DeepChimp.AI is an experimental AI technical-analysis website that shows how an AI model interprets cryptocurrency market data, including candles, timeframes, and technical indicators. The goal of the platform is not to replace your own analysis, but to let users compare, question, and verify AI-generated technical-analysis output with their own independent research.

The platform provides AI-generated, non-personalised technical market summaries, signal alignment information, sentiment labels, and market analytics for informational, educational, and experimental purposes only. It is not a trading platform, broker, exchange, financial adviser, portfolio-management tool, or investment-decision system.

For the purposes of the General Data Protection Regulation (GDPR, Regulation (EU) 2016/679) and the Dutch GDPR Implementation Act (Uitvoeringswet AVG, UAVG), DeepChimp.AI is the data controller for the personal data described in this Privacy Policy.

Operator: DeepChimp.AI
Country of establishment: The Netherlands
Contact: deepchimp.ai/contact

DeepChimp.AI has not appointed a Data Protection Officer (DPO), as this is not required for our scale and type of processing. All privacy enquiries are handled directly by the operator via the contact details above.

We collect only the data that is necessary for the purposes described below. We do not collect names, addresses, payment details, or special categories of personal data unless you voluntarily provide certain information, such as your name and email address, through the contact form. We do not intentionally collect special categories of personal data under Article 9 GDPR.

We do not ask users to provide portfolio holdings, wallet addresses, financial circumstances, investment objectives, risk tolerance, trading history, or similar personal financial information in order to use the platform.

A — Server & access logs
Every time you load a page, our web server (hosted on ASP.NET Core) automatically records a standard access log entry containing:

• Your IP addressUsed for security monitoring, abuse prevention, and server diagnostics
• Date and time of the request
• URL requested, HTTP method, and response code
• Browser type and version (User-Agent string)
• Referrer URL (the page you came from, if any)

This processing is technically necessary and occurs regardless of your cookie consent choices. IP addresses in server logs are retained for a maximum of 30 days, after which they are automatically purged.

B — Analytics data (Google Analytics 4)
If you accept analytics cookies, we use Google Analytics 4 to collect aggregated data about how visitors use our platform. See Article 3 for full details.

C — Contact form submissions
If you submit our contact form, we collect the data you voluntarily provide. See Article 4 for full details.

D — Accounts, subscriptions, payments, and paid services
DeepChimp.AI does not currently offer account registration, paid subscriptions, paid signals, paid alerts, payment processing, invoices, or paid services. This version of the Privacy Policy covers the website, analytics, server logs, and contact form. If DeepChimp.AI later enables accounts, subscriptions, payments, newsletters, or similar features that involve additional personal data, we will update this Privacy Policy before or at the time that such processing starts, including the relevant data categories, purposes, legal bases, recipients, retention periods, and payment-provider details. DeepChimp.AI does not itself store full payment-card details.

If you contact us via our contact form, we collect the personal data you provide, which typically includes your name, email address, and the content of your message.

• Purpose: To respond to your enquiry and maintain a record of our correspondence
• Legal basis: Legitimate interest (Article 6(1)(f) GDPR) — responding to user enquiries is a legitimate business interest that does not override your rights; or, where your enquiry relates to exercising your GDPR rights, compliance with a legal obligation (Article 6(1)(c) GDPR)
• Retention: Contact form submissions are retained for a maximum of 2 years from the date of submission, after which they are permanently deleted
• Recipients: Your message is accessible only to DeepChimp.AI's operator. We do not share contact form data with third parties

Providing your data via the contact form is entirely voluntary. Failure to provide the requested information simply means we may not be able to respond to your enquiry.

We use cookies in accordance with the Dutch Telecommunicatiewet (Tw), Article 11.7a and the GDPR. Strictly necessary cookies are placed without your consent. All other cookies require your prior opt-in consent, which you can provide or withdraw at any time via our cookie banner.

Managing cookies: You can withdraw or change your cookie consent at any time by clicking "Cookie settings" in the footer of this website. You can also delete cookies already placed by clearing your browser's cookies, or configure your browser to block cookies entirely. Note that blocking strictly necessary cookies may impair the functionality of the website (e.g. form submissions).

We process personal data only when we have a valid legal basis under Article 6 GDPR. The table below sets out each processing activity and its legal basis:

• Server access logs (IP, User-Agent, timestamp)
  Legal basis: Legitimate interest (Art. 6(1)(f)) — necessary to ensure the security and proper operation of our server infrastructure. Our legitimate interest is not overridden by your interests, as logs are retained for only 30 days and not used for profiling.
• Google Analytics 4
  Legal basis: Consent (Art. 6(1)(a)) — GA4 is only loaded after you have given explicit, freely given, specific, informed, and unambiguous opt-in consent via our cookie banner. You may withdraw consent at any time with effect for the future.
• Contact form data
  Legal basis: Legitimate interest (Art. 6(1)(f)) — handling user enquiries is a necessary business operation, and the processing is proportionate to that interest; or Legal obligation (Art. 6(1)(c)) where the enquiry relates to exercising GDPR rights.
• Strictly necessary cookies (anti-forgery tokens, consent cookie)
  Legal basis: Legitimate interest (Art. 6(1)(f)) — these cookies are technically necessary for security and to remember your consent preferences. No consent is required under Tw Art. 11.7a for strictly necessary cookies.

