Data Protection & Privacy Policy

Version 1.0 — Last Updated: 18-11-2025

ChainGuard is designed as a non-custodial security and identity platform, but some data must be collected to operate the service, comply with tax laws, and meet AML expectations.

This document explains what data we collect, how we process it, and what rights users have under global privacy regulations such as GDPR, UK GDPR, PDPA, UAE Federal DP Law, and similar frameworks.

1. Data We Collect
2. How ChainGuard Uses This Data
3. Legal Basis (GDPR / UK GDPR)
4. Data Retention
5. Data Transfers
6. User Rights (GDPR / UK GDPR / PDPA)
7. Sub-Processors
8. Data Minimization
9. Data Sharing with Authorities
10. Contact
Related Documentation

1. Data We Collect

1.1 Account Data

Email
Username
Country information (for VAT & compliance)

1.2 Identity Verification Data (Optional / Tier-based)

For advanced or regulated use-cases:

Provided name
ID verification metadata (never stored if using ephemeral KYC)
Country of residence

1.3 Wallet & Device Data

Wallet public keys
Device fingerprint (hashed)
Vault identifiers
Transaction signatures (EIP-712 and similar)

1.4 Technical Data

IP address (for VAT location & anti-abuse)
Browser version
Relayer interaction logs
Security events
Crash logs

2. How ChainGuard Uses This Data

To operate the platform

Identity binding, wallet binding, vault access, gasless transactions.

To meet legal obligations

VAT calculations
Tax record-keeping
AML expectations
Invoice requirements

To prevent fraud or abuse

Device/wallet mismatch detection
Suspicious transaction patterns
Preventing multi-account evasion

To improve the product

Bug detection, analytics, stability improvements.

3. Legal Basis (GDPR / UK GDPR)

Depending on the feature:

Contract Performance

Wallet binding
Vault operations
Account creation
Subscription and payments

Legitimate Interest

Security logging
Anti-fraud
Service improvement

Legal Obligation

Tax records
VAT invoices
AML audits

Consent

Cookies (where applicable)
Optional marketing communications

4. Data Retention

Data Type	Retention
Billing & tax records	6–7 years (legal requirement)
KYC data (if used)	Stored by KYC provider, not by ChainGuard
Wallet & device binding metadata	As long as the account exists
Logs	6–36 months
Analytics	14–730 days depending on tool

We never retain unnecessary or excessive data.

5. Data Transfers

ChainGuard may store data in:

UK
EU
US (via cloud infrastructure)

Where transfers are required, we use:

SCCs (EU Standard Contractual Clauses)
Equivalent safeguards for other regions

6. User Rights (GDPR / UK GDPR / PDPA)

Users may request:

Access
Correction
Deletion (where legally permitted)
Restriction
Data Export (portability)

Requests should be sent to:

Email: privacy@chain-fi.io

7. Sub-Processors

Examples include:

Stripe (payments)
KYC provider (optional tiers)
Cloud hosting provider (infrastructure)
Logging/monitoring tools

All sub-processors undergo risk assessment where applicable.

8. Data Minimization

ChainGuard only collects data strictly required for:

Security
Compliance
Billing
Identity binding
Fraud prevention

No behavioral tracking beyond essential analytics.

9. Data Sharing with Authorities

ChainGuard may share data with law-enforcement agencies, regulators, tax authorities, and other competent bodies where we are legally obliged to do so (e.g., under AML/CTF, sanctions, fraud, or other applicable laws), or where we have a strong legitimate interest in protecting other users, the platform, or third parties.

For detailed information on when and how we cooperate with authorities, what data may be shared, and the legal basis for disclosure, see our KYC & Account Lifecycle page.

10. Contact

Data Protection Lead