Privacy Policy
Last Updated: December 8, 2025
1. Introduction
Welcome to NumisDex ("we," "our," or "us"). We are committed to protecting your privacy and ensuring you have a positive experience on our platform. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website and services.
By using NumisDex, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our services.
2. Information We Collect
2.1 Personal Information
When you register for an account, we collect:
- Account Information: Email address, display name, password (encrypted)
- Profile Information: Optional profile photo, bio, location
- Demographics (Optional): Country, state (US only), age range, experience level, collection focus, primary goals, referral source
2.2 User-Generated Content
- Coin Error Submissions: Descriptions, images, metadata, attributions
- Voting Activity: Your votes on community submissions
- Portfolio Data: Coins in your collection, purchase prices, valuations
- Forum Posts & Messages: Public forum discussions and private direct messages
- Edit History: Changes you make to listings and submissions
2.3 Automatically Collected Information
- Usage Data: Pages visited, features used, time spent on platform
- Device Information: Browser type, operating system, IP address
- Cookies & Tracking: Session cookies, preference cookies, analytics cookies (see Section 8)
3. How We Use Your Information
We use the information we collect to:
3.1 Platform Functionality
- Create and manage your user account
- Enable submission, voting, and vetting of coin errors
- Calculate and display your DAC (Digital Attribution Credits) score and tier
- Facilitate expert attributions and messaging
- Track your portfolio and provide valuation estimates
- Deliver notifications about activity relevant to you
3.2 Communication
- Send verification emails for account registration and password resets
- Notify you of attribution requests, votes, and community activity
- Send product updates and feature announcements (opt-out available)
- Respond to your support requests and feedback
3.3 Analytics & Improvements
- Analyze usage patterns to improve our platform
- Monitor performance and fix technical issues
- Conduct research and develop new features
- Prevent fraud, abuse, and security threats
3.4 Marketing (Optional)
- Send promotional offers and newsletters (opt-out available via Email Preferences)
- Personalize content and recommendations
- Conduct surveys and gather feedback
4. How We Share Your Information
We do not sell your personal information to third parties. We share your information only in the following limited circumstances:
4.1 Third-Party Service Providers
We work with trusted service providers who assist us in operating our platform:
| Service | Purpose | Data Shared | Privacy Policy |
|---|---|---|---|
| SendGrid | Email delivery | Email address, name | SendGrid Privacy |
| Cloudflare R2 | Image storage | Uploaded images | Cloudflare Privacy |
| Upstash Redis | Caching & sessions | Session data, cached queries | Upstash Privacy |
| Meilisearch Cloud | Search indexing | Listing titles, descriptions | Meilisearch Privacy |
| Vercel | Website hosting | Usage logs, IP addresses | Vercel Privacy |
| Sentry | Error monitoring | Error logs, user IDs | Sentry Privacy |
| Stripe | Payment processing | Billing info, payment methods | Stripe Privacy |
These providers are contractually obligated to protect your data and use it only for the purposes we specify.
4.2 Public Information
The following information is publicly visible on NumisDex:
- Your display name and profile photo
- Coin error submissions you create
- Your votes and community contributions
- Forum posts and comments
- Expert attributions and public profiles (for experts only)
- Your DAC tier and badges
4.3 Legal Requirements
We may disclose your information if required by law, court order, or government regulation, or if we believe disclosure is necessary to:
- Comply with legal obligations
- Protect our rights, property, or safety
- Investigate fraud or security threats
- Enforce our Terms of Service
4.4 Business Transfers
If NumisDex is acquired, merged, or undergoes a business restructuring, your information may be transferred to the new entity. We will notify you via email and prominent notice on our website before any transfer occurs.
5. Data Retention
We retain your information for as long as your account is active or as needed to provide our services.
| Data Type | Retention Period |
|---|---|
| Account Data | Until account deletion |
| Submissions & Votes | Anonymized after account deletion (preserved for data integrity) |
| Messages | Deleted upon account deletion |
| Portfolio Data | Deleted upon account deletion |
| Analytics | Anonymized and retained indefinitely |
| Deleted Accounts | Personal data removed within 30 days of deletion confirmation |
6. Your Privacy Rights (GDPR Compliance)
Under the General Data Protection Regulation (GDPR) and similar privacy laws, you have the following rights:
6.1 Right to Access
You can request a copy of all personal data we hold about you. Use the "Download My Data" button on your profile page to generate a JSON export of your complete data (available once per week).
6.2 Right to Rectification
You can update your account information, profile details, and demographics at any time through your profile settings.
