Privacy Policy

Effective Date: 18-11-2025
Last Updated: 18-11-2025
Version: 2.0

1. Who We Are

Chain-Fi Ltd
128 City Road
London EC1V 2NX
United Kingdom

Company Registration: England & Wales

Data Controller: Chain-Fi Ltd is the controller for personal data processed through both Chain-Fi (product platform at chain-fi.io) and Chain-Fi Labs (professional services at chain-fi.com).

Contacts:

EU Representative: [To be appointed if required under GDPR Article 27]

2. Scope of This Policy

This Privacy Policy applies to:

  • Chain-Fi Platform (chain-fi.io): Decentralized asset management solutions, ChainGuard identity system, OAuth services, and Chain-Fi Registry
  • Chain-Fi Labs (chain-fi.com): Professional services, custom development, consulting, and enterprise solutions

This policy covers both decentralized operations (where minimal personal data is collected) and centralized enterprise services (which may include additional data collection for security and compliance purposes).

3. What We Collect and Why

3.1 Chain-Fi Platform (Product)

Decentralized Solutions

Data Collected:

  • Ecosystem Transaction Logs: Public blockchain transaction data stored on our servers to improve frontend user experience
  • No Personally Identifiable Information (PII): All transactions are conducted on-chain, ensuring transparency without compromising user privacy

Purpose:

  • Improve frontend user experience
  • Provide transaction history and analytics
  • Enhance service reliability

Legal Basis: Legitimate Interest (GDPR Article 6(1)(f))

Chain-Fi Registry (Account Creation)

Data Collected:

  • Email address (for account identification and communication)
  • First and last name (for account personalization)
  • Encrypted authentication credentials
  • ChainGuard wallet address (linked through QR authentication)
  • Account preferences and settings
  • Membership tier and usage statistics
  • Country information (for VAT & compliance)

Purpose:

  • Account creation and management
  • Service delivery and support
  • Compliance with tax and regulatory requirements
  • Security and fraud prevention

Legal Basis: Contract Performance (GDPR Article 6(1)(b)), Legal Obligation (GDPR Article 6(1)(c))

Enterprise Solutions

Data Collected:

  • Wallet addresses
  • Transaction metadata
  • IP addresses (for fraud detection)
  • Device fingerprints (hashed)
  • Security event logs

Purpose:

  • Enhancing server-side security
  • Auditing for compliance purposes
  • Fraud detection and prevention
  • Improving service reliability

Legal Basis: Legitimate Interest (GDPR Article 6(1)(f)), Legal Obligation (GDPR Article 6(1)(c))

Optional Identity Verification (Tier-based)

Data Collected:

  • Provided name
  • ID verification metadata (processed by third-party KYC provider, not stored by Chain-Fi if using ephemeral KYC)
  • Country of residence

Purpose:

  • Compliance with AML/KYC requirements for advanced tiers
  • Regulatory compliance

Legal Basis: Legal Obligation (GDPR Article 6(1)(c))

3.2 Chain-Fi Labs (Services)

Data Collected:

  • Contact information (name, email, phone, company)
  • Project and engagement data
  • Communications and correspondence
  • Billing and payment information
  • Website analytics (where applicable)

Purpose:

  • Delivering professional services
  • Project administration and management
  • Contract fulfillment
  • Client support and communication
  • Website analytics and improvement

Legal Basis: Contract Performance (GDPR Article 6(1)(b)), Legitimate Interest (GDPR Article 6(1)(f))

3.3 Data Collection Summary Table

PurposeData CategoriesLegal BasisRetention
Account Creation & ManagementEmail, name, credentials, wallet addressContract (6(1)(b))Life of account + 7 years (tax)
Service DeliveryTransaction logs, usage data, preferencesContract (6(1)(b))Life of account
Security & Fraud PreventionIP addresses, device fingerprints, security logsLegitimate Interest (6(1)(f))6-36 months
Tax & ComplianceBilling records, country information, KYC dataLegal Obligation (6(1)(c))6-7 years (legal requirement)
Service ImprovementAnalytics, crash logs, performance dataLegitimate Interest (6(1)(f))14-730 days
Marketing CommunicationsEmail, preferencesConsent (6(1)(a))Until withdrawal of consent
Professional Services (Labs)Contact info, project data, communicationsContract (6(1)(b))Duration of engagement + 7 years

