Privacy Notice

Last updated: May 2026

This page summarises the data processing that happens on bullioncoin.network (the website). For our full legal privacy policy — including the BullionCoin Network iOS app, subscription billing, and Firebase Authentication — see our full Privacy Policy and Cookie Policy.

1. We do not use tracking or advertising cookies

The website does not set tracking cookies, advertising identifiers, or third-party analytics that profile you across sites. We do not sell or share data with advertisers.

2. Anonymous blog engagement counters

Each blog post has a Like button and share buttons (X, Facebook, LinkedIn, Reddit, WhatsApp, Copy link). When you click one, we increment an aggregate counter for that post in our database.

The counter is an integer. It is not linked to you, your browser, your IP address, or any other identifier. We cannot tell who liked or shared a post — only how many times it has been liked or shared in total.

Local browser storage for the Like button: to prevent the same browser from counting a like more than once, we store a small flag in your browser's localStorage under the key bcn:liked:<slug>. This value never leaves your device, is not transmitted to us, and you can clear it at any time via your browser's site-data controls. We consider this storage strictly necessary to deliver the Like feature you requested by clicking the button.

3. Abuse protection (App Check & rate limiting)

To stop bots and automated scripts from inflating engagement counters or abusing our APIs, we use two technical safeguards on the server side. The legal basis is our legitimate interest in keeping the service available and free of fraud (GDPR Art. 6(1)(f)).

  • Google reCAPTCHA Enterprise / Firebase App Check. Your browser obtains a short-lived token that proves the request comes from a real browser visiting our site. Google processes signals (including IP address and browser characteristics) for this purpose, governed by Google's Privacy Policy. We do not receive your IP from this token.
  • Server-side rate limiting. For each request to a public API, we compute a SHA-256 hash of the caller's IP address and store the hash, together with the timestamps of recent calls, in a sliding-window counter. The raw IP is never written to disk. The counter document is retained only as long as needed to enforce the window (a TTL policy purges old entries automatically).

4. Hosting and server logs

The website is hosted on Vercel and our APIs run on Google Cloud (Firebase Cloud Functions, region europe-west1). Both providers maintain short-term operational logs that may include IP addresses for security and debugging purposes. We do not query those logs for analytics.

5. Your rights

Because the engagement counters are pure aggregates and contain no identifier linked to you, there is nothing to access, correct, or erase on a per-user basis — your clicks left no personal record on our servers. For data associated with the BullionCoin Network iOS app (anonymous Firebase user ID, subscription receipts, in-app feedback), please refer to the full Privacy Policy or contact us through the feedback form.

6. Changes to this notice

We may update this notice as the website evolves. Material changes will be reflected in the “Last updated” date at the top of the page.