Privacy Policy

Last updated: January 2026

1. Overview & Data Controller

The protection of your personal data is important to us. Below, we inform you about the processing of personal data when using biturai.com.

Data Controller within the meaning of the GDPR:
Biturai L.L.C‑FZ
Meydan Grandstand, 6th floor, Meydan Road
Nad Al Sheba, Dubai, U.A.E.
Email: info@biturai.com

2. Processing Purposes & Legal Basis

We process your data for the following purposes:

  • Website Provision (Server Logs): For security and stability (IP address, browser, timestamp). Legal basis: Art. 6 (1) lit. f GDPR (Legitimate Interest).
  • Contact Inquiries: When you contact us via email, we store your data to process the inquiry. Legal basis: Art. 6 (1) lit. b GDPR (Contract/Pre-contract) or lit. f (Legitimate Interest).
  • Dashboard & Community: We visualize aggregated data. Personal data of community members is primarily processed on the Skool platform (see their privacy notice).
  • Newsletter (if subscribed): Sending updates and market analyses. Legal basis: Art. 6 (1) lit. a GDPR (Consent).

3. Newsletter, Magic Link & Email Communication

When you sign up for our newsletter or request a magic link to sign in, we process your email address. Legal basis: Consent (Art. 6 (1) lit. a GDPR) or Contract performance (Art. 6 (1) lit. b GDPR).

Newsletter Subscription on Login: When signing in via magic link, you are automatically subscribed to our newsletter unless you have previously unsubscribed. This is part of our free service offering. You can unsubscribe at any time.

Double Opt-In: Clicking on the magic link to sign in also serves as double opt-in for the newsletter. This confirms that you have access to the specified email inbox and actively wish to subscribe.

Email Provider: We use Resend (resend.com, Resend Inc., USA) for sending emails, including:

  • Magic links for authentication
  • Newsletter and market analysis (with consent)
  • System notifications

Processed Data: Email address, signup timestamp, language preference (DE/EN), newsletter consent status, unsubscription timestamp (if unsubscribed).

International Transfer: Resend is a US provider. Your data is transferred to the USA. We have a Data Processing Agreement (DPA) with Resend. EU Standard Contractual Clauses (SCCs) apply.

Tracking: If enabled, the newsletter may track open and click rates for statistical purposes.

Withdrawal: You can withdraw your newsletter consent at any time (unsubscribe link in every email or via info@biturai.com). After unsubscribing, you will not be re-subscribed on future logins.

3a. Telegram Community (Community Chat)

We operate a community on Telegram (https://t.me/biturai_chat).

  • Responsibility: Telegram is an external service (Telegram FZ-LLC). When you join, Telegram processes your data under its own responsibility. Their privacy policy applies.
  • Data Processing by Biturai: We can see your username and posts as shared by you in the group. We use this data exclusively for community management and moderation (Legitimate Interest, Art. 6 (1) lit. f GDPR).
  • International Transfer: Data on Telegram may be processed worldwide. We have no control over this.

3b. Skool Community (Community Platform)

We use the platform skool.com (Skool Inc.) for our community and courses.

  • Platform & Responsibility: Skool is an independent platform. For its use (registration, profile), the privacy notice and terms of Skool apply. Skool acts as the data controller for the operation of the platform.
  • Merchant of Record: Skool is the contracting party for payments (e.g. for paid memberships). We do not have access to full payment data.
  • Data Processing by Biturai: We process your membership data (name, profile, posts, learning progress) to manage the community, unlock content, and provide support (Art. 6 (1) lit. b GDPR for contract performance with paid content, otherwise Legitimate Interest Art. 6 (1) lit. f GDPR).
  • International Transfer: Skool is a US provider. Data is transferred to the USA. We note the associated risks.