4. Data Sources

We collect personal data from:

  • Directly from you: When you create an account, use our services, or contact us
  • From your use of our services: Transaction data, usage patterns, device information
  • From third parties: KYC providers (where applicable), payment processors, analytics services (with appropriate safeguards)

5. How We Use Your Data

5.1 Chain-Fi Platform

Decentralized Solutions:

  • No personal data is collected or stored
  • All interactions are governed by smart contracts on the blockchain
  • Ecosystem transaction logs are used solely to improve the frontend user experience

Enterprise Solutions:

  • Data collected is used solely for:
    • Enhancing server-side security
    • Auditing for compliance purposes
    • Fraud detection and prevention
    • Improving service reliability

Chain-Fi Registry:

  • Account management and authentication
  • Service delivery and support
  • Compliance with legal obligations
  • Security and fraud prevention

5.2 Chain-Fi Labs

  • Project delivery and management
  • Client communication and support
  • Contract administration
  • Billing and invoicing
  • Service improvement

5.3 Data Sharing

We do not sell or share user data with third parties except:

  • Service Providers (Processors): Cloud hosting, payment processing, analytics, KYC providers, email services (all under strict contractual safeguards)
  • Legal Requirements: When required by law, regulatory authorities, or court orders
  • Trusted Partners: Professional advisors, auditors, or security consultants under strict confidentiality agreements

All processors are subject to appropriate safeguards and data processing agreements.

6. International Transfers

We may transfer personal data outside the UK/EEA to:

  • United States: Cloud infrastructure providers
  • Other jurisdictions: Service providers and partners

Safeguards:

Where transfers are required, we implement appropriate safeguards:

  • EU Standard Contractual Clauses (SCCs) for transfers from the EU
  • UK International Data Transfer Agreement (IDTA) or UK Addendum for transfers from the UK
  • Adequacy decisions where available (e.g., UK adequacy regulations)

Copies of the relevant safeguards or information on how to obtain them are available on request at privacy@chain-fi.io.

7. Cookies and Similar Technologies

7.1 Essential Cookies

Essential cookies are necessary for the website to function and operate on the legal basis of legitimate interests or contract performance. These include:

  • Session management
  • Security and authentication
  • Fraud prevention

7.2 Non-Essential Cookies

Non-essential cookies (analytics, functionality, advertising) require your prior, opt-in consent. You can manage your cookie preferences at any time through the Cookie Preferences link in the footer.

For detailed information about cookies, please see our Cookie Policy.

7.3 Local Storage

For all users, we store the following information in your browser's localStorage after you accept this privacy policy:

  • Privacy policy acceptance status and version
  • Last connected wallet information, including:
    • Wallet account address
    • Provider details (UUID, wallet name, wallet icon, and RDNS identifier)

This information is stored locally on your device to enable features like automatic wallet reconnection and to remember your privacy preferences. You can clear this data at any time through your browser settings.

8. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes outlined in this policy, unless a longer retention period is required by law.

Data TypeRetention PeriodReason
Account DataLife of account + 7 yearsTax and legal obligations
Billing & Tax Records6-7 yearsLegal requirement (UK/EU tax law)
KYC DataAs per KYC provider policyRegulatory compliance
Wallet & Device BindingLife of accountService delivery
Security Logs6-36 monthsSecurity and fraud prevention
Analytics Data14-730 daysService improvement
Marketing DataUntil withdrawal of consentConsent-based
Professional Services DataDuration of engagement + 7 yearsContract and legal obligations

We never retain unnecessary or excessive data.

9. Your Rights

Under GDPR, UK GDPR, and other applicable data protection laws, you have the following rights:

9.1 Right to Access (Article 15)

You can request details of any data we have collected about you. We will provide:

  • A copy of your personal data
  • Information about how we use your data
  • Response within one month (may be extended by two months for complex requests)

How to exercise: Contact privacy@chain-fi.io

9.2 Right to Rectification (Article 16)

You can request corrections to inaccurate or incomplete data.

