Privacy Policy

This Privacy Policy explains how CryptoGuard ("we", "us", "our") collects, uses, stores, shares, and protects your personal information when you access or use our wallet risk analysis Service, including our website, APIs, and related services.

We are committed to protecting your privacy and handling your data responsibly and transparently. This policy applies to all users of the Service regardless of location, with additional rights granted to users in the EEA, UK, and other jurisdictions with specific data protection legislation.

By using the Service, you acknowledge that you have read and understood this Privacy Policy. If you have questions, contact us at support@cryptoguard.services.

We collect the following categories of information:

Account and Registration Data:

• Email address — used to identify your account, send transactional emails, and provide support
• Password — stored as a secure cryptographic hash; we never store plain-text passwords
• Subscription plan and billing tier

Service Usage Data:

• Wallet addresses you submit for scanning — processed to return risk results and, if monitoring is enabled, for automated rescanning
• Scan history: wallet address, blockchain network (chain ID), risk score, risk level, flags, and scan timestamp
• Monitored wallets: addresses, monitoring preferences, last checked timestamp, and alert history
• API usage metrics: request count, endpoint accessed, response codes, and rate limit status

Support and Communications Data:

• Support ticket content: subject lines, message body, and any attachments you submit
• Email correspondence with our support team
• Auto-reply logs associated with your tickets

Technical and Automatically Collected Data:

• IP address and approximate geographic location
• Browser type, version, and operating system
• Pages visited, features used, and time spent
• Session identifiers and authentication tokens (stored in your browser's local storage)
• Error logs and crash reports

Billing Data:

• Stripe customer ID associated with your account
• Subscription status, plan history, and billing cycle dates
• Payment method type (e.g. "Visa ending 4242") — we do not store full card numbers, CVVs, or expiry dates; these are managed entirely by Stripe

We use the information we collect for the following purposes:

• To provide and operate the Service: process wallet scans, return risk reports, manage your account, and deliver subscription features
• To send monitoring alerts: when a monitored wallet's risk score changes significantly, we email you the updated score, risk level, and flags
• To send transactional communications: account registration confirmations, support ticket receipts, automated replies, billing receipts, and subscription change notifications
• To process payments: create and manage Stripe subscriptions, handle upgrades and downgrades, and process refund requests
• To provide support: respond to your tickets, investigate reported issues, and improve the Service based on feedback
• To ensure security and prevent abuse: detect, investigate, and prevent fraudulent activity, unauthorised access, policy violations, and technical attacks
• To maintain and improve the Service: analyse usage patterns, diagnose technical issues, test new features, and optimise performance
• To comply with legal obligations: retain records as required by applicable law, respond to valid legal process, and cooperate with regulatory authorities

We do not use your data for advertising, profiling for commercial purposes unrelated to the Service, or selling to third parties.

We do not sell, rent, or trade your personal data. We share data only in the following limited circumstances:

Service providers and sub-processors who assist in operating the Service, bound by appropriate data processing agreements:

• Stripe, Inc. — payment processing and subscription management. Stripe processes your payment information under their own Privacy Policy.
• Resend — transactional email delivery (scan alerts, support replies, billing notifications). Email content is transmitted to deliver it to you.
• GoPlus Security — wallet addresses you scan are sent to GoPlus's API to retrieve threat intelligence data. GoPlus processes these addresses under their own terms.
• Public blockchain APIs (Etherscan, Blockstream, Solana RPC, Tronscan, Blockchair, etc.) — wallet addresses are queried against these public APIs to retrieve on-chain data.
• Hosting and infrastructure providers — cloud hosting, databases, and CDN services used to operate the platform.

Legal and regulatory disclosures: We may disclose your information when required by law, court order, subpoena, or regulatory directive, or when we believe in good faith that disclosure is necessary to protect our rights, prevent fraud, or protect the safety of our users or the public.

Business transfers: In the event of a merger, acquisition, asset sale, or restructuring, your data may be transferred as part of that transaction. We will notify you before your personal data is transferred and becomes subject to a different privacy policy.

We do not share your data with advertisers, data brokers, or any third party for marketing or commercial purposes.

We retain your personal data for as long as necessary to provide the Service and fulfil the purposes described in this policy, subject to the following:

• Account data: retained for the duration of your account and for up to 90 days after account deletion, to allow for dispute resolution and error correction
• Scan history and risk reports: retained for the duration of your account; deleted within 90 days of account deletion unless retention is required by law
• Support tickets and communications: retained for up to 3 years for quality assurance and legal purposes
• Billing records: retained for up to 7 years as required by financial record-keeping obligations in most jurisdictions
• Security and access logs: retained for up to 12 months for fraud prevention and security incident investigation

You may request earlier deletion of your data by contacting support@cryptoguard.services, subject to our legal obligations to retain certain records.

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include:

• Passwords stored using secure one-way cryptographic hashing (bcrypt)
• Authentication via time-limited JSON Web Tokens (JWT)
• HTTPS/TLS encryption for all data in transit
• Access controls limiting data access to authorised personnel only
• Regular dependency updates and security patch management
• Payment data handled entirely by Stripe's PCI DSS-certified infrastructure

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your data, we cannot guarantee absolute security. In the event of a data breach that is likely to result in a high risk to your rights and freedoms, we will notify you and relevant supervisory authorities as required by applicable law.

You are responsible for keeping your account credentials secure and for using the Service over secure network connections.

We use browser local storage (not traditional cookies) to store the following data client-side:

• Authentication token (cg_token): a JWT used to authenticate your API requests. Stored in localStorage and never transmitted to third parties.
• Email address (cg_email): stored locally to display your email in the user interface.

We do not use tracking cookies, advertising cookies, third-party analytics cookies, or any form of cross-site tracking.

We do not use Google Analytics, Facebook Pixel, or similar third-party tracking services.

You can clear local storage data at any time via your browser's developer tools or privacy settings, which will sign you out of the Service.

The Service is not directed to, and we do not knowingly collect personal data from, individuals under the age of 18.

If you are a parent or guardian and believe we have inadvertently collected information from a child under 18, please contact us immediately at support@cryptoguard.services and we will take prompt steps to delete such information.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

For material changes that affect your rights or our data processing practices, we will provide at least 14 days' notice by email to your registered address or via a prominent in-Service notification prior to the changes taking effect.

The "Last updated" date at the top of this page indicates when the policy was most recently revised. We encourage you to review this policy periodically.

Your continued use of the Service after the effective date of any revised policy constitutes your acceptance of the changes.

If you have questions about this Privacy Policy, wish to exercise your data rights, or have concerns about how we handle your data, please contact us:

• Email: support@cryptoguard.services
• Subject line for data requests: "Privacy Request — [Type of Request]"
• Support portal: Use the Support page within your account dashboard

For GDPR/UK GDPR data subject requests, please include your full name, account email address, and a clear description of the right you wish to exercise. We may need to verify your identity before processing your request.

We aim to respond to all privacy enquiries within 5 business days and to fulfil verified data subject requests within 30 days.