BTC-USD $65,894.77 +0.20% ETH-USD $1,772.00 -0.49% SOL-USD $73.60 +0.49% XRP-USD $1.21 -0.45% ADA-USD $0.17 -1.73%
The Coin Daily

The Coin Daily

Privacy Policy

Last updated: 9 June 2026.

This privacy policy explains what information The Coin Daily collects from visitors to this website and how that information is used.

Who we are

The Coin Daily is a publication operated by Novaframe AI Limited (“we”, “us”, “the Publisher”). Reader contact details are on the contact page.

What we collect

When you visit this website, we may collect:

  • Standard server logs — your IP address, the pages you requested, the referring URL, your browser type and version, and the date and time of your request. This is collected automatically by our hosting provider (CloudFront / S3) for security and performance purposes.

  • Analytics data (only if you consent) — we use Google Analytics 4 to understand which articles readers engage with, how they reach the site, and how far they watch our embedded videos. If you accept, Google sets cookies (_ga, _ga_<property-id>) and receives a record of your visit including page URL, referrer, approximate country/region, device type, video playback events (start, 25%, 50%, 75%, complete), and a randomly generated client identifier. We have IP anonymisation enabled. We do not link analytics data to your name, email, or any other personal information we hold. Note: even before you click Accept, Google’s tag may receive a small number of anonymous, aggregated pings under Google’s “Consent Mode v2” — these contain no cookies, no client identifier, and no personal data; they exist solely to allow Google to estimate the conversion rate of our ads in aggregate. If you click Reject, only those anonymous pings continue; no full tracking starts.

  • Advertising data (only if you consent) — we run paid advertising campaigns on Meta (Facebook and Instagram), Google Ads (Search, Display, and YouTube), and X (Twitter). To measure the effectiveness of those ads and to show relevant ads to readers who have previously visited the site, we install three advertising pixels: Meta Pixel, Google Ads remarketing tag, and X Pixel. The same consent banner gates all three. If you accept, each platform sets its own cookies (e.g. _fbp from Meta, IDE from Google, personalization_id from X) and receives a record of your visit including page URL, referrer, approximate country/region, and a randomly generated identifier. None of these pixels receive your name, email, or other personal data we hold. You can opt out of personalised advertising directly with each platform — see Meta’s Ad Preferences, Google’s Ad Settings, and X’s Personalisation settings.

  • Contact form submissions — when you submit the contact form, the message and any details you provide are sent via our form provider (Formspree) to a private inbox we control.
  • Newsletter subscriptions — if you subscribe to our daily newsletter, the following are stored on infrastructure we operate directly (Listmonk subscriber management, with AWS Simple Email Service handling delivery): your email address; the timestamp of your subscription; the IP address you submitted the form from and the IP address you confirmed the double-opt-in email from (both retained as proof of consent under UK GDPR / EU GDPR Article 7); the timestamp of your confirmation click; and any subsequent delivery, bounce, or complaint events that AWS Simple Email Service reports back to us. We do not collect names or any other profile information at signup.

  • MCP account & access (if you sign up) — our MCP service at mcp.thecoindaily.co has two sign-in paths. Either way, signing up also adds your email to our “MCP Users” list — operational notices about the service (new tools, breaking changes), which is distinct from the daily newsletter:

    • Connector sign-in (OAuth) — when you add the connector in Claude, ChatGPT, or another client, you create a free account managed by Amazon Cognito (an AWS service we operate). Cognito stores your email address and a securely-hashed password; we never see your raw password. Your account carries a service tier (currently “free”).
    • Direct API key — alternatively you can request a static API key. We store the email you provided, a one-way hash of the key (never the raw key), and creation/last-used timestamps. This path uses the same double-opt-in email confirmation as the newsletter; without confirmation, no key is issued.

    Subscribing to the daily newsletter is a separate, explicit opt-in — creating an MCP account or key does not subscribe you to it. (Some legacy signups via the old form included a pre-ticked newsletter box; that is no longer the case.) - MCP request logs — for each tool call made using your MCP account or API key, we log: a reference to your account/key (never the key itself), the originating IP address, the name of the tool called, the HTTP status code returned, response latency in milliseconds, and the timestamp. We do not log the content of any conversation between you and your AI assistant — we only see the structured tool call from the agent, which contains only the parameters required for the tool (e.g. a ticker symbol). We use these logs to operate the service, enforce rate limits, detect abuse, and produce aggregate usage statistics. Logs are retained for 90 days.

We do not require website readers to register an account, and we do not have a paywall, so we do not collect names, addresses, or payment information from readers.

How we use it

We use the information above to:

  • Operate, secure, and improve the website.
  • Respond to messages submitted through the contact form.
  • Deliver the daily newsletter to subscribers who have opted in.
  • Operate the MCP service, enforce rate limits, detect abuse, and produce aggregate usage statistics.
  • Comply with legal obligations.

We do not sell visitor data. We do not use newsletter subscriber data to retarget advertising.

Newsletter — opt-in and unsubscribe

Newsletter subscriptions are double-opt-in: after submitting your email, you must click a confirmation link in a verification email before any newsletters are sent. You can unsubscribe at any time using the one-click unsubscribe link at the bottom of every email, or by replying with the word “unsubscribe”. Unsubscribing removes your email from our list within 24 hours.

