Governance & Legal Structure

Version 1.0 — Last Updated: 18-11-2025

This page describes how ChainGuard is organised from a compliance, privacy, and information-security perspective. It explains our key roles, legal entity structure, and how responsibilities are distributed across the organisation.

Table of Contents

• 1. Corporate & Legal Entity
• 2. Governance Model
  • Board & CEO – Dennis Reckermann
  • Security Engineering Lead – Mathias Pellegrin
• 3. Compliance Responsibilities
• 4. Information Security Responsibilities
• 5. Privacy & Data Protection Responsibilities
• 6. Risk Management
• 7. External Audits & Certifications
• 8. Contact
• Related Documentation

---

1. Corporate & Legal Entity

• Operating entity: Chain-Fi Limited ("Chain-Fi"), registered in England & Wales.

• Product brand: ChainGuard – the security and identity product suite operated by Chain-Fi Limited.

• Development team: Chain-Fi Labs – the research and engineering arm responsible for designing and building the ChainGuard products under Chain-Fi Limited.

Legal Details:

• Registration Number: 15507356
• VAT Number: GB461989346
• Registered Office: 128 City Road, London, EC1V 2NX, United Kingdom

Unless otherwise stated, all references to "ChainGuard", "Chain-Fi" or "the Company" in this Compliance Center refer to Chain-Fi Limited, including activities performed by its Chain-Fi Labs team.

ChainGuard provides technology and infrastructure services for digital asset security and identity; it does not hold client funds or operate as a custodial exchange. Our services are designed as a non-custodial security and identity layer that enables compliance for regulated entities and dApps.

2. Governance Model

ChainGuard operates under a governance structure that ensures clear accountability for compliance, privacy, and security across the organisation.

Board & CEO – Dennis Reckermann

• Set overall risk appetite, approve policies, and ensure resources for compliance, security, and privacy.
• Provide executive sponsorship for the compliance programme and DPO function.
• Provide executive oversight and strategic direction for regulatory compliance.

Contact: dennis@chain-fi.io (strategic and partnership inquiries)

Security Engineering Lead – Mathias Pellegrin

• Designs and maintains the security architecture for ChainGuard products.
• Implements technical controls required by security and compliance policies.
• Owns secure development practices and infrastructure security.

Contact: mathias@chain-fi.io

Product & Engineering

• Implement privacy-by-design, secure development, and logging/audit requirements defined by Compliance and Security.
• Execute product features in alignment with compliance and security guidance.

Operations & Support

• Ensure day-to-day adherence to onboarding, monitoring, incident-response, and KYC/AML procedures.
• Maintain operational compliance with established policies and procedures.

3. Roles & Responsibilities (Detailed)

Compliance Officer / MLRO

Responsible for:

• Sanctions monitoring
• Restricted user audits
• AML oversight
• Regulatory updates
• Enterprise partner compliance

Contact: privacy@chain-fi.io

Data Protection Lead (DPL)

Responsible for:

• GDPR & privacy compliance
• Data processing controls
• Sub-processor assessments
• Handling privacy requests

Contact: privacy@chain-fi.io

Security Engineering Lead

Responsible for:

• Vault infrastructure
• Encryption
• Access controls
• Log integrity

Contact: mathias@chain-fi.io

5. Record Retention Policy

6. Audit Logs & Operational Traceability

ChainGuard automatically logs:

• Vault interactions
• Wallet binding
• Device verification
• Relayer transactions
• Gasless operations
• Subscription events
• API usage

Logs are:

• Immutable
• Timestamped
• Tied to identity + wallet
• Stored securely
• Accessible for audits

7. Access Controls

• Production access limited to authorized personnel
• Principle of least privilege
• MFA required
• Annual access reviews
• Role-based permissions

8. Key Policies & Documentation

Public summaries of important policies:

• Data Protection & Privacy – Summary of GDPR approach, DPIAs, RoPA, vendor checks
• VAT & AML – Tax and billing compliance, AML overview
• Sanctions & Restricted Use – Summary of how sanctions screening is handled
• Governance, Oversight & Record-Keeping – Retention principles and auditability (this page)
• Security Framework – High-level description of security controls and frameworks
• Project Architecture – Technical documentation and system architecture

9. Oversight & Review

These documents are reviewed annually or when:

• Regulations change
• New services are added
• New jurisdictions added

10. Forward-Looking Statements

If ChainGuard introduces:

• Custody features
• On/off-ramping
• Asset management
• Regulated financial activities

→ Additional licensing may become required.

This will be handled under a separate regulated entity.

11. ISO 27001 Requirements

Yes — and here is the quick breakdown:

So yes — these 3 documents help significantly with ISO certification.

Combined with:

• Security policies
• Access control policies
• Incident response
• Development standards

12. Versioning & Change Log

Related Documentation

• Data Protection - Privacy and GDPR compliance
• VAT & AML - Tax and billing compliance
• Sanctions - Restricted use and OFAC compliance
• Global Compliance Overview - Overall compliance framework
• Project Architecture - Technical documentation and system architecture

---

Next: Review Sanctions & Restrictions or explore jurisdiction-specific compliance.