Skip to main content

Privacy Policy

Last updated: March 19, 2026

1. Data Controller

In accordance with Regulation (EU) 2016/679 (GDPR) and applicable data protection laws, the data controller for personal data of users of GanaDinero is:

Controller: [NAME / COMPANY NAME]

Tax ID: [TAX ID]

Address: [FULL ADDRESS]

Contact: privacy@ganadinero.app

2. Data We Collect

Category Data Purpose
Account Email address, password (hashed), registration date Identification and authentication
Activity Reward history, completed tasks, daily streak, balance Rewards program management
Withdrawals Payment method, cryptocurrency address, PayPal email, KYC documentation Payment processing and regulatory compliance
Technical IP address, country of access (Cloudflare), User-Agent, timestamps Security, fraud detection and rate limiting
Purchases Order number, platform, amount and provided screenshots Cashback verification

3. Legal Basis for Processing

  • Performance of a contract (Art. 6.1.b GDPR): data necessary to provide the rewards service and process withdrawals.
  • Legitimate interests (Art. 6.1.f GDPR): detection and prevention of fraud, abuse and security breaches, as well as maintaining audit records.
  • Legal obligation (Art. 6.1.c GDPR): retention of accounting and payment data as required by applicable tax regulations.
  • Consent (Art. 6.1.a GDPR): optional marketing communications.

4. Purposes of Processing

  • Manage user registration, authentication and profile.
  • Calculate and credit virtual balance for completed activities.
  • Process and verify withdrawal requests, including anti-fraud and KYC checks.
  • Detect, investigate and prevent fraudulent conduct, exploits and abusive use.
  • Comply with applicable legal obligations (tax, anti-money laundering, etc.).
  • Handle inquiries and complaints.
  • Improve the Service through anonymized statistical analysis.

5. Fraud Detection Data

Activity data, IP addresses, usage patterns and any technical information may be automatically analyzed to detect signs of Fraudulent Activity or Exploit as defined in the Terms and Conditions. This processing is based on the legitimate interests of the controller in protecting the economic integrity of the Service.

Records used for fraud investigations will be retained for 5 years from the event, or until the resolution of any ongoing judicial or administrative proceedings.

6. Sharing Data with Third Parties

Personal data will not be shared with third parties except in the following cases:

  • Infrastructure providers: Cloudflare (CDN, D1 database, Workers) and transactional email providers, under a Data Processing Agreement.
  • Payment processors: to execute approved withdrawals (PayPal, cryptocurrency exchanges, gift card distributors).
  • Legal obligation: when required by court order, competent authority or applicable law.
  • Fraud investigation: minimum necessary data may be shared with law enforcement agencies in the context of a criminal investigation.

7. International Transfers

Cloudflare Inc. (USA) acts as a data processor under Standard Contractual Clauses approved by the European Commission and the EU-US Data Privacy Framework, ensuring an adequate level of protection.

8. Retention Periods

  • Active account data: for the duration of the account plus 3 years after deletion.
  • Withdrawal and transaction data: 6 years (legal obligation).
  • Fraud records and investigations: 5 years or until final judicial resolution.
  • Technical security logs: 12 months.

9. Your Rights

You may exercise the following rights by sending a request to privacy@ganadinero.app along with a copy of your ID or passport:

  • Access: find out what data we hold about you.
  • Rectification: correct inaccurate or incomplete data.
  • Erasure: request deletion of your data when it is no longer necessary.
  • Objection and restriction: object to or restrict certain processing activities.
  • Portability: receive your data in a structured format.
  • Withdrawal of consent: at any time for processing based on consent.

We will respond within a maximum of 30 calendar days. If you are in the EEA, you may lodge a complaint with your local data protection authority.

Note: Exercising the right to erasure will not affect records we are required to retain by law or for the defence of legal claims (including fraud investigations).

10. Security

We apply appropriate technical and organizational measures: encrypted transmission (HTTPS/TLS), password storage using bcrypt hashing, JWT access control, API endpoint rate limiting, and standard HTTP security headers. Despite these measures, no system is infallible; in the event of a security breach affecting your rights and freedoms, you will be notified within the legally required 72-hour window.

11. Cookies

The web service uses strictly necessary cookies for the user session (authentication token). We do not use first-party advertising tracking cookies. Ads served by third parties may use their own cookies subject to their own privacy policies (Google AdSense / AdMob).

You can withdraw or change your cookie consent at any time using the button below. Your choice is stored locally in your browser and does not affect core site functionality.

12. Changes to this Policy

Any material changes will be communicated in advance through the platform. If you disagree with the changes, you may request account deletion before they take effect.

Terms and Conditions Legal Notice Back to home