6.3 Right to Erasure ("Right to Be Forgotten")
You can request deletion of your account via the "Delete My Account" button on your profile page. This process:
- Requires password re-entry for security
- Sends a confirmation email with a deletion link (valid for 24 hours)
- Anonymizes your contributions (submissions, votes, forum posts) to preserve platform integrity
- Permanently deletes your personal data (email, name, demographics, portfolio, messages)
Note: Anonymization replaces your identity with "DeletedUser_XXX" on public content. This preserves the historical accuracy of community vetting and attributions.
6.4 Right to Data Portability
Your data export (Section 6.1) is provided in machine-readable JSON format for easy transfer to other services.
6.5 Right to Object
You can opt out of marketing emails via Email Preferences in your profile settings. Note that transactional emails (verification, password resets, account deletion confirmations) cannot be disabled.
6.6 Right to Withdraw Consent
You can withdraw consent for data processing by deleting your account (Section 6.3).
7. Email Preferences
You can control which emails you receive from NumisDex:
| Email Type | Can Opt Out? | Purpose |
|---|---|---|
| Transactional | ❌ No | Account verification, password resets, security alerts |
| Product Updates | ✅ Yes | New features, platform improvements |
| Community Newsletters | ✅ Yes | Community highlights, expert spotlights |
| Promotional Offers | ✅ Yes | Subscription deals, special events |
Manage your preferences in Profile → Email Preferences.
8. Cookies & Tracking Technologies
We use cookies and similar tracking technologies to improve your experience on NumisDex.
8.1 Types of Cookies
| Cookie Type | Purpose | Duration | Can Opt Out? |
|---|---|---|---|
| Essential | Authentication, session management | Session / 30 days | ❌ Required for functionality |
| Preference | Dark mode, language settings | 1 year | ✅ Yes (resets preferences) |
| Analytics | Usage statistics, performance monitoring | 2 years | ✅ Yes (via cookie consent) |
| Advertising (future) | Ad personalization (Google AdSense) | 2 years | ✅ Yes (via cookie consent) |
8.2 Cookie Consent
On your first visit to NumisDex, you will see a cookie consent banner. You can:
- Accept: Enables all cookies (essential, preference, analytics)
- Learn More: View this Privacy Policy for detailed cookie information
You can change your cookie preferences at any time in your browser settings or by clearing your cookies and revisiting the site.
8.3 Third-Party Tracking
We use Sentry for error monitoring, which may set cookies for session tracking. We do not use third-party advertising cookies at this time (future Google AdSense integration will honor your cookie consent preferences).
9. Data Security
We implement industry-standard security measures to protect your information:
- Encryption: All data transmitted between your browser and our servers is encrypted using TLS/SSL
- Password Security: Passwords are hashed using bcrypt with 12 rounds (industry-standard)
- Access Controls: Strict role-based access to sensitive data (only authorized personnel)
- Monitoring: Real-time security monitoring via Sentry and Axiom
- Regular Audits: Periodic security reviews and vulnerability assessments
However, no method of transmission or storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.
10. Children's Privacy
NumisDex is not intended for users under the age of 13, or the minimum age of digital consent in your country or region (whichever is higher). We do not knowingly collect personal information from children below the applicable minimum age. If you believe we have inadvertently collected information from a child below the applicable minimum age, please contact us immediately at privacy@numisdex.community, and we will promptly delete it.
Note: The minimum age of digital consent varies by jurisdiction (e.g., 13 in the US and UK, 14 in Spain, 15 in France, 16 in Germany and Ireland). Users must meet the age requirement applicable to their location.
11. International Data Transfers
NumisDex is hosted in the United States. If you are accessing our services from outside the U.S., your information will be transferred to, stored, and processed in the United States, which may have different data protection laws than your country.
By using our services, you consent to the transfer of your information to the United States. We ensure that all third-party processors comply with GDPR and other applicable data protection regulations.
12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or service offerings. We will notify you of material changes by:
- Posting a prominent notice on our website
- Sending an email to your registered email address (if the change significantly affects your rights)
Your continued use of NumisDex after any changes indicates your acceptance of the updated policy.
13. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
Email: privacy@numisdex.community
Mailing Address: NumisDex Privacy Team [Address to be added]
Data Protection Officer: [To be designated if required by GDPR]
For data access, rectification, or deletion requests, please use the self-service tools in your profile settings or contact us at the email above.
Effective Date: December 8, 2025
Previous Version: N/A (Initial version)