Privacy Policy

Last updated: 2026-05-16 · GDPR & CCPA-compliant

SYGMAK BRIDGE (hereafter "we", "the Service", "the Company") respects your privacy and is committed to protecting your personal data. This policy explains what we collect, why, and the rights you have over your data — including specific rights under the EU General Data Protection Regulation (GDPR — Regulation (EU) 2016/679) for users in the European Economic Area, and the California Consumer Privacy Act / California Privacy Rights Act (CCPA/CPRA) for residents of California.

TL;DR — We collect the strict minimum: your Telegram identifier (so you can use the service), a hash of your phone number (anti-abuse only — never the actual number), and basic payment records. No advertising trackers, no cookies, no third-party analytics on this website. We do not sell or share your personal information.

1. Data Controller / Business

The data controller (under GDPR) and the business (under CCPA/CPRA) for the processing described herein is the entity identified in our Company Information page. Contact for all privacy matters: @SygmakOps_bot on Telegram.

2. Data We Collect

Data	Why	Legal basis (GDPR Art. 6)	Retention
Telegram user ID, username, first name	Identify you within the bot; deliver the service	Contract — Art. 6(1)(b)	For active subscription + 3 years post-cancellation (French accounting law)
Phone number — SHA-256 hash only (with secret salt)	Anti-abuse: one trial per phone, ever	Legitimate interest — Art. 6(1)(f)	For active subscription + 3 years
Payment intent records (amount, plan, USDC tx hash, network)	Process payment; on-chain verification; bookkeeping	Contract — Art. 6(1)(b); legal obligation — Art. 6(1)(c)	10 years (French accounting law, Code de commerce L.123-22)
Server logs: IP address, request time, user agent	Security, fraud prevention, debugging	Legitimate interest — Art. 6(1)(f)	Maximum 12 months
API key hash + usage timestamps (Auto plan only)	Authenticate API requests; revoke compromised keys	Contract — Art. 6(1)(b)	For active subscription

We do not collect: your real name, email address, payment card numbers, banking information, or your trading account credentials.

3. How We Use Your Data

Deliver and maintain the service you subscribed to
Authenticate your access to the VIP channel and the API (Auto plan)
Process and verify USDC payments on-chain
Prevent abuse (notably trial multi-claim through different accounts using the same phone)
Comply with our legal accounting obligations
Respond to your support requests

4. Sharing With Third Parties

We never sell or rent your personal data. Limited data is shared only with the following processors, each strictly necessary to operate the service:

Telegram (Telegram FZ-LLC) — your Telegram identifier is, by design, processed by Telegram for the bot and channels to function. See Telegram's privacy policy.
Public blockchain explorers — we query Basescan, Etherscan and Helius (Solana) to verify your USDC payments on public chains. Transaction hashes you submit are already public on-chain data.
Contabo GmbH (Germany) — our hosting provider, processing data on servers located in the EU.

5. International Transfers

Data we process is stored on servers in the European Union (Germany). Telegram's infrastructure may transfer data internationally per Telegram's own terms. We do not transfer data outside the EU for our own processing.

6. Your Rights Under GDPR

You have the following rights regarding your personal data:

Right of access — request a copy of all data we hold about you
Right of rectification — correct inaccurate data
Right of erasure ("right to be forgotten") — request deletion, subject to legal retention obligations
Right to restrict processing — request limited use of your data
Right to data portability — receive your data in a machine-readable format
Right to object — oppose processing based on legitimate interest
Right to withdraw consent — where processing is based on consent
Right to lodge a complaint — with your national data protection authority (in France, the CNIL)

To exercise any of these rights, contact us via @SygmakOps_bot. We respond within 30 days as required by GDPR (Art. 12).

7. California Residents — CCPA / CPRA Rights

If you are a California resident, the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), grants you the following additional rights over your personal information.

7.1 Categories of personal information we collect

In the past twelve (12) months, we have collected the following categories of personal information (as defined by Cal. Civ. Code § 1798.140):

Identifiers — Telegram user ID, username, first name as provided by Telegram
Internet or other electronic network activity — server access logs (IP address, timestamps, request URLs, user agent), API usage logs
Commercial information — payment intent records (plan, amount, on-chain transaction hash, network)
Inferences — none. We do not infer characteristics from the data we collect.