How to exercise: Update your profile in the OAuth Portal or contact privacy@chain-fi.io

9.3 Right to Erasure (Article 17)

You can request deletion of your data where:

  • The data is no longer necessary for the original purpose
  • You withdraw consent (where consent was the legal basis)
  • You object to processing and there are no overriding legitimate interests

Note: We may retain certain data where required by law (e.g., tax records for 6-7 years).

How to exercise: Contact privacy@chain-fi.io

9.4 Right to Restriction (Article 18)

You can request that we restrict processing of your data in certain circumstances.

How to exercise: Contact privacy@chain-fi.io

9.5 Right to Data Portability (Article 20)

You can request your data in a structured, machine-readable format (JSON/CSV).

How to exercise: Export your data via the OAuth Portal or contact privacy@chain-fi.io

9.6 Right to Object (Article 21)

You can object to processing based on legitimate interests. We will stop processing unless we can demonstrate compelling legitimate grounds.

How to exercise: Contact privacy@chain-fi.io or use unsubscribe links in marketing communications

9.7 Right to Withdraw Consent

Where processing is based on consent, you can withdraw consent at any time.

How to exercise: Update preferences in your account or contact privacy@chain-fi.io

9.8 Exercising Your Rights

To exercise any of these rights:

  1. Email: privacy@chain-fi.io
  2. Identity Verification: We may request proof of identity to protect your data
  3. Response Time: We will respond within one month (may be extended by two months for complex requests)
  4. No Fee: Requests are generally free, unless requests are manifestly unfounded or excessive

10. Complaints

If you have concerns about how we handle your personal data, you have the right to lodge a complaint with a supervisory authority:

UK:

  • Information Commissioner's Office (ICO)
  • Website: https://ico.org.uk
  • Phone: 0303 123 1113

EU:

We would appreciate the opportunity to address your concerns directly first. Please contact privacy@chain-fi.io before lodging a complaint.

11. Automated Decision-Making

We do not use automated decision-making or profiling that produces legal effects or significantly affects you.

12. Data Security

We implement comprehensive technical and organizational measures to protect your personal data:

12.1 Technical Measures

  • Encryption at Rest: AES-256 encryption for databases, file storage, and key management
  • Encryption in Transit: TLS 1.3+ for all HTTP/HTTPS communications, mTLS for service-to-service
  • Key Management: Hashicorp Vault with Hardware Security Module (HSM) protection
  • Zero-Knowledge Architecture: Chain-Fi Secure Storage (CFSS) ensures only you can decrypt your personal information
  • Network Security: DDoS protection, WAF, network segmentation, firewalls
  • Access Controls: Role-Based Access Control (RBAC), multi-factor authentication, least privilege principles

12.2 Organizational Measures

  • ISO/IEC 27001 Compliance: Working toward certification to demonstrate commitment to information security
  • Regular Security Audits: Internal and external security assessments
  • Staff Training: Data protection and security awareness training
  • Incident Response: 72-hour breach notification procedures
  • Data Protection Impact Assessments: Conducted for new features and processing activities

12.3 Chain-Fi Secure Storage (CFSS)

User registration data is stored securely using CFSS with:

  • Enterprise-grade encryption protected by Hardware Security Modules (HSM)
  • Zero-knowledge architecture ensuring only you can access your encrypted data
  • Cryptographic keys managed through Chain-Fi Security Module (CSM) with HSM protection
  • ISO/IEC 27001-compliant measures and strict access controls

13. Children's Privacy

Our services are not intended for individuals under 18 years of age. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact privacy@chain-fi.io immediately.

14. Changes to This Privacy Policy

We may update this policy periodically to reflect changes in our practices, services, or regulatory requirements. We will notify you of significant changes via:

  • Email (for registered users)
  • Platform announcements
  • Updated "Last Updated" date at the top of this policy

Continued use of our services after changes constitutes acceptance of the updated policy.

15. Contact Us

For questions, concerns, or to exercise your rights regarding this Privacy Policy:

Email: privacy@chain-fi.io
Address: Chain-Fi Ltd, 128 City Road, London EC1V 2NX, United Kingdom

Related Documentation

By using Chain-Fi's services, you acknowledge that you have read and understood this Privacy Policy.

ChevronLeft iconDocumentationCompliance CenterChevronRight icon
Privacy Policy | ChainGuard Compliance Center | ChainGuard