Toreador
QR code

Privacy Policy

Last updated: February 24, 2026

1. Data Controller

The data controller for the personal data collected through the Toreador service (toreador.io) is Toreador.

For any questions regarding data processing, contact us at: [email protected]

2. Data We Collect

Toreador collects minimal data necessary to provide its services:

  • Email address — for account authentication and communication.
  • Public wallet addresses — provided by the User for QR code generation. These are publicly available blockchain data.
  • Profile information (optional) — first name, last name, country, avatar emoji.
  • Technical data — IP address (for rate limiting and security), browser type, access timestamps.
  • Subscription data — PayPal subscription ID for paid plan management.

Toreador does not collect private keys, seed phrases, financial account information, or government-issued identification documents.

3. Legal Basis for Processing

We process your personal data on the following legal bases:

  • Contract performance — processing necessary to provide the Service (account creation, QR code generation, subscription management).
  • Legitimate interest — security measures, rate limiting, abuse prevention, and service improvement.
  • Consent — analytics cookies (Google Analytics, Microsoft Clarity) are only activated after explicit user consent via our cookie banner.

4. How We Use Your Data

Your data is used solely to:

  • Provide and operate the Service (authentication, QR code generation, API access).
  • Manage subscriptions and billing.
  • Ensure security and prevent abuse (rate limiting, IP-based anti-spam).
  • Improve the Service based on aggregated, anonymized usage patterns.
  • Communicate service updates or security notices.

We do not sell, rent, or share your personal information with third parties for marketing purposes.

5. Data Retention

  • Account data (email, profile) — retained as long as the account is active. Deleted upon account deletion request.
  • Authentication codes — automatically deleted after 10 minutes.
  • QR code session data — automatically deleted after verification or within 24 hours, whichever comes first.
  • Refresh tokens — expire and are cleaned up after 30 days.
  • Rate limiting data — automatically cleaned up every hour.
  • Server logs — retained for up to 90 days for security purposes.

6. Cookies and Tracking

Toreador uses the following storage mechanisms:

Essential (no consent required)

  • toreador_lang — language preference (localStorage)
  • tdr_at — authentication access token (HttpOnly cookie)
  • tdr_rt — session refresh token (HttpOnly cookie)
  • toreador_user — user profile cache (localStorage)

Analytics (consent required)

  • Google Analytics 4 — anonymized usage statistics. Only loaded after explicit consent.
  • Microsoft Clarity — anonymized session recordings and heatmaps. Only loaded after explicit consent.

You can manage your cookie preferences at any time via the cookie settings accessible in the footer.

7. Blockchain Data

Cryptocurrency transactions are recorded on public blockchains. Toreador does not control or store blockchain data. Wallet addresses and transaction details are publicly visible on their respective networks.

Toreador reads publicly available on-chain data via third-party RPC providers (Alchemy) for the sole purpose of verifying transaction status. This constitutes passive reading of public data, not data collection.

8. Third-Party Service Providers

Toreador uses the following third-party services for its operations:

  • Database hosting — PostgreSQL managed hosting for account and session data.
  • Email delivery — Resend / Infomaniak SMTP for authentication codes and notifications.
  • Subscription billing — PayPal for processing subscription payments.
  • Blockchain data — Alchemy for reading publicly available on-chain data.
  • Security — Cloudflare Turnstile for CAPTCHA verification.

Each provider processes data in accordance with their own privacy policies and applicable data protection regulations.

9. Data Security

We implement appropriate technical and organizational measures to protect your personal data:

  • Passwords and API keys are hashed using industry-standard algorithms (SHA-256).
  • Authentication uses JWT tokens with short expiration periods.
  • Rate limiting protects against brute-force and abuse.
  • HTTPS encryption for all data in transit.

10. Your Rights

You have the following rights regarding your personal data:

  • Access — request a copy of your personal data.
  • Rectification — correct inaccurate or incomplete data.
  • Erasure — request deletion of your personal data.
  • Portability — receive your data in a structured, machine-readable format.
  • Withdrawal of consent — withdraw consent for analytics cookies at any time.
  • Objection — object to processing based on legitimate interest.

To exercise any of these rights, contact us at: [email protected]

We will respond to your request within 30 days.

11. GDPR and International Compliance

Toreador is committed to compliance with the General Data Protection Regulation (GDPR) and applicable Vietnamese data protection laws (Nghị định 13/2023/NĐ-CP on personal data protection).

Data processing is limited to what is strictly necessary for service delivery. We apply data minimization principles and do not process sensitive personal data.

12. Contact

For any questions regarding this Privacy Policy or your personal data, please contact us at:

Email: [email protected]

Menu
Home
Tokens
Bitcoin (BTC) Ethereum (ETH) Tether (USDT) USDC (USDC) Solana (SOL) Polygon (POL) EURC (EURC) View all assets →
Pricing Support

Language

English Français

We respect your privacy

We use analytics cookies (Google Analytics, Microsoft Clarity) to improve our service. These cookies are only activated with your consent. Essential cookies (authentication, language) are always active.