Data Privacy

BlockchainAnalysis.io is committed to protecting user privacy and handling data responsibly. This page outlines our data collection practices, retention policies, GDPR compliance measures, and your rights as a user.

BlockchainAnalysis.io does not store personally identifiable information (PII) on any blockchain. All user account data and screening results are stored in encrypted, access-controlled databases in EU-based data centers.

What Data We Collect

Account Information

When you create a BlockchainAnalysis.io account, we collect:

  • Email address — Used for authentication, notifications, and support.
  • Name and organization — Used for account identification and invoicing.
  • Payment information — Processed and stored by our payment provider (Stripe). We do not store credit card numbers.
  • IP address and login metadata — Used for security monitoring and fraud prevention.

Screening and Analysis Data

When you use the platform to screen wallets or generate reports, we process and store:

  • Wallet addresses submitted — The blockchain addresses you screen are logged for audit trail purposes and to generate reports.
  • Screening results — Risk scores, entity matches, transaction analysis outputs, and generated reports.
  • API request logs — Timestamps, endpoints called, and response metadata for API usage tracking and debugging.

Telegram Bot Data

When you interact with the @AMLScreeningBot on Telegram:

  • Telegram user ID — Used to associate your bot session with your credit balance.
  • Addresses submitted via bot — Stored in the same manner as platform screenings.
  • Command history — Logged for support and debugging purposes.

Wallet addresses are public blockchain data and are not classified as personal data in most jurisdictions. However, BlockchainAnalysis.io treats all user-submitted addresses as confidential and does not share individual screening queries with third parties.

What We Do Not Collect

  • Private keys or seed phrases — Never requested, never stored.
  • Exchange account credentials — CEX tax report data is imported via CSV upload; we do not connect to exchange accounts.
  • On-chain PII — No personally identifiable information is written to any blockchain by our platform.
  • Browsing history — We do not track your activity outside of the BlockchainAnalysis.io platform.

GDPR Compliance

BlockchainAnalysis.io complies with the General Data Protection Regulation (GDPR) (EU Regulation 2016/679). Our GDPR compliance measures include:

Lawful Basis for Processing

We process personal data under the following lawful bases:

  • Contractual necessity — Processing required to deliver the services you have subscribed to (screening, reports, monitoring).
  • Legitimate interest — Security monitoring, fraud prevention, and platform improvement.
  • Consent — Marketing communications are sent only with your explicit opt-in consent.

Data Protection Officer

BlockchainAnalysis.io has appointed a Data Protection Officer (DPO) who can be reached at privacy@blockchainanalysis.io for any GDPR-related inquiries.

Data Processing Agreements

Where BlockchainAnalysis.io engages sub-processors (cloud infrastructure, payment processing, email delivery), Data Processing Agreements (DPAs) are in place to ensure GDPR-compliant handling of personal data.

Data Retention

| Data Category | Retention Period | Justification | |---|---|---| | Account information | Duration of account + 2 years after deletion | Contractual and legal obligations | | Screening results and reports | 5 years from generation date | Regulatory record-keeping requirements (6AMLD, BSA) | | API request logs | 12 months | Operational monitoring and debugging | | Telegram bot interaction logs | 12 months | Support and debugging | | Payment records | 7 years | Tax and accounting obligations | | Marketing consent records | Duration of consent + 1 year | GDPR accountability |

The 5-year retention period for screening results aligns with anti-money laundering record-keeping requirements under EU 6AMLD and US BSA/FinCEN regulations. Regulated users may require this data for audits and regulatory inspections.

Your Rights

Under GDPR and applicable data protection laws, you have the following rights:

  • Right of Access — Request a copy of all personal data we hold about you.
  • Right to Rectification — Request correction of inaccurate or incomplete personal data.
  • Right to Erasure — Request deletion of your personal data, subject to legal retention obligations.
  • Right to Restriction — Request that we limit how we process your data.
  • Right to Data Portability — Receive your data in a structured, machine-readable format.
  • Right to Object — Object to processing based on legitimate interest or for direct marketing.
  • Right to Withdraw Consent — Withdraw consent for marketing communications at any time.

To exercise any of these rights, contact privacy@blockchainanalysis.io. We will respond within 30 days as required by GDPR.

Erasure requests are subject to legal retention obligations. If regulatory record-keeping requirements mandate that we retain certain screening data (e.g., for AML compliance), we will inform you of the applicable retention period and the legal basis for continued storage.

Data Security

BlockchainAnalysis.io implements the following security measures to protect your data:

  • Encryption at rest — All databases are encrypted using AES-256.
  • Encryption in transit — All API and web traffic uses TLS 1.3.
  • Access controls — Role-based access control (RBAC) with principle of least privilege.
  • Audit logging — All data access is logged and monitored.
  • Infrastructure — Hosted in EU-based data centers with SOC 2 Type II certification.
  • Regular penetration testing — Conducted by independent third-party security firms.

Third-Party Data Sharing

BlockchainAnalysis.io does not sell personal data. We share data with third parties only in the following circumstances:

  • Sub-processors — Cloud infrastructure (hosting), payment processing (Stripe), and email delivery, all under DPAs.
  • Legal obligations — When required by law, court order, or regulatory request.
  • Aggregated analytics — We may publish aggregated, anonymized statistics about blockchain risk trends. These never contain individual user data or specific screening queries.

Contact

For data privacy inquiries, contact:

  • Data Protection Officer — privacy@blockchainanalysis.io
  • General Support — support@blockchainanalysis.io
BlockchainAnalysis.io — Digital Asset Compliance Platform