REGHelp 2.0 · Legal

Politique de confidentialité

Comment nous collectons, utilisons et protégeons vos informations

1. Introduction

REGHelp ("we", "our", "us") operates the website https://reghelp.net ("Site") and provides related services ("Services"). We are committed to protecting your privacy and handling your information transparently, in compliance with applicable data-protection laws. This Privacy Policy is an integral part of our Terms and Conditions.

2. Data We Collect

  1. Email Address – provided during registration or login. Stored in plain text for authentication and essential communications.
  2. Password Hash – a salted, cryptographic hash of your password using industry-standard algorithms (e.g., bcrypt, Argon2). We do not store plain-text passwords.
  3. API Keys – generated upon request for programmatic access. Stored in hashed form; the full key is shown only once at creation.
  4. Internal Balance & Transaction History – records of deposits and service usage (amounts, timestamps, task types). No external payment details (wallet addresses, transaction hashes) are stored on our side.
  5. Operational Logs – non-identifiable, aggregated technical logs (e.g., server uptime, performance metrics, error rates). We do not log personally identifiable information (PII) beyond the email address.

We deliberately minimize data collection to support our educational and research mission.

3. Data We Do NOT Collect

To be explicit, REGHelp does not collect or store:

  • Payment card numbers, bank accounts, or cryptocurrency wallet addresses;
  • IP addresses in user-facing logs (may appear transiently in infrastructure logs retained for up to 24 hours);
  • Browser fingerprints, device identifiers, or tracking pixels;
  • Third-party social login data.

4. Purpose of Processing

We process your data to:

  • Authenticate and manage user accounts;
  • Communicate essential service notices;
  • Process internal balance operations and provide usage history;
  • Secure our infrastructure and prevent abuse;
  • Comply with legal obligations.

5. Data Storage & Security

  • Passwords are stored in irreversibly hashed form using industry-standard algorithms (e.g., bcrypt, Argon2) with unique salts.
  • Email addresses are stored in plain text (required for login and notifications) within encrypted-at-rest databases.
  • All data in transit is protected via TLS 1.3 encryption.
  • Access to production systems is restricted to authorized personnel under strict access-control policies with multi-factor authentication.
  • All server-side timestamps are stored and processed in UTC; client-side display may convert to local time.
  • Database backups are encrypted and retained for up to 7 days for disaster recovery purposes.

6. Third-Party Services

We engage a limited number of third-party services:

ServicePurposeData Shared
HeleketCryptocurrency payment processingPayment amount only; Heleket does not receive your email or account data
CloudflareDDoS protection and CDNStandard HTTP metadata (IP, headers) processed under Cloudflare's privacy policy

We do not use any third-party analytics, advertising, or tracking services.

7. Legal Basis for Processing

Depending on your jurisdiction, our processing is based on one or more of the following:

  • Consent (e.g., when you register an account);
  • Contractual necessity (providing the Services);
  • Legitimate interest (maintaining security and integrity of the Site);
  • Legal obligation (complying with applicable laws).

8. Regulatory Compliance

We strive to align with major privacy frameworks, including but not limited to:

  • European Union: General Data Protection Regulation (GDPR) 2016/679;
  • United Kingdom: UK GDPR & Data Protection Act 2018;
  • United States: California Consumer Privacy Act (CCPA) & subsequent CPRA;
  • Brazil: Lei Geral de Proteção de Dados (LGPD);
  • Canada: Personal Information Protection and Electronic Documents Act (PIPEDA);
  • Australia: Privacy Act 1988 & Australian Privacy Principles (APP);
  • Russian Federation: Federal Law No. 152-FZ "On Personal Data";
  • Other relevant local laws.

Where required, we act as a data controller and appoint data-protection officers or local representatives.

9. International Transfers

Data may be processed on servers located in multiple jurisdictions. We implement safeguards such as Standard Contractual Clauses (SCCs) or equivalent mechanisms to ensure adequate protection.

10. Data Retention

Data TypeRetention Period
Email addressWhile your account is active, or as required by law
Password hashWhile your account is active
Transaction historyWhile your account is active, plus 12 months after deletion
Operational logsUp to 30 days
Infrastructure logs (incl. IPs)Up to 24 hours
Database backupsUp to 7 days

11. Account Deletion

  1. You may request deletion of your account and associated data by contacting privacy@reghelp.net.
  2. Upon receiving a verified deletion request, we will permanently delete your email, password hash, and API keys within 30 days.
  3. Anonymized transaction records may be retained for up to 12 months after deletion for financial reporting and fraud prevention purposes. These records cannot be linked back to your identity.
  4. Data already present in encrypted backups will be purged as backups naturally rotate (up to 7 days).

12. Your Rights

Subject to local law, you may have rights to:

  • Access your personal data and receive a copy;
  • Rectify inaccurate data (e.g., update your email);
  • Erase your data (see Section 11 above);
  • Restrict or object to processing;
  • Port your data to another service in a machine-readable format;
  • Withdraw consent at any time without affecting the lawfulness of prior processing.

To exercise these rights, contact privacy@reghelp.net. We will respond within 30 days (or sooner if required by applicable law).

13. Children's Privacy

The Services are not directed to individuals under the age of 18. We do not knowingly collect personal data from minors. If we become aware that a user is under 18, we will promptly delete their account and associated data.

14. Cookies and Tracking

  1. We use only essential cookies required for session management (authentication JWT tokens).
  2. No third-party analytics, advertising, or tracking cookies are used.
  3. No local storage or fingerprinting techniques are employed for tracking purposes.

15. Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms:

  1. We will notify affected users via email within 72 hours of becoming aware of the breach.
  2. We will notify the relevant supervisory authority where required by applicable law.
  3. Notifications will include the nature of the breach, the data affected, and recommended protective measures.

16. Updates to This Policy

We may update this Policy periodically. Significant changes will be announced on the Site with an updated "Last updated" date. Continued use of the Services after updates constitutes acceptance.

17. Contact

For privacy inquiries, email privacy@reghelp.net.

Chiffré SSL

Données Protégées

Conforme au RGPD

Stockage Sécurisé