Legal

Privacy policy

Last updated: April 26, 2026

tradingview-mcp Hosted (“we”, “tradingview-mcp”, the service running at mcp.cryptosieve.com and pro.cryptosieve.com) is operated as a sole proprietorship by Ahmet Atila in Istanbul, Türkiye. We try to collect as little as we can get away with while still running the service.

The short version. We hold your email address, a hashed version of your API key, and a 30-day log of how often you called the service. We share data with Dodo Payments (billing) and Resend (transactional email). We don’t sell anything to anyone. Email [email protected] to delete your data and we’ll do it within 30 days.

1. What we collect

Account data

Email address — provided when you check out via Dodo Payments. Used to send you the welcome email containing your API key and to contact you about your subscription.
Google account profile (name, email, avatar) — only if you sign in to the dashboard at pro.cryptosieve.com. Stored in our Postgres database via Better Auth. Used to show your account page; not used for marketing.

Service data

API key (hash only) — we store a SHA-256 hash and the first 12 characters as a prefix. We never store the raw key. If you lose it, we can’t recover it — you can issue a new one from /account/keys.
Usage logs — for each tool call: timestamp, HTTP method, response status, the path that was called, and your key id. We do not log the content of your prompts or the JSON responses returned by the upstream MCP server. Used for rate limiting, quota enforcement, and abuse investigation. Auto-purged after 30 days.
Webhook events from Dodo Payments — the raw event body is stored to make webhook delivery idempotent (we don’t double-charge or double-provision keys when Dodo retries). Retained for 90 days.

What we do NOT collect

The content of your Claude conversations.
The actual market data your tool calls return.
Cookies, except a session cookie set by Better Auth when you sign in.
Analytics, tracking pixels, advertising IDs, or fingerprinting on the landing page. There is no Google Analytics, Meta Pixel, or similar.

2. Who we share it with

We use a small number of third-party processors. We don’t share your data with anyone else.

Dodo Payments (billing, payment processing) — receives your email and payment details when you subscribe. Dodo’s privacy policy.
Resend (transactional email) — receives your email address when we send you the welcome email or a password / key rotation notice. Resend’s privacy policy.
Anthropic / Claude — your tool calls flow Claude → tradingview-mcp gateway → upstream MCP server. We do not send your prompts or your conversation history to Anthropic. They see whatever you choose to send them when you talk to Claude; we have no role in that.
Hetzner (infrastructure host, EU/Germany) — hosts the virtual machine the service runs on. Hetzner privacy policy.
Google — only if you sign in to the dashboard with Google OAuth. Standard OAuth profile claims.

3. How long we keep it

Active subscription: account email + key hash retained while your subscription is active.
Cancelled subscription: retained 90 days for billing reconciliation, then deleted.
Usage logs: rolling 30 days; older rows are dropped.
Webhook events: 90 days for idempotency + dispute defence.
Backups: nightly encrypted backups of the gateway database, retained 14 days.

4. Your rights (GDPR / CCPA)

You have the right to access, correct, export, or delete your personal data. To exercise any of these, email [email protected] from the email associated with your subscription. We respond within 30 days; for deletion this means revoking your API key, scrubbing your email from our tables, and removing logs that reference your key id.

Billing records that we’re legally required to retain (Türkiye tax regulations, EU VAT) cannot be deleted on request. After the legal retention period (typically 5 years), they are deleted automatically.

5. Security

API keys are stored as SHA-256 hashes; raw keys are shown once and never persisted server-side.
Traffic to mcp.cryptosieve.com and pro.cryptosieve.com is TLS-only (Caddy auto-renews via Let’s Encrypt).
Webhooks from Dodo Payments are HMAC-SHA256 verified before any side effect.
Admin actions on the gateway require a bearer token; raw keys can’t be retrieved from the database, only revoked.

No system is ever fully secure. If you believe you’ve found a vulnerability, email [email protected] with subject line “security”. We’ll respond within 72 hours.

6. Children

The service is not directed at anyone under 18. We don’t knowingly collect data from children. If you believe a minor has subscribed, contact us and we’ll delete the account.

7. Changes

We’ll update this page when something material changes (new processor, new data category, longer retention). The “last updated” date at the top reflects the most recent change. For material changes that affect existing customers we’ll also send an email.

8. Contact

Ahmet Atila · [email protected] · Istanbul, Türkiye.