Privacy Policy

Last updated: April 6, 2026

Short version: Coinnect does not collect personal information, does not hold funds, does not run KYC, and does not share user data with third parties. We exist to show you the cheapest path between currencies — that's it.

1. Who we are

Coinnect is a free, open-source money routing engine operated by KOA Labs. We compare 30+ exchange and remittance providers to surface the cheapest path between any two currencies — fiat, crypto, or P2P.

Contact for privacy matters: [email protected]

2. What we do NOT collect

No accounts, no signups, no passwords. Coinnect has no user accounts.
No KYC. We never ask for ID, name, address, or any government documents.
No funds custody. Coinnect never holds, transfers, or processes money. We only show you routes — each provider handles its own transfers.
No payment information. We don't collect card numbers, bank details, or wallet addresses.
No biometric, sensitive, or special-category data.

3. What we DO collect (the minimum to operate)

Anonymous usage analytics

We use Google Analytics 4 to count page views and route queries in aggregate. This is loaded only after you accept the cookie banner. Analytics data includes:

Approximate location (country / city), inferred from IP — IP itself is not stored long-term by Google
Browser type and language
Pages visited and search/quote queries (currency pairs, amounts — no personal context)

You can opt out by clicking "Reject" on the cookie banner, by adding ?notrack to any URL, or by setting localStorage.ga_optout = '1' in your browser.

API request logs (server-side)

Like every web service, our server records technical information for each API request: timestamp, IP address, user-agent, endpoint hit, and response time. These logs are retained for up to 30 days for security and abuse prevention, then automatically deleted. They are never shared.

API keys (only if you create one)

Commercial API users may request an API key. To issue a key we ask for a contact email. The key and email are stored in our database. You can request deletion at any time.

4. Third-party data sources

Coinnect queries public market data from exchanges (Kraken, Binance, Coinbase, Bitso, etc.) via the CCXT library. These are read-only calls to public price feeds — no user data is sent to those exchanges.

We also use static rate sheets from Wise, Yellow Card, Western Union, and MoneyGram for baseline comparison. None of these providers receive any information about you when you use Coinnect.

5. Cookies

Coinnect uses minimal cookies and browser storage:

Functional: theme preference (dark/light), language preference, locale defaults — stored in localStorage, never sent to a server.
Analytics: Google Analytics cookies (only after cookie-banner consent).
Service Worker cache: stores pages for offline use. Local to your browser only.

You can clear cookies any time from your browser settings or by reloading the cookie banner.

6. Data sharing

We do not sell, rent, or trade any user data. Period.

Aggregated, non-identifying usage statistics may be published in our open transparency reports (e.g., "X queries per month, top corridors: USD-MXN, BTC-EUR"). Individual users are never identifiable.

7. Your rights

Because we collect almost nothing, there is rarely anything to access, rectify, or delete. But if you do interact with us (commercial API key, support email, bug report) and want to:

Access the data we hold about you
Correct or delete it
Withdraw consent
Request a copy in a portable format

Email us at [email protected]. We will respond within 30 days.

Mexican users may also exercise ARCO rights under the LFPDPPP. EU users may exercise rights under GDPR Articles 15–22. UK users may exercise rights under UK GDPR.

8. Children

Coinnect is not directed at children under 13 and we do not knowingly collect data from them. The service is intended for adults using financial information.

9. Security

All traffic to Coinnect is encrypted in transit (HTTPS / TLS 1.2+). Server access is restricted to authorized maintainers. The codebase is open source — you can audit our data handling at github.com/coinnect-dev/coinnect.

10. Mobile app (Android)

The Coinnect Android app is a Trusted Web Activity wrapper around coinnect.bot. The app does not request any device permissions beyond network access. It does not access contacts, photos, location, microphone, camera, files, or any other device data. All processing happens via the web app loaded inside the wrapper.

11. International transfers

Coinnect servers are located in the United States. By using the service, you consent to your data (limited as it is) being processed there.

12. Changes to this policy

We may update this Privacy Policy. The "Last updated" date at the top will reflect the most recent version. Material changes will be announced on the homepage.

13. Contact

KOA Labs
Privacy: [email protected]
Source code: github.com/coinnect-dev/coinnect