ChainTracing
← Home
Legal

Privacy Policy

Last updated: 17 April 2026

Data We CollectHow We Use Your DataThird-Party ServicesCookies & StorageYour RightsData RetentionSecurityChildrenChanges to This PolicyContact & GDPR Enquiries

1. Data We Collect

Account data: Email address when you sign up. We use Supabase Auth — passwords are hashed and never stored in plaintext.

Scanned addresses: Every wallet address you submit is stored to generate your report and to improve our scam database. Addresses are public blockchain data by nature.

IP address: Collected on each request for rate-limiting purposes only. Retained for 30 days then purged.

Payment data: Payments are processed by Plisio. We store the invoice ID, amount, and payment status. We never see or store card numbers, bank details, or crypto private keys.

Usage metadata: Report tier, timestamps, chain selected. No tracking pixels or behavioural profiling.

2. How We Use Your Data

  • Deliver your trace report and PDF
  • Rate-limit abuse and prevent scraping
  • Send transactional emails (report ready, payment confirmed)
  • Improve our scam database (addresses only, never personal data)

We do not sell, rent, or share your personal data with third parties for marketing.

3. Third-Party Services

Supabase — database and authentication (EU/US servers). Data processed under Supabase's DPA.

Plisio — cryptocurrency payment processing. Subject to Plisio's privacy policy.

Upstash — Redis rate-limit counters keyed by hashed IP. No personal data stored beyond the hash.

Blockchain APIs — Etherscan, Solscan, TronGrid, Blockchair. Your queried address is sent to these APIs. These are public blockchain explorers; addresses are already public data.

No advertising networks or analytics SDKs are embedded in this application.

4. Cookies & Storage

We use a single session cookie set by Supabase Auth when you log in. This cookie is HTTP-only, Secure, and SameSite=Lax. It expires when you sign out or after 7 days of inactivity.

No tracking cookies. No third-party ad cookies. No local storage beyond your session token.

5. Your Rights

You may request any of the following at any time by emailing support@chaintracing.app:

  • Access — a copy of all personal data we hold on you
  • Deletion — erasure of your account and associated personal data (GDPR Article 17)
  • Export — your report data in JSON format
  • Correction — update an incorrect email address

We will respond within 30 days. Note: deleting your account does not remove scanned wallet addresses from our scam database where they were submitted as scam evidence.

6. Data Retention

IP addresses: 30 days.

Reports: Retained indefinitely to fulfil your purchased report. You may request deletion after 12 months.

Account data: Retained until you delete your account.

Payment records: Retained for 7 years to meet financial record-keeping obligations.

7. Security

All data is transmitted over TLS 1.2+. Database access uses Supabase Row Level Security policies. Admin access is restricted to a separate admins table. We conduct periodic reviews of access controls.

No system is perfectly secure. In the event of a breach affecting your personal data, we will notify you within 72 hours as required by applicable law.

8. Children

ChainTracing is not directed at children under 13. We do not knowingly collect data from anyone under 13. If you believe we have done so, contact us and we will delete it promptly.

9. Changes to This Policy

We may update this policy. Material changes will be noted by the "Last Updated" date. Continued use after changes are posted constitutes acceptance.

10. Contact & GDPR Enquiries

Email: support@chaintracing.app

For GDPR-specific requests, please include "GDPR Request" in your subject line. We will respond within 30 days.