1. Who we are
CryptoHut ("we", "us", "our") operates cryptohut.io, an independent editorial site reviewing crypto casinos. This policy covers information collected through the website. For editorial context see our About page.
2. What we collect
We collect limited data needed to run the site, receive messages, and understand which outbound buttons are used.
- Outbound click logs. When you click a "Visit casino" button, we record the casino, the CryptoHut page pathname you clicked from, the button placement, and a timestamp. We do not add your name, email, browser user-agent, campaign query parameters, or a persistent browser identifier to that record. We also do not send our internal click-record identifier to the casino.
- Contact form submissions. If you use our contact form, we store the name, email, subject, and message you provide, along with the page you submitted from. We use this for manual editorial review, possible follow-up, and abuse prevention. Submitting the form does not guarantee a reply.
- Standard server logs. Hosting and infrastructure providers may create request-level logs containing an IP address, user-agent, URL, and timestamp for delivery, security, and abuse prevention. Those providers control their infrastructure logs and retain them under their own operational and security schedules.
- Email list. If you join the CryptoHut Brief, we store the email you enter, the page and signup placement used, the time and version of your consent, the time you confirmed you meet the legal gambling age, subscription status, and a private unsubscribe token. We use this information only to administer future editorial emails about guides, ranking or terms changes, player warnings, and occasional affiliate-supported recommendations. We do not add an IP address, browser user-agent, or persistent browser identifier to the subscriber record.
- Cookies and analytics. CryptoHut does not currently run third-party analytics or advertising pixels in the site application, and we do not set non-essential cookies ourselves. Infrastructure and destination sites may operate under their own policies. If our use changes, this policy will be updated and, where required, consent will be requested first.
3. What we do not collect
- We do not have user accounts on cryptohut.io.
- We do not receive your casino account details, deposits, withdrawals, or wagering activity from operators we link to.
- We do not sell personal data to third parties.
- We do not add anyone to the CryptoHut Brief without the form's marketing consent and legal-age confirmations.
4. Third-party casinos
When you follow a link to a casino, you leave cryptohut.io and enter that operator's own website, subject to their privacy policy and terms. We are not responsible for how they handle your data. An affiliate destination may contain an operator-side referral code already present in the destination URL. The operator may use its own cookies or account attribution after you arrive; CryptoHut does not control that processing. See our Affiliate Disclosure for how the referral itself works.
5. Your rights
Depending on where you live (EU/UK GDPR, California CCPA/CPRA, and similar frameworks), you may have the right to access, correct, or delete personal data we hold about you, and to object to certain processing. Newsletter consent can be withdrawn using the private unsubscribe link included with an email. To exercise any other right, or to withdraw before receiving an email, use the contact form and provide the email address used in the original submission so the relevant record can be located.
6. Retention
Active newsletter records are retained while consent remains active. If you unsubscribe, the address and opt-out status may remain in the access-restricted list so the withdrawal can be honoured; you may also request deletion. Contact submissions and click records are retained for editorial administration, attribution reporting, and abuse prevention until they are no longer needed or are manually deleted. We do not currently promise a fixed automatic deletion interval. Infrastructure providers may retain backups or security logs under their own schedules. To request deletion, use the contact form and include the email address used in the original submission so the relevant record can be located.
7. Security
Data is stored with our infrastructure provider under access controls and row-level security policies. No system is perfectly secure, and we do not promise perfect security — we do commit to notifying users about incidents where required by law.
8. Changes to this policy
We will update the "Last updated" date at the top of the page when this policy changes. The current version published here applies from that date.
9. Contact
Questions about this policy? Use the contact form and mark the subject "Privacy".
