LoginGet Started

Privacy Policy

Last updated: February 2026

1. Introduction

BlockchainAnalysis.io ("we", "us", "our") operates a blockchain compliance intelligence platform providing wallet screening, exchange analysis, transaction monitoring, and regulatory compliance services. This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our platform and services. We are registered in the United Kingdom and committed to data protection under the UK Data Protection Act 2018, the UK GDPR, and the EU General Data Protection Regulation (GDPR).

2. Data We Collect

2.1 Account Data. When you register, we collect your email address, name, and company name. This is required to create and manage your account. 2.2 Blockchain Data. Wallet addresses and transaction histories submitted for screening. Note: blockchain addresses are pseudonymous but may constitute personal data under GDPR if they can be linked to an identified individual. 2.3 Exchange Data. CSV files uploaded for exchange account reports. These files are processed server-side for report generation and are not stored permanently after the report is delivered. 2.4 Payment Data. Payment transactions are processed by Stripe (credit cards) or via crypto payment rails (BTC/ETH/USDT). We do not store full credit card numbers. We retain transaction records for accounting and legal compliance. 2.5 Usage Data. Pages visited, features used, timestamps, and general interaction patterns. This data is used for service improvement and is not shared with third parties. 2.6 Communication Data. Messages sent via our contact form, support requests, and email correspondence related to your account and orders.

3. How We Use Your Data

We use your data for the following purposes: • To provide our screening, monitoring, and compliance services as ordered • To generate compliance reports and deliver them to your account • To process payments and manage billing • To communicate about your orders, account status, and service updates • To improve our platform, scoring algorithms, and user experience • To comply with legal obligations, including AML/KYC requirements where applicable • To detect and prevent fraud or misuse of our services

4. Legal Basis for Processing

We process your data on the following legal bases: • Contract performance (Art. 6(1)(b) UK GDPR / EU GDPR) — Processing necessary to provide our services as agreed when you register and place orders. • Legitimate interest (Art. 6(1)(f) UK GDPR / EU GDPR) — Service improvement, security, and fraud prevention. • Legal obligation (Art. 6(1)(c) UK GDPR / EU GDPR) — Compliance with applicable laws, including UK Money Laundering Regulations 2017 and EU AML directives. • Consent (Art. 6(1)(a) UK GDPR / EU GDPR) — Where specifically obtained, such as for optional analytics cookies.

5. Data Storage & Security

Where your data lives. All personal and operational data is stored on infrastructure located in the European Economic Area (EEA). We use no data centers outside the EEA. Account and report data (user accounts, screening metadata, reports) is stored in managed PostgreSQL databases on European cloud infrastructure. User-uploaded files (fund origin documents, KYC documents, compliance documents, invoices, SAR evidence) are stored on Amazon Web Services (AWS) infrastructure in the EEA. Files are: • Encrypted at rest using AES-256 • Protected by bucket versioning to prevent accidental loss • Served only through short-lived presigned URLs (15-minute expiration) — the storage bucket has all public access blocked • Documents subject to legal retention requirements (KYC under UK MLR 2017, AML audit trails under EU AMLD5/6) are stored under Object Lock (WORM — Write Once Read Many) for the statutory retention period Security controls across the platform: • All data in transit is protected by TLS 1.2+ encryption • Access controls and role-based permissions limit data access to authorized personnel only • Audit logging tracks all access to sensitive data • Separate credentials and least-privilege IAM policies for each service • Regular security assessments are conducted to identify and address vulnerabilities

6. Data Sharing

We do NOT sell your personal data. We share data only with the following categories of recipients, and only to the extent necessary: • Payment processors (Stripe) — for credit card transaction processing • Blockchain data providers (Moralis, Etherscan, block explorers) — we submit only public blockchain addresses, no personal data • Sanctions data providers — address screening only, no personal account data • Law enforcement — only if legally compelled by valid legal process We do not share your screening requests, results, or report contents with other customers or third parties.

7. Data Retention

Account data: Retained while your account is active, plus 5 years after closure (UK MLR 2017 record-keeping requirement) • Screening reports: Retained for 5 years from generation (UK Money Laundering Regulations 2017 and EU AMLD5/6 record-keeping obligations) • Uploaded CSV files: Processed for report generation and deleted within 30 days • Usage data: Anonymized after 12 months • Communication data: Retained for 3 years for service quality and dispute resolution

8. International Transfers

Some of our data processors operate outside the United Kingdom and the European Economic Area. Where this is the case, we ensure adequate protection of your data through: • Standard Contractual Clauses (SCCs) approved by the European Commission • The UK International Data Transfer Agreement (IDTA) or UK Addendum to SCCs • Adequacy decisions where applicable • Other appropriate safeguards as required by applicable data protection law The United Kingdom has been recognized by the European Commission as providing an adequate level of data protection under its adequacy decision.

9. Your Rights

Under the UK GDPR, UK Data Protection Act 2018, and EU GDPR, you have the following rights regarding your personal data: • Right of access — Request a copy of your personal data • Right to rectification — Correct inaccurate or incomplete data • Right to erasure — Request deletion of your data (subject to legal retention requirements) • Right to restrict processing — Limit how we use your data in certain circumstances • Right to data portability — Receive your data in a structured, machine-readable format • Right to object — Object to processing based on legitimate interests • Right to withdraw consent — Where processing is based on consent, withdraw at any time You can exercise several of these rights directly from your Account Settings: use "Download My Data" for a portable data export, or "Delete Account" for account erasure. For all other requests, contact us at privacy@blockchainanalysis.io. We will respond within 30 days. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK supervisory authority for data protection: https://ico.org.uk

10. Cookies & Local Storage

We use the minimum cookies necessary to operate the platform and, only with your consent, first-party analytics cookies. We do not use any advertising, marketing, or cross-site tracking cookies, and we do not integrate third-party trackers such as Google Analytics, Meta Pixel, or similar.Strictly necessary cookies (no consent required under Art. 5(3) ePrivacy Directive): "next-auth.session-token" (authentication, expires at session end or 30 days), "next-auth.csrf-token" (CSRF protection, session cookie), "ba_cookie_consent" (stores your cookie preferences, 12 months). All first-party, HttpOnly, Secure where applicable. • Theme preferences (localStorage, not cookies): "ba_theme", "ba-font-size" — your selected theme and font size. No expiration, no tracking. • Analytics (require your consent): "ba_sid" — anonymous session identifier stored in sessionStorage (deleted when you close the tab). Used only by our first-party analytics infrastructure; no data is shared with third parties. • Marketing cookies: Not used. When you first visit our platform, a cookie consent banner allows you to accept analytics cookies, reject non-essential cookies, or manage preferences individually. You can change your preferences at any time from your Account Settings under "Privacy & Data" or by clicking "Cookie Preferences" in the footer.

11. Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or other factors. When we make changes, we will update the "Last updated" date at the top of this page. For significant changes, we will notify you via email or a prominent notice on our platform.

12. Contact

If you have questions about this Privacy Policy or our data practices, contact us at: BlockchainAnalysis.io Aletheia Tech Ltd 128 City Road, London, EC1V 2NX, United Kingdom Email: privacy@blockchainanalysis.io UK Supervisory Authority: Information Commissioner's Office (ICO) Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF https://ico.org.uk