HHalalStack

Privacy Policy

In accordance with the General Data Protection Regulation (GDPR — EU Regulation 2016/679)

1. Data controller

Wael Benamor — Sole trader — benamor.wael@gmail.com No Data Protection Officer (DPO) is designated (company < 250 employees, non-large-scale processing). Wael Benamor fulfils this role directly.

2. Data collected

HalalStack collects the following data: • Account: email address, name (optional), profile photo (if OAuth login) • Portfolio: public on-chain wallet addresses (read-only — never private keys) • Holdings: amounts and valuations (calculated via public APIs CoinGecko/Moralis) • Preferences: preferred language, account settings • Payment: managed by Stripe (HalalStack never stores banking data) • Technical: connection logs (IP, timestamp), Auth.js sessions, Sentry error data (no PII)

3. Purposes and legal bases

  • Contract performance (GDPR Article 6.1.b): authentication, service access, subscription management, transactional emails (magic links, receipts).
  • Legitimate interest (GDPR Article 6.1.f): anonymous PostHog analytics (product improvement — no personal data transmitted), Sentry error monitoring (service quality).
  • Consent (GDPR Article 6.1.a): newsletters and marketing communications (not activated in V1).

4. Retention periods

Account data: duration of active account + 3 years after termination (accounting obligations). Connection logs: 12 months. Payment data: retained by Stripe per their own policies. Encrypted backups: 30-day rotation.

5. Processors and recipients

HalalStack uses the following sub-processors, all with GDPR-compliant DPAs: • Stripe, Inc. (USA) — Payment — EU standard contractual clauses • Resend Inc. (USA) — Transactional emails — EU standard contractual clauses • Anthropic, PBC (USA) — AI processing (no PII transmitted in prompts) — EU standard contractual clauses • PostHog Inc. (EU region) — Anonymous analytics — EU hosting, GDPR DPA • Sentry (USA) — Error monitoring (no PII, beforeSend strip) — EU standard contractual clauses • Hetzner Online GmbH (Germany) — Database hosting — EU hosting • Vercel Inc. (USA) — Web application hosting — EU standard contractual clauses • Backblaze Inc. (USA) — Database backup (AES-256 encrypted) — EU standard contractual clauses

6. Data subject rights

Under the GDPR, you have the following rights: • Right of access (Article 15): obtain a copy of your data • Right to rectification (Article 16): correct inaccurate data • Right to erasure (Article 17): delete your data (right to be forgotten) • Right to data portability (Article 20): receive your data in a structured format • Right to object (Article 21): object to certain processing activities • Right to restriction (Article 18): temporarily restrict processing To exercise these rights: benamor.wael@gmail.com. Response time: 30 days. If unsatisfied, you may contact the CNIL (French data protection authority): https://www.cnil.fr/fr/plaintes or your local supervisory authority.

7. Cookies and trackers

HalalStack uses only: • Auth.js session cookie (functional, legal basis: contract performance). Duration: session + 30 days (remember me). • PostHog analytics in memory mode (no cookie — 'memory' persistence). Anonymous data, no identification. No advertising cookies, third-party tracking, or social media cookies.

8. Non-advisory disclaimer

HalalStack is a financial information and decision-support tool. It does not constitute financial advice, investment advice, or an Islamic opinion (fatwa). Your investment decisions are entirely your own responsibility.

Version 1.0 — May 2026