We retain personal data for no longer than is necessary for the purpose for which it was collected, in accordance with the GDPR's storage limitation principle (Article 5(1)(e) GDPR).

• Server access logs (including IP addresses) — 30 days, then automatically purged
• Google Analytics 4 data — 2 months (minimum setting in GA4 Admin > Data Settings > Data Retention), then automatically deleted by Google
• Contact form submissions — 2 years from date of last contact, then permanently deleted
• Cookie consent records — 12 months from the date consent was given or last updated
• Strictly necessary session cookies (anti-forgery tokens) — deleted when you close your browser (session expiry)

If you request deletion of your personal data under Article 17 GDPR (Right to Erasure), we will action your request within the statutory 30-day period.

Your personal data is processed within the European Economic Area (EEA) by default. The one exception is Google Analytics 4, which involves a transfer of data to Google LLC in the United States.

This transfer is lawful under Article 45 GDPR on the basis of the EU-US Data Privacy Framework (DPF), an adequacy decision adopted by the European Commission on 10 July 2023 (Commission Implementing Decision (EU) 2023/1795). Google LLC has been certified under the DPF since August 2023, which means the US is deemed to provide an adequate level of protection for data transferred to DPF-certified entities.

You can verify Google's DPF certification at dataprivacyframework.gov. Google also relies on Standard Contractual Clauses (SCCs) as a supplementary transfer mechanism.

We do not sell your personal data. We do not share personal data with third parties for marketing purposes. The recipients of personal data processed through this website are:

• Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland)
  Role: Data processor (analytics) and independent controller (Google's own purposes)
  Data shared: GA4 analytics data (Client ID, behaviour events, approximate location, device info)
  Transfer basis: EU-US Data Privacy Framework + Standard Contractual Clauses
  Privacy policy: policies.google.com/privacy
• Hosting and cloud infrastructure providers
  Role: Data processor category (hosting the website, operating server infrastructure, and storing server logs)
  Data shared: Server access logs, IP addresses, User-Agent strings, timestamps, requested URLs, HTTP methods, and response codes
  Processing location and transfer basis: EEA where available; if processing occurs outside the EEA, we use an appropriate GDPR transfer mechanism such as an adequacy decision, Standard Contractual Clauses, or another lawful safeguard
  We use hosting and infrastructure providers only where appropriate processor terms, confidentiality obligations, security measures, and transfer safeguards are in place.

We may share personal data with competent authorities (such as the Dutch police or judiciary) where required to do so by law or by a binding order from a court or supervisory authority.

DeepChimp.AI uses AI systems to generate experimental technical-analysis outputs displayed on the platform, such as technical market summaries, signal alignment information, sentiment labels, and analytical explanations. This AI processing is applied to market data (such as cryptocurrency prices, candles, timeframes, and technical indicators) — not to your personal data.

The purpose of these AI-generated outputs is to show how an AI model interprets technical market data so users can compare, question, and verify the output with their own independent analysis. The AI-generated outputs are not personalised assessments of you, your financial situation, your portfolio, your goals, or your risk tolerance.

We do not make any automated decisions that produce legal or similarly significant effects on you as an individual, as described in Article 22 GDPR. We do not profile our users for the purposes of targeted advertising, individualised decision-making, personalised financial analysis, or personalised investment recommendations.

Google Analytics 4 may perform aggregated statistical modelling on analytics data, but this does not constitute profiling of individual users for our purposes.

DeepChimp.AI is not directed at children under the age of 16. Under Article 8 GDPR and Article 16 UAVG (Dutch implementation), the minimum age for valid consent to processing is 16 in the Netherlands. We do not knowingly collect personal data from persons under 16.

We implement appropriate technical and organisational measures to protect your personal data against unauthorised or unlawful processing, accidental loss, destruction, or damage, in accordance with Article 32 GDPR. Measures include:

• All data in transit is encrypted using HTTPS / TLS
• ASP.NET Core anti-forgery tokens on all form submissions to prevent CSRF attacks
• Server access logs are stored in a protected server environment with restricted access
• Google Analytics data is processed by Google's secure, ISO 27001-certified infrastructure
• Automatic purging of server logs after 30 days

No data transmission over the internet can be guaranteed 100% secure. In the event of a personal data breach that is likely to result in a high risk to your rights and freedoms, we will notify you without undue delay in accordance with Article 34 GDPR.

We may update this Privacy Policy from time to time to reflect changes in the law, our data processing activities, or our technology stack. When we make material changes, we will update the "Last updated" date at the top of this page.

Where changes are significant — such as a new processing purpose, new recipients, accounts, paid services, newsletters, wallet-related features, portfolio-related features, or personalised functionality — we will provide a more prominent notice on the platform and, where required by law, seek fresh consent. We recommend reviewing this policy periodically. The version date at the top of this page always indicates when it was last revised.

For any questions about this Privacy Policy, to exercise your GDPR rights, or to report a data protection concern, please contact us:

• Contact form: deepchimp.ai/contact

We aim to respond to all privacy requests within 30 days