Privacy Policy

1. Data We Collect

When you use ChainEvidence, we collect the information necessary to perform blockchain investigations and deliver reports. This includes Bitcoin (BTC) and Ethereum (ETH) addresses and transaction hashes you submit, your email address for account and notification purposes, domain names and IP addresses discovered during the investigation process, payment information processed securely through Stripe (we do not store your full card details on our servers), and your billing country (provided to Stripe at checkout) which we use solely to include jurisdiction-specific reporting guidance in your report.

2. How We Use Your Data

We use the data we collect to perform blockchain tracing and generate investigation reports, to send you notifications about your investigation status and report availability, and to improve the accuracy, reliability, and functionality of our service. We do not sell your personal data to third parties.

3. Third-Party Services

To deliver comprehensive investigation reports, we integrate with the following third-party services:

• Stripe — Stripe — Processes all payments securely. Stripe receives your payment details (card number, billing address) and is subject to its own privacy policy.
• TxShield API — TxShield API — Provides blockchain analysis data used to trace transactions, identify wallet clusters, and map the flow of funds across the Bitcoin network.
• Threat Intelligence — Threat Intelligence — Scans domains and URLs associated with investigated addresses against multiple security databases to detect known malicious activity, phishing campaigns, or scam infrastructure.
• WHOIS Lookup — WhoisXML — Retrieves domain registration records (WHOIS data) for websites linked to investigated entities, providing ownership and registration details.
• IP Geolocation — ipinfo — Provides geolocation and network information for IP addresses discovered during investigations, helping to establish geographic context.

Each third-party service receives only the data necessary to fulfil its specific function. We encourage you to review their respective privacy policies.

4. Data Retention

We retain your data only as long as necessary. Specific retention periods are:

• Investigation data (addresses, reports, metadata): 12 months from creation, then permanently deleted via automated cleanup
• Payment records and invoices: retained as required by German tax law (§ 147 AO), typically 10 years
• Email addresses: deleted together with the associated investigation data after 12 months
• Server access logs: 30 days, anonymized IP addresses

You can request early deletion of your investigation data at any time by contacting support@chainevidence.net. We will process deletion requests within 30 days, subject to legal retention requirements.

5. Automated Processing

ChainEvidence uses automated systems, including machine learning and algorithmic analysis, to process blockchain data, assess risk scores, and generate investigation reports. These automated processes analyze on-chain transaction patterns, wallet behaviors, and publicly available data to produce findings and risk assessments. No automated decision made by our service has legal or similarly significant effects on you — all reports are informational tools intended to support your own decision-making. You may contact us at any time to request information about the logic involved in our automated processing.

6. Legal Basis for Processing

If you are located in the European Economic Area (EEA), we process your personal data on the following legal bases under Article 6 of the GDPR:

• Contract performance (Art. 6(1)(b)) — processing necessary to deliver the investigation reports you purchase.
• Legitimate interest (Art. 6(1)(f)) — processing necessary to improve our services, ensure security, and prevent fraud.
• Legal obligation (Art. 6(1)(c)) — processing necessary to comply with tax, accounting, and other legal requirements.
• Consent (Art. 6(1)(a)) — where you have given explicit consent, such as for optional communications. You may withdraw consent at any time without affecting the lawfulness of processing carried out before withdrawal.

7. Your Rights under GDPR (EU/EEA)

If you are located in the European Economic Area, you have the following rights under the General Data Protection Regulation:

• Right of access (Art. 15) — You may request a copy of the personal data we hold about you.
• Right to rectification (Art. 16) — You may request correction of inaccurate or incomplete personal data.
• Right to erasure (Art. 17) — You may request deletion of your personal data, subject to legal retention requirements.
• Right to restriction of processing (Art. 18) — You may request that we limit how we use your data in certain circumstances.
• Right to data portability (Art. 20) — You may request your personal data in a structured, commonly used, machine-readable format.
• Right to object (Art. 21) — You may object to processing based on legitimate interest at any time.
• Right regarding automated decision-making (Art. 22) — Our automated analysis does not produce decisions with legal or similarly significant effects. You may request human review of any automated findings.
• Right to lodge a complaint — You have the right to file a complaint with a data protection supervisory authority in your country of residence.

To exercise any of these rights, contact us at support@chainevidence.net. We will respond within 30 days.

8. Your Rights under CCPA (California)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA):

• Right to know — You may request disclosure of the categories and specific pieces of personal information we have collected about you, the sources, the business purposes, and the categories of third parties with whom we share it.
• Right to delete — You may request deletion of the personal information we have collected, subject to certain legal exceptions.
• Right to opt-out of sale — ChainEvidence does not sell your personal information to third parties. No opt-out action is required.
• Right to non-discrimination — We will not discriminate against you for exercising your CCPA rights.

Categories of personal information collected: identifiers (email address), financial information (payment data via Stripe), internet activity (blockchain addresses and transaction hashes you submit), and geolocation data (IP-based, anonymized after 30 days).

To exercise your rights, contact us at support@chainevidence.net. We will verify your identity and respond within 45 days.

9. International Data Transfers

Your data may be processed in countries outside your country of residence, including the United States and countries within the European Economic Area. When we transfer personal data internationally, we ensure appropriate safeguards are in place, including standard contractual clauses approved by the European Commission where required. Third-party service providers (such as Stripe and blockchain analytics APIs) may also process data in their respective jurisdictions, subject to their own data protection policies.

10. Cookies

ChainEvidence uses minimal, session-based cookies that are strictly necessary for the operation of the service. These cookies maintain your session state while you use the platform and do not track you across other websites. We do not use advertising cookies or third-party tracking scripts.

11. Contact Information

If you have any questions or concerns about this Privacy Policy or how we handle your data, please contact us at support@chainevidence.net.