Satoshi's House

Privacy Policy

How we handle your personal data, explained plainly.

v2026.04 · Last updated: 2026-04-22

1. Data controller

Satoshi's House operates this news and analytics platform and acts as the data controller for personal data processed here. Full legal name and registered address are provided on request to the DPO.

Data Protection Officer: dpo@satoshishouse.com

2. Data we collect

We collect only what is necessary to operate the service:

  • Account data: name, email, hashed password.
  • Payment data: fully processed by Stripe (PCI-DSS Level 1). We never store your card number on our servers.
  • Usage data: pages visited, session duration, traffic source (via analytics cookies, only with your consent).
  • Support data: messages you send us via email or contact form.
  • Technical data: partially masked IP, user agent, access logs — for security and abuse prevention.

3. Purposes of processing

We process your data to:

  • Operate the service (create account, deliver paid content, process subscription).
  • Send transactional communications (contract updates, security notices).
  • Send newsletters and marketing (only with your consent; opt-out any time).
  • Measure aggregate site usage to improve the product (analytics — consent only).
  • Prevent fraud, abuse and violations of the Terms.
  • Comply with legal, regulatory and tax obligations.

4. Legal basis (GDPR Art. 6)

Each purpose maps to a specific lawful basis:

  • Consent (Art. 6(1)(a)): for marketing, analytics cookies and advertising cookies.
  • Contract performance (Art. 6(1)(b)): for everything needed to operate your account and subscription.
  • Legitimate interest (Art. 6(1)(f)): for security, fraud prevention and minimal operational metrics.
  • Legal obligation (Art. 6(1)(c)): for tax retention and responses to competent authorities.

5. Sub-processors

We share data only with sub-processors providing essential services, under contract (DPAs in place):

  • Stripepayment processing (US/Ireland, SCCs + DPF).
  • Supabase / AWSmanaged database and backup (AWS, US-EAST / SA-EAST regions).
  • Vercelapplication hosting (US / global edge).
  • Brevotransactional email and newsletter delivery (France, EU adequacy).
  • Google Analytics 4aggregated audience measurement (US, with IP anonymization, SCCs).
  • Meta Pixelcampaign measurement (US, only if you consent to marketing).
  • Upstash Rediscache and rate limiting (AWS).

We never sell your personal data and never share it with data brokers for independent use.

6. International data transfers

Some sub-processors are located outside your country of residence. We rely on Standard Contractual Clauses (SCCs), the EU-US Data Privacy Framework (DPF), or adequacy decisions where applicable. For UK residents, the UK IDTA applies.

7. Retention

We retain data while your account is active and up to 2 years after cancellation (for support and disputes). Tax and accounting records are retained for the period required by applicable law (typically 5-7 years). Technical logs are retained for 12 months.

8. Your rights

Subject to your jurisdiction, you have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate or incomplete data.
  • Request deletion ('right to be forgotten').
  • Restrict processing in specific cases.
  • Receive your data in a structured, machine-readable format and transmit it to another controller.
  • Object to processing based on legitimate interest.
  • Withdraw consent at any time (without affecting lawfulness of prior processing).
  • Not be subject to solely automated decision-making with legal or significant effects (we do not perform such decisions today).

To exercise any right, email dpo@satoshishouse.com or use the Rights Portal.

9. Cookies

Cookie categories, names and opt-outs are detailed in our separate Cookies Policy.

10. Minors

The service is not directed to children under 18. We do not knowingly collect data from minors. Under COPPA (US) we do not collect PI from children under 13; if we become aware, we will delete the data. California users under 16 have additional opt-out rights under CCPA §1798.120(c).

11. EEA / UK / Switzerland residents (GDPR)

Under the General Data Protection Regulation, you are entitled to the rights listed in Section 8 and additional guarantees on lawful basis, consent and data transfers.

EU representative: To be designated — contact DPO for current Article 27 representative.

You have the right to lodge a complaint with your local Data Protection Authority (e.g. CNIL in France, AEPD in Spain, ICO in the UK, DPC in Ireland).

12. California residents (CCPA / CPRA)

If you reside in California you have the following statutory rights regarding your personal information (PI):

  • Right to know what PI we collect, use, disclose and share.
  • Right to delete PI we hold about you.
  • Right to correct inaccurate PI.
  • Right to opt out of the sale or sharing of your PI.
  • Right to limit use and disclosure of sensitive personal information.
  • Right to non-discrimination for exercising your rights.

Do Not Sell or Share My Personal Information

Shine the Light (California Civil Code §1798.83): California residents may request information about disclosures of PI to third parties for their direct marketing — we do not share PI for third-party direct marketing.

13. Changes to this policy

We may update this policy to reflect legal, contractual or operational changes. Material changes will be communicated by email and/or site banner at least 15 days in advance.

14. Contact the DPO

For questions or to exercise your rights, contact: dpo@satoshishouse.com.

This document reflects industry best practice as of 2026-04, aligned with GDPR, CCPA/CPRA, LGPD, MiCA and other applicable regulations. We strongly recommend review by a qualified attorney before publication and whenever there is a material change in how personal data is processed.