Newsletter delivery is handled directly by us using AWS Simple Email Service (SES) for outbound email and Listmonk for subscriber and campaign management. Both run on infrastructure under our direct control. The lawful basis for processing your subscription data under UK GDPR / EU GDPR is your consent (Article 6(1)(a)), which you give by submitting the subscribe form and confirming via the double-opt-in email. The IP addresses captured at submit and at confirmation are retained for the duration of your subscription as proof of consent under Article 7(1); they are not used for any other purpose. When you unsubscribe, your subscription record (including the IP addresses and delivery events) is removed within 24 hours. See AWS’s GDPR overview for SES’s data-processing terms.

MCP service

The Coin Daily MCP is a free programmatic interface that exposes our editorial market intelligence to AI assistants and agents (Claude, ChatGPT, and other MCP-compatible clients). It does not require a paid subscription.

What flows through us, and what does not. When you use an AI assistant that calls our MCP, the assistant client sends structured tool calls to our service — these contain only the parameters needed to execute the call (typically a ticker symbol or entity name). The full content of your conversation with the AI assistant does not flow through us. Anthropic, OpenAI, or your other MCP client receive your conversation; we receive only the resulting tool calls.

Lawful basis. Your consent (Article 6(1)(a)) covers creating your MCP account or API key (and any separate newsletter opt-in). Our legitimate interest (Article 6(1)(f)) covers the request logging used for security, rate-limit enforcement, and abuse detection — necessary to operate the service safely for all users, and limited to what’s needed for those purposes.

Your rights. You can delete your account at any time from mcp.thecoindaily.co/account — a full erasure: your Amazon Cognito account is deleted, your stored records are anonymised, your “MCP Users” (and newsletter, if subscribed) membership is removed from Listmonk, and any API keys are revoked. You can also revoke an API key or request request-log deletion via the contact form; revocation takes effect immediately, and request-log deletion is processed within 30 days.

Retention.

  • Account records (email + securely-hashed password, in Amazon Cognito): until you delete your account.
  • API key records: until you revoke the key, or we revoke it for inactivity (no use for 12 months) or abuse.
  • “MCP Users” list membership: until you delete your account or unsubscribe.
  • Request logs: 90 days.
  • Newsletter subscription: until you unsubscribe (see Newsletter section above).

Processors. Your MCP account is managed by Amazon Cognito; account and service emails are delivered by AWS Simple Email Service and managed in Listmonk — all on AWS / self-hosted infrastructure under our direct control (see AWS’s GDPR overview).

Third parties. Your AI assistant (Claude, ChatGPT, or another MCP client) is a separate data controller for the conversation you have with it — see their privacy policies. We do not share your account or API-key data with these companies; the data flow is one-way (their client calls our API).

Tag Manager and server-side tagging

All of the analytics and advertising tags listed above are loaded and orchestrated by Google Tag Manager (GTM). The GTM container script is loaded from a subdomain of this site, gtm.thecoindaily.co, rather than directly from googletagmanager.com. This is Google’s “server-side tagging” feature: a small server we run on Google Cloud relays the request to Google on your browser’s behalf, so the network request appears as a first-party load.

This does not change what is collected, who it goes to, or your ability to opt out — all of that is still controlled by the consent banner described in the sections above. What it does change is that some browser anti-tracking heuristics (which restrict third-party network requests more aggressively than first-party ones) treat the request differently. We have IP anonymisation enabled at the server.

Cookies

This website does not set cookies for advertising or cross-site tracking. The only cookies set by this site are analytics cookies, and only if you have consented:

  • Google Analytics (consent-based) — if you accept on the consent banner, Google sets _ga (used to distinguish unique visitors, expires after 2 years) and _ga_<property-id> (used to persist session state, expires after 2 years). The lawful basis under UK GDPR / EU GDPR is your consent (Article 6(1)(a)). See Google’s privacy policy and the Google Analytics opt-out browser add-on.
  • Meta Pixel (consent-based) — if you accept on the consent banner, Meta sets _fbp (used by Meta to identify browsers, expires after 90 days). Used to measure our Facebook and Instagram ad campaigns and to build remarketing audiences. Lawful basis: consent (Article 6(1)(a)). See Meta’s privacy policy.
  • Google Ads remarketing (consent-based) — if you accept on the consent banner, Google sets cookies on .google.com and .doubleclick.net (IDE, test_cookie, expires up to 13 months) used to measure our Google Ads campaigns and build remarketing audiences. Lawful basis: consent (Article 6(1)(a)).
  • X (Twitter) Pixel (consent-based) — if you accept on the consent banner, X sets cookies on .x.com (personalization_id, muc_ads, expires up to 2 years) used to measure our X ad campaigns. Lawful basis: consent (Article 6(1)(a)). See X’s privacy policy.
  • You can withdraw consent at any time by clearing site data for this domain in your browser — that removes all cookies and re-shows the consent banner on your next visit.
  • Embedded YouTube videos may set cookies under YouTube’s own privacy policy when you interact with the player. See Google’s privacy policy for details.

Your rights

If you are in the UK or the EU, you have rights under UK GDPR / EU GDPR including the right to access, correct, or delete personal data we hold about you, and the right to object to processing. To exercise these rights, use the contact form and we will respond within the time limits set by applicable law.

Changes to this policy

We will update this policy as our practices change. The “Last updated” date at the top reflects the most recent change.