Start Investigation

Choose how you want to start

Pick a victim assessment or a firm workspace.

Secure intake
Data Privacy

Your data.
Handled with care.

We are a platform built for people who have already had trust violated once. We take that context seriously -and it shapes every decision we make about how we collect, use, and protect your information.

GDPR-aware practices
No data selling -ever
Minimal collection only
How your data flows
You
TXID + Case Info
Platform
On-chain query only
Blockchain
Minimal collection We only collect what is strictly necessary to perform your trace and communicate results.
No credentials -ever We will never ask for private keys, seed phrases, wallet passwords, or exchange logins.
Never sold Your data is used only to serve you. It is not sold, rented, or traded to any third party.
Your rights respected You have the right to access, correct, or request deletion of your personal data at any time.
Data We Handle

What We Collect -and What We Don't

We believe you should know exactly what information we handle before you share anything with us. This table is plain and complete.

What we do collect
Transaction hash (TXID)
Why: Primary input for the blockchain trace. Without this we cannot perform the service.
Email address
Why: To deliver your report and communicate about your case. Never used for marketing.
Sending wallet address
Why: Starting point for the trace. This is publicly visible on the blockchain already.
Case description you provide
Why: Context that helps us interpret the trace findings and structure the report.
Payment transaction hash
Why: Required to verify that payment was made before work begins. Never stored long-term.
Standard server logs
Why: IP addresses and access timestamps collected automatically by the server for security. Retained for 30 days.
What we never collect
Private keys or seed phrases
We do not need these. We work only with public blockchain data. Anyone asking for these is attempting fraud.
Wallet passwords or exchange credentials
We never access your wallet or exchange accounts. All our work is read-only, from public data.
Advertising or behavioural profiles
We do not build profiles, track browsing behaviour, or run advertising of any kind.
Government ID or financial records
We are not a regulated financial service. We do not perform KYC checks or store identity documents.
Location data or device fingerprints
We do not use geolocation APIs, browser fingerprinting, or device tracking scripts.
Third-party social logins
We do not offer or require sign-in via Google, Facebook, Apple, or any other social platform.
Data Usage

How Your Data Is Used

We use your data only for the purpose you submitted it. Nothing more.

01

Performing the blockchain trace

Your TXID and wallet address are used as inputs to trace fund movements on the public blockchain. This is the sole purpose of collecting this data.

02

Delivering your report

Your email address is used to send your completed report and to follow up if we have questions about your case. It is not added to any marketing list.

03

Verifying your payment

Your payment TXID is used solely to confirm that a payment was made before we begin work. Once verified, it is not referenced further.

04

Platform security

Standard server logs (IP address, access time) are retained for 30 days to detect abuse, brute-force attempts, and fraudulent submissions. They are not used for any other purpose.

05

Legal compliance

In the event we are subject to a lawful legal order from a competent authority, we may be required to disclose data. We will notify you where legally permitted to do so.

What we never do

We never sell, share, rent, or otherwise transfer your data to advertisers, data brokers, analytics companies, or any third party for commercial purposes.

Retention

How Long We Keep Your Data

We do not keep data longer than necessary. Once your case is closed and your report delivered, case data is retained only for the period required by our legal obligations and then deleted.

If you request deletion of your data at any point, we will action that request promptly -see your rights below.

Note: Blockchain transaction data (your TXID and associated public wallet addresses) is permanently and publicly recorded on the blockchain -that is its nature. Our deletion of your data from our systems does not remove anything from the blockchain itself.

Data type Retention period
Case submission data 90 days after delivery
Email address 90 days after delivery
Payment TXID 30 days (verification only)
Server access logs 30 days (security)
Delivered reports As required by law
Data on deletion request Deleted within 30 days
Your Rights

Rights You Hold Over Your Data

Regardless of where you are in the world, we recognise and honour these fundamental data rights.

Right of Access

You can request a copy of all personal data we hold about you. We will provide it in a readable format within 30 days.

Right to Rectification

If data we hold about you is inaccurate or incomplete, you can request that we correct or complete it.

Right to Erasure

You can request deletion of your personal data. We will action this within 30 days, subject to any legal retention obligations.

Right to Object

You can object to how we process your data. Where your objection is valid, we will cease the relevant processing.

Right to Restrict Processing

In certain circumstances you can request that we limit how we use your data while a dispute or review is in progress.

Right to Portability

You can request your data in a structured, machine-readable format so that it can be transferred to another service.

To exercise any of these rights, email us at privacy@chaintracelabs.com. We will respond within 30 days. You also have the right to lodge a complaint with your national data protection authority if you believe your rights have not been respected.

Cookies & Tracking

No Tracking. No Ad Cookies.

We use only technically essential cookies required for the platform to function. We do not use advertising cookies, third-party trackers, analytics platforms that profile users, or pixel tracking of any kind.

We do not use Google Analytics, Facebook Pixel, Hotjar, Intercom, or any similar third-party tool that collects data on your browsing behaviour.

Third Parties

Who We Do (and Don't) Share Data With

Never shared

Advertisers & marketing companies

We have no advertising relationships. Your data is never shared with or sold to any advertiser, marketing platform, or data broker -under any circumstances.

Never shared

Other crypto platforms or exchanges

We do not share your case data with exchanges, trading platforms, or other cryptocurrency services except as required by a lawful legal order.

Only if legally required

Law enforcement & legal authorities

If compelled by a valid, lawful legal order from a competent authority in an applicable jurisdiction, we may be required to disclose data. We will notify you where permitted by law.

Never shared

AI training or research datasets

Your case data, descriptions of your incident, and communications with us are never used to train AI models or included in any research dataset.

Security

How We Protect Your Data

We apply reasonable technical and organisational measures to protect data from unauthorised access, loss, or disclosure. These include encrypted transmission (HTTPS), access controls, and regular review of data handling practices.

No internet-based system can guarantee absolute security. If we become aware of a breach that affects your personal data, we will notify you in accordance with applicable law.

HTTPS encryption in transit All data transmitted between your browser and our server is encrypted via TLS.
Access controls Case data is accessible only to authorised team members on a need-to-know basis.
Data minimisation We collect only the minimum necessary and delete data when its retention period expires.
No third-party trackers No analytics, ad networks, or tracking scripts that could expose your data to third parties.
Questions & Requests

Get in Touch About Your Data

To exercise any of your data rights, ask a question about how your information is handled, or raise a concern -contact us directly. We respond to all privacy-related enquiries within 30 days.