Welcome to Drill.meme ("we," "our," or "us"). We are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, store, and protect your data when you use our cryptocurrency token analysis platform.

By using Drill.meme, you agree to the collection and use of information in accordance with this policy.

Important: Drill.meme is a read-only analysis tool. We never have access to your cryptocurrency wallets, private keys, seed phrases, or funds. We cannot see your wallet addresses or trading activity.

We use the information we collect for the following purposes:

• Service Provision: To provide and maintain the token analysis platform, including real-time alerts and historical data
• Account Management: To create and manage your account, process authentication, and handle subscription billing
• Personalization: To save your preferences, favorite tokens, and customize your dashboard experience
• Payment Processing: To process subscription payments through our payment processor
• Communication: To send service-related notifications, security alerts, and support responses
• Analytics: To understand how users interact with the platform and improve our services
• Security: To detect and prevent fraud, unauthorized access, and abuse of our services
• Legal Compliance: To comply with legal obligations, enforce our Terms of Service, and protect our rights

We do not use your data for cryptocurrency trading, market manipulation, or targeted advertising of third-party products.

Under the General Data Protection Regulation (GDPR), we process your personal data based on specific legal grounds. Here is how we justify each type of processing:

• Account creation and authentication: Contract performance - necessary to provide you with access to our service
• Payment processing: Contract performance - necessary to fulfill your subscription agreement
• Service notifications: Contract performance - necessary to inform you about your account and service status
• Customer support: Contract performance - necessary to respond to your inquiries and resolve issues
• Analytics and product improvement: Legitimate interest - to improve our service (with opt-out available)
• Security and fraud prevention: Legitimate interest - to protect our platform and users from abuse
• Marketing communications: Consent - only sent with your explicit permission
• Legal and regulatory compliance: Legal obligation - to comply with applicable laws

Where we rely on legitimate interest, we have conducted balancing tests to ensure our interests do not override your rights. You can object to processing based on legitimate interest at any time.

We do not sell, trade, or rent your personal information to third parties. We may share your information only in the following limited circumstances:

• Payment Processing: Our payment processor handles subscription payments. They have access to your payment information but not your cryptocurrency activity.
• Cloud Infrastructure: Google Cloud Platform hosts our database and authentication services. They do not have access to unencrypted personal data. See Google Cloud Privacy Policy.
• Analytics Services: We use analytics tools to understand platform usage. All data is anonymized and aggregated.
• Legal Requirements: When required by law, court order, or government investigation
• Protection of Rights: To protect our rights, property, safety, or the rights of users
• Business Transfers: In connection with a merger, acquisition, or sale of assets (you will be notified)
• With Your Consent: When you explicitly agree to share information for a specific purpose

All third-party service providers are contractually obligated to protect your data and use it only for specified purposes.

Your personal data may be transferred to and processed in countries outside of your country of residence. We take appropriate safeguards to ensure your data is protected:

• European Union Storage: Our primary database (Firebase Firestore) is hosted in the EU region (europe-west1), minimizing international transfers for EU users
• Standard Contractual Clauses: For transfers to the United States (e.g., Google Cloud services), we rely on EU-approved Standard Contractual Clauses (SCCs) as the legal mechanism
• EU-US Data Privacy Framework: Where applicable, our US service providers participate in the EU-US Data Privacy Framework
• Data Processing Agreements: All third-party processors have signed Data Processing Agreements (DPAs) that include appropriate security and privacy commitments

Countries receiving your data include:

• France: Our company is based in France, subject to French data protection law and GDPR
• European Union: Primary data storage in Google Cloud EU regions
• United States: Some Google Cloud infrastructure and analytics services (PostHog)

You can request information about specific safeguards by contacting us at contact@drill.meme.

You have the following rights regarding your personal data:

• Access: Request a copy of your personal data we hold
• Correction: Update or correct inaccurate information in your account settings
• Deletion: Request deletion of your personal data ("right to be forgotten")
• Portability: Receive your data in a machine-readable format (JSON)
• Opt-out: Unsubscribe from marketing emails (we don
• Restrict Processing: Limit how we use your data in certain circumstances
• Object: Object to certain types of data processing
• Withdraw Consent: Revoke previously given consent at any time

To exercise any of these rights, please contact us at contact@drill.meme. We will respond within 30 days.

Note: Deleting your account will permanently remove your personal data, preferences, and favorite tokens. This action cannot be undone.

Under GDPR Article 22, you have the right to know about automated decision-making that significantly affects you. Here is how we use automation:

• Token Analysis Algorithms: We use automated systems to detect and classify cryptocurrency tokens. These algorithms analyze on-chain data, smart contracts, and market metrics to identify potential scams or promising tokens.
• Scam Detection: Our automated filters classify tokens as "scam," "legit," or "pending review." This classification affects which tokens are displayed to you but does not affect your account or legal rights.
• Analytics Processing: Usage data is processed automatically to generate aggregated insights about platform usage. This does not affect any individual user decisions.

Important: None of our automated processing produces legal effects or significantly affects you as an individual. We do not:

• Use automated systems to approve or deny account access
• Make automated subscription or payment decisions
• Profile individual users for advertising or credit decisions
• Automatically terminate accounts without human review

If you have concerns about any automated processing, you can contact us at contact@drill.meme to request human review.

If you are located in the European Union or European Economic Area, you have the right to lodge a complaint with your local data protection supervisory authority.

As a French company, our lead supervisory authority is the Commission Nationale de l

You may also contact your local data protection authority if you are based in another EU/EEA country. A list of EU data protection authorities is available at: https://edpb.europa.eu/about-edpb/about-edpb/members_en

We encourage you to contact us first at contact@drill.meme to resolve any concerns before filing a complaint.

Drill.meme is not intended for users under the age of 18. Cryptocurrency trading involves financial risk and requires legal adulthood.

We do not knowingly collect personal information from children under 18. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at contact@drill.meme. We will promptly delete such information from our systems.

We retain your personal information only as long as necessary to provide our services and fulfill the purposes outlined in this policy:

• Active accounts: Data retained while your account is active
• Deleted accounts: Personal data deleted within 30 days of account deletion
• Usage analytics: Anonymized and aggregated after 90 days
• Support communications: Retained for up to 2 years for quality assurance
• Payment records: Retained for 7 years as required by tax and financial regulations
• Legal records: Retained as required by applicable law

After the retention period, data is securely deleted or anonymized beyond recovery.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. We will notify you of any material changes by:

• Posting the updated Privacy Policy on this page
• Updating the "Last updated" date at the top of this policy
• Sending an email notification to your registered email address
• Displaying a prominent notice on the platform for significant changes

For material changes that affect how your personal data is processed, we will request your explicit consent before the changes take effect. If you do not consent, you may continue to use the Service under the previous terms or close your account. We encourage you to review this policy periodically.

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

We will respond to all privacy-related inquiries within 30 days as required by GDPR and CCPA.