Article 22 GDPR.

​

10. Your Rights (Where Applicable)

Subject to applicable law, individuals may have rights including:

• Access

• Rectification

• Erasure

• Restriction

• Data portability

• Objection

• Withdrawal of consent

These rights are not absolute and may be subject to statutory limitations.

Requests may be submitted to: sales@cryptalic.com

We reserve the right to verify identity before responding to any request.

​

11. Limitation of Scope

This Privacy Policy:

• Does not apply to data processed by customers using Cryptalic products

• Does not override contractual agreements

• Does not create fiduciary duties

• Does not constitute legal advice

Enterprise customers must enter into separate contractual agreements governing data processing.

​

12. Regulatory Complaints

Where applicable, individuals may lodge complaints with a competent supervisory authority.

​

13. Changes to This Policy

We may modify this Privacy Policy at any time without prior notice.

The version published on our website shall be the governing version.

Continued use of our website after updates constitutes acknowledgment of the revised policy.