We do not collect, and have not collected in the past 12 months, any "sensitive personal information" as defined by Cal. Civ. Code § 1798.140(ae), including but not limited to government IDs, financial account credentials, precise geolocation, racial or ethnic origin, religious beliefs, biometric data, health information, sexual orientation, or contents of mail/email/messages.

7.2 Sources of personal information

Directly from you (via Telegram bot interactions and phone-verification consent)
Automatically (server logs, API request metadata)
From Telegram (publicly visible profile attributes such as username)
From public blockchain explorers (payment verification on Base, Ethereum, Solana)

7.3 Purposes of collection and use

We use the categories above to:

Provide and maintain the Service you subscribed to
Verify and process USDC payments on-chain
Authenticate VIP channel and API access
Prevent fraud, abuse, and unauthorized use
Comply with legal obligations (recordkeeping, sanctions screening)
Respond to support and rights requests

7.4 Your CCPA / CPRA rights

Right to Know — Request a copy of the personal information we have collected, used, disclosed, and the sources and purposes thereof, for the past 12 months
Right to Delete — Request deletion of personal information we have collected, subject to lawful retention obligations (e.g., recordkeeping, fraud prevention)
Right to Correct — Request correction of inaccurate personal information
Right to Opt-Out of Sale or Sharing — We DO NOT sell or share your personal information for cross-context behavioral advertising. No opt-out is needed because the practice does not occur, and no "Do Not Sell or Share My Personal Information" link is required by law in our case. We restate this commitment here for transparency.
Right to Limit Use of Sensitive Personal Information — We do not collect sensitive personal information, so this right is inapplicable to us.
Right to Non-Discrimination — We will not deny you service, charge you different prices, or provide a different quality of service in response to your exercise of CCPA/CPRA rights. We do not offer financial incentive programs in exchange for personal information.

7.5 How to exercise CCPA / CPRA rights

Contact us via @SygmakOps_bot with your request. We verify your identity through your Telegram account (which is the unique identifier under which we hold any information about you). We respond within 45 days as required by Cal. Civ. Code § 1798.130(a)(2), extendable by another 45 days when reasonably necessary.

You may also designate an authorized agent to make a request on your behalf, in writing and with verifiable proof of authorization.

7.6 No "sale" or "sharing" of personal information

We do not sell personal information for monetary or other valuable consideration. We do not share personal information for cross-context behavioral advertising. We have not sold or shared any personal information in the past 12 months and have no plans to do so.

7.7 Data retention (California)

We retain personal information only as long as necessary for the purposes described above (and listed in section 2). Retention durations align with those disclosed in our GDPR retention table above.

7.8 Notice of financial incentives

We do not offer any financial incentives, loyalty programs, or rewards programs in exchange for personal information.

8. Security

We apply industry-standard security measures:

TLS encryption (HTTPS) for all web traffic
Payment fingerprinting through unique deterministic amounts — your transaction is identified by the cents, never by personal identifiers
API keys stored as SHA-256 hashes — plaintext keys never persisted
Phone numbers stored as salted SHA-256 hashes — never reversible
Restrictive filesystem permissions on configuration and database files

9. Cookies & Trackers

This website does not use cookies, local storage, Google Analytics, Meta Pixel, or any third-party tracking system. The only data sent by your browser is the standard request to load the page.

10. Children

The Service is restricted to users aged 18 or older (and 16 or older under GDPR; 13 or older under U.S. COPPA). We do not knowingly collect data from minors. If you believe a minor has provided data, contact us for immediate deletion.

11. Changes to This Policy

We may update this policy from time to time. The "Last updated" date at the top of this page will reflect any changes. Material changes affecting your rights will be communicated through the Telegram bot.

12. Contact

For any privacy-related question: @SygmakOps_bot on Telegram. Response within 24 hours for general inquiries; up to 30 days for formal GDPR requests.