3c. Community Invitation (Join Form)

When you join the community via the form on our website ("Join Community"/"Join the Dojo"), we process the following data:

  • Data Categories: Email address (required), timestamp, IP address, language (EN).
  • Purpose: Automated dispatch of an invitation to the Biturai Skool Community via email.
  • Processors / Recipients:
    • Zapier (USA/Global): We use Zapier for automation (data reception from form → triggering invitation). Standard Contractual Clauses (SCCs) are in place.
    • Skool (USA): The email invitation is technically sent by the Skool platform. Your email address is transferred to Skool for this purpose.
  • Legal Basis: Your explicit consent by checking the box in the form (Art. 6 (1) lit. a GDPR).
  • Retention: Data in the automation log (Zapier) is deleted after operational necessity expires. In Skool, data is permanently processed only if you accept the invitation and register there.
  • Withdrawal: You can withdraw your consent at any time before submitting the form or by contacting us.

3d. Real-Time Chat (Dojo Chat)

We operate an integrated real-time chat system ("Dojo Chat") on biturai.com for logged-in members.

  • Processed Data: Username, profile picture, chat messages (text, voice messages), reactions, timestamps, and rank.
  • Storage: Messages are stored in our database (Neon/PostgreSQL, EU) to provide chat history.
  • Real-Time Transmission: We use GetStream.io (getstream.io, Stream.io Inc., EU West) for real-time message delivery. IP address and connection data are processed by GetStream.
  • Voice Messages: Audio files are stored via Vercel Blob Storage (Vercel Inc., USA).
  • Legal Basis: Contract performance (Art. 6 (1) lit. b GDPR) for members.
  • International Transfer: GetStream (EU West, adequate data protection level), Vercel (USA, SCCs in place).

3e. AI Assistant ("Biturai")

We offer an AI-powered assistant ("Biturai") that can be used in private chat and community areas.

  • Processed Data: Your inputs (questions, messages), chat context, and publicly available market data (e.g. from Coinglass).
  • Learning Function: The AI may learn from conversations to provide better responses. This serves to improve the service.
  • Privacy Differentiation:
    • Private Chat: In your personal area (e.g. Trading Journal), the AI can access and display your personal trading data upon request.
    • Community Chat: In public areas, the AI will never disclose personal user data (such as win rate, trades, performance) — not even upon request by third parties.
  • Third-Party Providers: AI processing may be carried out via external services (e.g. OpenAI API, Anthropic). Your inputs are transmitted to these services.
  • Legal Basis: Contract performance (Art. 6 (1) lit. b GDPR) and Legitimate Interest (Art. 6 (1) lit. f GDPR).

3f. AI Content Generation (News & Wiki)

We use AI technologies for automated content creation (wiki articles, news posts) to provide you with up-to-date and comprehensive information.

  • Data Sources: For research, we use public web data via search engine APIs (e.g. Tavily) and market data from aggregators (e.g. CoinMarketCap, Coinglass).
  • AI Models: Text and image generation is powered by Google DeepMind (Gemini). Prompts (topic specifications) are transmitted to Google. Personal user data is not used for this purpose, unless it is part of public web content (e.g. names of CEOs in news articles).
  • Storage: Generated texts are stored in our database (Neon). Generated images are stored in Vercel Blob Storage.

3g. Customer Support (Crisp.chat)

We use Crisp (crisp.chat, Crisp IM SAS, France) as a live chat tool for customer support on our website.

  • Processed Data: Chat messages, IP address, browser information, conversation timestamps, and email address (if you provide it).
  • Purpose: Providing real-time support and answering customer inquiries.
  • Cookies: Crisp uses functional cookies to maintain the chat session and recognize returning visitors.
  • Storage: Chat histories are stored by Crisp to improve support and track inquiries.
  • Legal Basis: Legitimate Interest (Art. 6 (1) lit. f GDPR) in efficient customer support.
  • Hosting: Crisp operates servers in the EU (France). More info: crisp.chat/privacy

3h. Trading Journal & Exchange API Integration

We offer a Trading Journal feature that connects to cryptocurrency exchanges via API to track and analyze your trading activity.

