Privacy Policy
Last updated: 2025-01-01
1. Data Controller
The controller responsible for the processing of your personal data within the meaning of the EU General Data Protection Regulation (GDPR), the Swiss Federal Act on Data Protection (revDSG), and other applicable data protection laws is:
[Full Name], [Street & Number], 8000 Zürich, SwitzerlandE-mail: privacy@yieldcalc.app
If you have any questions about how we handle your personal data, please contact us at the address above.
2. Data We Collect
2.1 Server and Access Logs
When you visit yieldcalc.app, our hosting provider (Vercel Inc.) automatically collects standard HTTP server log data, including your IP address (truncated or hashed where technically feasible), browser user-agent string, referrer URL, requested URL path, HTTP status code, and timestamp. These logs are retained for up to 30 days for security and diagnostic purposes.
2.2 Cookies and Similar Technologies
We use cookies and similar client-side storage mechanisms. A detailed cookie table is provided in Section 9. You can manage your cookie preferences at any time via the cookie banner or our Cookie Settings link in the footer.
2.3 Calculator Inputs
When you use our yield calculators (e.g., entering token amounts, investment periods, or custom APY rates), these inputs are processed entirely in your browser and are not transmitted to our servers and not stored in any database. No account is required.
2.4 Affiliate Click Data
When you click an affiliate link, our server-side API endpoint records a click event. This log entry contains: a timestamp, the affiliate partner identifier (e.g., "lido", "aave"), the referring page path, and a hashed or truncated version of your IP address. No individually identifiable profile is built. This data is retained for up to 90 days.
2.5 Analytics
We use privacy-first analytics (see Section 8 for our current provider). Depending on your consent, aggregate usage metrics such as page views and session duration may be collected. No individual user profiles are created without explicit consent.
3. Purposes of Processing
- Providing the service: Serving web pages and API responses, fetching live DeFi yield data.
- Security and fraud prevention: Detecting abusive traffic, DDoS mitigation, debugging errors.
- Analytics and improvement: Understanding which calculators and protocols are most useful (with consent where required).
- Affiliate revenue: Tracking clicks on affiliate links to determine commission payouts to yieldcalc.app.
- Advertising: Displaying contextual advertisements via Google AdSense (only after obtaining the required consent for personalised ads).
- Legal compliance: Retaining records as required by Swiss and EU law.
4. Legal Bases (Art. 6 GDPR / Art. 31 revDSG)
| Processing activity | GDPR legal basis |
|---|---|
| Server logs / security | Art. 6(1)(f) — Legitimate interest (security & stability) |
| Aggregate analytics | Art. 6(1)(f) — Legitimate interest (privacy-first, no individual profiling) or Art. 6(1)(a) consent where individual tracking occurs |
| Affiliate click logging | Art. 6(1)(f) — Legitimate interest (revenue, no individual profile) |
| Personalised advertising (AdSense) | Art. 6(1)(a) — Consent (via cookie banner) |
| Non-personalised advertising | Art. 6(1)(f) — Legitimate interest (contextual ads, no profiling) |
5. Recipients and Third-Party Processors
| Processor | Purpose | Location | Privacy information |
|---|---|---|---|
| Vercel Inc. | Hosting, CDN, server-side rendering | USA / EU | Vercel Privacy Policy |
| Supabase Inc. | Database (yield data, affiliate clicks) | USA / EU (eu-central-1 region available) | Supabase Privacy Policy |
| Google LLC (AdSense / Ad Manager) | Advertising (contextual and, with consent, personalised) | USA | Google Privacy Policy |
| Plausible Analytics | Privacy-first web analytics (no cookies, no personal data) | EU (Germany) | Plausible Privacy Policy |
| DeFiLlama / CoinGecko (APIs) | Public DeFi yield and price data (server-side only; no user data is transmitted) | Various | N/A |
6. International Data Transfers
Some of our processors (Vercel, Supabase, Google) are headquartered in the United States, which is a third country without an EU adequacy decision equivalent to the EEA standard. Transfers to these processors are safeguarded by:
- EU Standard Contractual Clauses (SCCs) — we have entered into or rely on our processors' SCCs pursuant to Commission Implementing Decision (EU) 2021/914.
- EU–U.S. Data Privacy Framework — where applicable processors are certified under the DPF.
- Swiss adequacy mechanism — For transfers subject to the revDSG, we rely on the equivalent Swiss SCC templates or, where the recipient country is deemed adequate by the Swiss Federal Council, on that adequacy determination.
You may request a copy of the applicable transfer safeguards by contacting us at privacy@yieldcalc.app.
7. Retention Periods
| Data category | Retention |
|---|---|
| Server access logs | 30 days |
| Affiliate click logs | 90 days |
| Analytics data (aggregated) | 13 months rolling (Plausible default) |
| Cookie consent records | 13 months (to demonstrate GDPR compliance) |
| Calculator inputs | Not stored (browser-only processing) |
8. Your Rights
Depending on your location and the applicable law, you may have the following rights:
- Right of access (Art. 15 GDPR / Art. 25 revDSG): Request a copy of the personal data we hold about you.
- Right to rectification (Art. 16 GDPR / Art. 32 revDSG): Request correction of inaccurate data.
- Right to erasure (Art. 17 GDPR / Art. 32 revDSG): Request deletion of your data where no legitimate overriding interest exists.
- Right to restriction (Art. 18 GDPR): Request that processing is restricted while a dispute is pending.
- Right to data portability (Art. 20 GDPR): Receive your data in a structured, machine-readable format.
- Right to object (Art. 21 GDPR): Object to processing based on legitimate interests, including direct marketing.
- Right to withdraw consent (Art. 7(3) GDPR): Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
- CCPA rights (California residents): Right to know, right to delete, right to opt-out of sale. We do not sell personal data. To exercise your rights, contact us using the details in Section 1.
To exercise any of these rights, please contact us at privacy@yieldcalc.app. We will respond within 30 days (GDPR) or as required by applicable law. We may ask you to verify your identity before fulfilling a request.
10. Right to Lodge a Complaint
You have the right to lodge a complaint with a data protection supervisory authority. The relevant authorities are:
- Switzerland — EDÖB (Federal Data Protection and Information Commissioner): www.edoeb.admin.ch
- Germany — BfDI (Federal Commissioner for Data Protection and Freedom of Information): www.bfdi.bund.de (or the supervisory authority of the German federal state where you reside)
- Austria — DSB (Datenschutzbehörde): www.dsb.gv.at
- EU residents: The supervisory authority of your EU member state of habitual residence or place of work. A list is available at edpb.europa.eu.
We would appreciate the opportunity to address your concerns directly before you approach a supervisory authority. Please contact us first at privacy@yieldcalc.app.
11. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. When we make material changes, we will update the “Last updated” date at the top of this page. For significant changes, we will display a banner on the site for 30 days after the update. We encourage you to review this page periodically.
Continued use of yieldcalc.app after the effective date of a revised Policy constitutes your acceptance of the updated terms, to the extent permitted by applicable law. For processing that requires consent, we will obtain fresh consent where required.