Privacy Policy

1. Introduction

Welcome to CitoCred, a personal finance blog operated by Fimaster Tech LTD ("we", "our", or "Company"). We are committed to transparency and the protection of your personal information.

This Privacy Policy applies to all visitors and users of https://citocred.com/ and any related services. It has been prepared in compliance with applicable U.S. privacy laws, including the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), the Children's Online Privacy Protection Act (COPPA — 15 U.S.C. § 6501), the CAN-SPAM Act, the FTC Act (15 U.S.C. § 45), and applicable state privacy laws (Virginia CDPA, Colorado CPA, Connecticut CTDPA, Texas TDPSA, and others).

2. Data Controller Identity

The entity responsible for processing your personal data is:

For privacy-related questions or to exercise your rights, please contact us at the email address below.

• Company: Fimaster Tech LTD
• Address: Level 1, Palm Grove House, Wickham's Cay 1, Road Town, Tortola VG1110
• Website: https://citocred.com/
• Privacy Contact / DPO: [email protected]

3. Information We Collect

We collect only the information necessary to operate our website and provide a good user experience. Data falls into the following categories:

• Information you provide directly: Name and email address when subscribing to our newsletter; name, email, and message when using contact forms; name, email, and content when posting comments.
• Information collected automatically: IP address and approximate geographic location (country/city); browser type, version, and language; operating system and device type; pages visited, time spent, and navigation path; referring website; clicks on ads and partner links; cookies and similar tracking identifiers.
• Information from third parties: Limited data from advertising and analytics partners (e.g., Google Analytics, Google AdSense) about your activity on our site and other websites, in accordance with those partners' privacy policies.
• Financial information: We are an informational blog. We do NOT collect, process, or store bank account numbers, credit card data, Social Security Numbers, or other sensitive financial information directly. Any financial product accessed through our partner links is processed exclusively by the respective third-party providers.

4. How We Use Your Information

We use the information we collect for the following purposes:

• Site operation: Display content, ensure correct functioning, detect and prevent fraud, invalid traffic, and security threats.
• Communication and newsletter: Send newsletters and updates you have subscribed to; respond to inquiries and comments; send transactional messages such as sign-up confirmations.
• Advertising and monetization: Display relevant ads via Google AdSense; measure campaign performance; share data with advertising partners where a legal basis exists and appropriate consent has been obtained.
• Partner links: Links are clearly identified. When you click, partner sites may collect your data under their own privacy policies.
• Analytics and improvement: Understand how visitors use our site and improve content quality; generate aggregated and anonymized reports.
• Legal compliance: Comply with applicable laws and regulations; respond to lawful requests from government authorities.

5. Legal Basis for Processing

We process your personal data only when a valid legal basis exists under applicable law. Under U.S. law, our processing is grounded in the following:

• Consent: For newsletter subscriptions, non-essential cookies, and interest-based advertising. You may withdraw consent at any time. (FTC Act § 5; CAN-SPAM Act; CCPA/CPRA § 1798.120 opt-out).
• Legitimate interest: For site security, fraud prevention, performance analytics, and content improvement, provided your fundamental rights do not override these interests. (FTC Act § 5; CFAA — 18 U.S.C. § 1030).
• Contract performance: To process your requests and provide the services you have requested. (E-SIGN Act — 15 U.S.C. § 7001; UCC electronic contracts).
• Legal obligation: When required by law, court order, or regulatory authority. (FTC Act § 5; ECPA — 18 U.S.C. § 2701; COPPA — 15 U.S.C. § 6501).

6. How We Share Your Information

We do not sell your personal information. We may share your information only in the following circumstances:

• Service providers (data processors): Email marketing platforms, hosting and infrastructure providers, traffic analytics tools (Google Analytics), and comment management systems. All are contractually required to protect your data and use it only as instructed.
• Advertising partners (independent controllers): Google AdSense and other ad networks may collect and use your data independently for their own purposes, including interest-based advertising. See: policies.google.com/privacy.
• Legal obligations: We may disclose your information when required by law, court order, or government authority, or to protect the rights, property, or safety of our company, users, or the public.
• Business transfers: In the event of an acquisition, merger, or sale, your information may be transferred. Affected users will be notified before data is transferred and subjected to a different privacy policy.
• Aggregated and anonymized data: We may share data that cannot identify you with partners, sponsors, or the public for research and reporting purposes.