  • Processed Data: Exchange UID, API keys (read-only), trading volume, trade history, profit/loss data, and performance metrics.
  • Purpose: To provide you with a personal trading journal, performance analytics, leaderboard rankings, and Dojo rank calculation.
  • Supported Exchanges: Bitget, Toobit, Bitunix. Additional exchanges may be added in the future.
  • API Access: We exclusively use read-only API keys. We never have the ability to execute trades, withdraw funds, or modify your exchange account.
  • Storage: Trading data is stored in our database (Neon/PostgreSQL, EU). Aggregated and anonymized data may be used for the leaderboard.
  • Automated Syncing: Trading volume data is automatically synchronized at regular intervals via server-side cron jobs. This ensures your journal and rank are kept up-to-date.
  • Legal Basis: Contract performance (Art. 6 (1) lit. b GDPR) — you explicitly connect your exchange and consent to data retrieval.

3i. Review Platform (Trustpilot)

We display a Trustpilot widget on our website to show customer reviews.

  • Provider: Trustpilot A/S, Pilestraede 58, 5th floor, 1112 Copenhagen K, Denmark.
  • Processed Data: When the widget loads, your IP address and browser information may be transmitted to Trustpilot.
  • Cookies: Trustpilot may set cookies for functionality and analytics purposes.
  • Legal Basis: Legitimate Interest (Art. 6 (1) lit. f GDPR) in displaying authentic customer reviews.
  • More Info: Trustpilot Privacy Policy

4. Affiliate Links

On our website, we use affiliate links to partner exchanges (Bitget, Toobit, Bitunix). When you click on such a link, you are redirected to the provider. Tracking parameters (referral codes) may be transmitted so that the provider can attribute the registration to our account (for commission accounting and cashback credit).

We generally do not receive any clear data about your identity from the provider, but only pseudonymized success notifications (e.g. "User ID 123 has registered").

5. Cookies, Tracking & Consent Management

We use technologies to make the website user-friendly and to manage marketing activities. Some are technically necessary, others serve analysis purposes.

Consent Management (Usercentrics)

We use the consent management platform Usercentrics (usercentrics.eu) to obtain and document your consent to the storage of certain cookies or the use of third-party technologies. Legal basis: Art. 6 (1) lit. c GDPR (Legal Obligation).

Tracking / Tag Management

We use Google Tag (gtag.js) to integrate tracking tags directly into our website. The Google Tag itself does not set cookies independently, but controls the loading and triggering of the tracking services listed below.

If you have given your consent (opt-in via Usercentrics), we use tracking pixels and/or marketing cookies from the following providers:

  • Google Analytics 4 (Google Ireland Ltd.) — web analytics and usage statistics
  • Google Ads (Google Ireland Ltd.) — conversion measurement and remarketing
  • Meta (Facebook) Pixel (Meta Platforms Ireland Ltd.) — conversion measurement and retargeting
  • X (Twitter) Pixel (X Corp.) — conversion measurement and retargeting

Purpose: Web analytics, conversion measurement and retargeting. Legal basis: Art. 6 (1) lit. a GDPR (Consent).
International Transfer: These providers may transfer data to the USA. We note the associated risks.

You can withdraw your consent at any time via the cookie settings (link in the footer/menu).

6. International Data Transfers (Third-Country Transfer)

As Biturai is headquartered in Dubai (UAE), data (e.g. from email contact) is transferred to a third country outside the EU/EEA.

We note that the UAE may not have a level of data protection fully equivalent to the GDPR. We take protective measures where possible (e.g. technical security, confidentiality agreements) to protect your data.

7. Storage Duration

We store personal data only for as long as is necessary for the purposes or as required by statutory retention obligations. Once the purpose has been fulfilled, data is deleted or anonymized.

8. Your Rights

As a data subject under the GDPR, you have the following rights:

  • Right of Access (Art. 15 GDPR)
  • Right to Rectification (Art. 16 GDPR)
  • Right to Erasure (Art. 17 GDPR)
  • Right to Restriction of Processing (Art. 18 GDPR)
  • Right to Data Portability (Art. 20 GDPR)
  • Right to Object (Art. 21 GDPR)

To exercise your rights, please contact: info@biturai.com

You also have the right to lodge a complaint with a supervisory authority, in particular in the EU/EEA member state of your habitual residence.