Privacy Policy
1. Data Controller
Blokaro operates as the data controller for all personal data collected through this platform. We are committed to processing your data lawfully, fairly, and transparently in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
For all data protection enquiries: privacy@blokaro.com
2. What We Collect
We operate on a minimal data collection principle. We collect only what is strictly necessary:
| Data Type | What | Why | How Long |
|---|---|---|---|
| Server logs | Hashed IP, user-agent, page visited, timestamp | Security, abuse prevention | 30 days |
| Rate limit records | Hashed IP address only | Prevent API abuse | 1 hour |
| Contact form submissions | Name, email, message content | To respond to your enquiry | 2 years |
| Encyclopedia interactions | Hashed IP, session ID, action type | Improve content quality | 90 days |
| Local storage (your device) | Portfolio data, view preferences | Platform functionality | Until you clear it |
3. How We Use Your Data
Data we collect is used exclusively for:
- Operating and securing the platform — rate limiting, error monitoring, abuse prevention
- Responding to contact form submissions and support enquiries
- Understanding aggregate, anonymised usage to improve editorial content
- Fraud prevention and legal compliance
We do not use personal data for advertising, commercial profiling, automated decision-making, or any purpose beyond direct platform operation.
4. Legal Basis for Processing
- Legitimate interests (Article 6(1)(f)): Security monitoring, rate limiting, aggregate analytics — our legitimate interest in operating a secure, functional platform
- Contract performance (Article 6(1)(b)): Processing contact form submissions to respond to your requests
- Legal obligation (Article 6(1)(c)): Retaining certain records as required by law
5. Data Retention
We retain data for the minimum period necessary:
- Server logs: 30 days, then automatically purged
- Rate limit records: 1 hour rolling window
- Contact submissions: 2 years from last correspondence, then securely deleted
- Interaction records: 90 days in aggregate form only
- Local storage data (portfolio, preferences): stored only on your device — we never see it
6. Third-Party Services
Blokaro uses a limited set of third-party services to operate. Each is carefully evaluated for data minimisation:
| Service | Purpose | Data Shared |
|---|---|---|
| CoinGecko API | Market price data | None — outbound API calls only |
| CryptoPanic API | News aggregation | None — outbound API calls only |
| Google Fonts | Typography | Your IP may be logged by Google per their policy |
| cPanel/Hosting | Infrastructure | Server access logs per hosting agreement |
We do not use Google Analytics, Meta Pixel, or any third-party advertising or tracking infrastructure. We do not sell, rent, or share personal data with third parties for marketing purposes under any circumstances.
7. Your Rights Under UK GDPR
You have the following rights regarding your personal data:
Right of Access
Request a copy of the personal data we hold about you.
Right to Rectification
Request correction of inaccurate data we hold.
Right to Erasure
Request deletion of your data where no legitimate basis remains.
Right to Object
Object to processing based on legitimate interests.
Right to Restriction
Request we restrict processing in certain circumstances.
Right to Portability
Receive your data in a machine-readable format where applicable.
To exercise any right, email privacy@blokaro.com. We will respond within 30 days. If you are unsatisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.
8. Cookies & Local Storage
Blokaro uses no advertising cookies and no third-party tracking cookies.
- Session cookies: Strictly necessary for admin panel security. Not set for regular visitors.
- Local storage (your browser): Used to store your portfolio tracker data and view preferences. This data never leaves your device and is never transmitted to our servers.
Because we use no non-essential cookies, we do not display a cookie consent banner for standard visitors. If this changes, we will update this policy and introduce appropriate consent mechanisms.
9. Security
We implement appropriate technical and organisational measures to protect personal data:
- All connections encrypted via TLS/HTTPS — enforced by server configuration
- IP addresses stored only as one-way SHA-256 hashes — cannot be reversed
- CSRF token protection on all form submissions
- Rate limiting on all public-facing endpoints
- Strict Content Security Policy headers on all pages
- Database access restricted to application layer only
- Regular automated cleanup of aged data records
In the event of a data breach affecting your rights and freedoms, we will notify the ICO within 72 hours and inform affected individuals without undue delay where required.
10. Children
Blokaro is not directed at children under 13. We do not knowingly collect personal data from children. If you believe a child has submitted personal data through our platform, please contact privacy@blokaro.com and we will delete it promptly.
11. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be reflected by an updated version number and date at the top of this page. We recommend reviewing this page periodically. Continued use of the platform following an update constitutes acceptance of the revised policy.
12. Contact & Complaints
For any privacy-related enquiry, data subject request, or complaint:
- Email: privacy@blokaro.com
- Contact form: blokaro.com/contact
If you are not satisfied with our response, you may complain to the Information Commissioner's Office (ICO), the UK's independent authority for data protection, at ico.org.uk/make-a-complaint or by calling 0303 123 1113.