7. Your Rights — California Residents (CCPA/CPRA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

• Right to Know: Request disclosure of the personal information we collect, use, disclose, and sell or share about you.
• Right to Delete: Request deletion of your personal information, subject to certain exceptions.
• Right to Correct: Request correction of inaccurate personal information we hold about you.
• Right to Opt-Out: Opt out of the sale or sharing of your personal information for cross-context behavioral advertising.
• Right to Limit Sensitive Information: Request that we limit the use and disclosure of your sensitive personal information.
• Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA/CPRA rights.

8. Rights for Other U.S. State Residents

Residents of Virginia (CDPA), Colorado (CPA), Connecticut (CTDPA), Texas (TDPSA), and other states with comprehensive privacy laws may have similar rights including the right to access, delete, correct personal data, and opt out of certain processing activities.

To exercise these rights, contact us at [email protected] with subject "State Privacy Rights Request" and include your name, state of residence, and the specific right(s) you wish to exercise.

9. Cookies and Tracking Technologies

Cookies are small text files stored on your device when you visit a website. We also use similar technologies such as pixels, web beacons, and local storage.

Where required by applicable law, we implement Google Consent Mode v2, which adjusts Google tag behavior based on your consent choices for ad_storage, analytics_storage, ad_user_data, and ad_personalization signals.

• Strictly necessary: Essential for site operation. Cannot be disabled. Examples: session management, security, load balancing.
• Performance and analytics: Help us understand how visitors interact with the site. Data is aggregated and anonymized where possible. Examples: Google Analytics.
• Advertising and targeting: Used to deliver relevant ads, limit ad frequency, and measure campaign effectiveness. May involve cross-site tracking. Examples: Google AdSense, DoubleClick.
• Functional: Store your preferences (e.g., language, newsletter banner dismissal) to improve your experience.

10. Children's Privacy (COPPA)

Our website is not directed to children under 13 years of age. In accordance with the Children's Online Privacy Protection Act (COPPA — 15 U.S.C. § 6501), we do not knowingly collect personal information from children under 13 without verifiable parental consent.

If you believe we have inadvertently collected personal information from a child under 13, please contact us immediately at [email protected] and we will promptly delete that information. Parents or guardians who believe their child has provided personal data without consent should contact us.

11. Data Retention

We retain personal data only for as long as necessary for the purposes described in this Policy or as required by applicable law:

• Newsletter subscribers: Retained until unsubscription, plus up to 12 months for audit purposes.
• Comment data: Retained while comments are published; deleted upon request.
• Server logs and technical data: Generally 90 days, unless extended for security investigations.
• Analytics data: Per Google Analytics default settings (up to 26 months, adjustable).
• Legal compliance data: For the period required by applicable law.

12. Information Security

We adopt reasonable technical and organizational measures to protect your personal data against unauthorized access, loss, destruction, alteration, or improper disclosure. These include: HTTPS encryption for all data transmitted to/from our site; access controls limiting internal data access; periodic security practice reviews; use of third-party service providers certified in information security.

No method of internet transmission or electronic storage is 100% secure. We cannot guarantee absolute security. In the event of a security incident posing significant risk to your rights, we will notify affected users and relevant authorities as required by applicable law.

13. Google AdSense and Advertising Partners

We use Google AdSense to display advertisements. Google may use cookies and tracking technologies to serve ads based on your previous visits to our site or other websites.

You may opt out of personalized advertising at adssettings.google.com. For more information, see: policies.google.com/privacy and policies.google.com/technologies/partner-sites.

14. Do Not Track Signals

Some browsers transmit Do Not Track (DNT) signals to websites they visit. Our website does not currently respond to DNT signals in a standardized manner, as no universally recognized mechanism for DNT compliance exists. However, you may use the cookie management options described in Section 9 to limit tracking.

15. International Data Transfers

Our site is accessible to users worldwide. Your data may be transferred to and processed in countries other than your own, including the United States and the British Virgin Islands, where data protection laws may differ from those in your country.

We rely on appropriate safeguards including contractual protections and, where applicable, standard contractual clauses to protect data transferred internationally.

16. Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. When we make material changes: (1) we will update the "Last updated" date at the top of this page; (2) we will post a notice on our website for a reasonable period.

Your continued use of our site after changes are posted constitutes your acceptance of the updated Policy. We recommend reviewing this Policy periodically.

17. Contact Us

To exercise your rights, ask questions, or submit complaints about our data processing practices:

• Email: [email protected]
• Subject line: Privacy Request
• Postal address: Level 1, Palm Grove House, Wickham's Cay 1, Road Town, Tortola VG1110