This policy applies to all visitors and API users of quantchainanalysis.com. We process data under GDPR (EU) 2016/679 and the German Bundesdatenschutzgesetz (BDSG).
QuantChainAnalysis UG (haftungsbeschränkt)
Schorndorfer Straße 5, 70374 Stuttgart, Germany
contact@quantchainanalysis.com
Website visitors: Netlify collects standard server logs (IP address, browser, pages visited, timestamps) for security and performance purposes. We do not use tracking cookies or advertising pixels.
API users: When you register for an API key we collect your email address and organisation name. We store a SHA-256 hash of your API key — never the key in plain text. We log API call timestamps, wallet addresses submitted, and risk scores returned for audit trail purposes.
Payment data: Credit card and payment data is processed exclusively by Stripe, Inc. We never see or store card numbers. Stripe's privacy policy applies: stripe.com/privacy.
Blockchain data: Wallet addresses you submit for analysis are public blockchain data. We do not store personally identifiable information linked to wallet addresses beyond what you voluntarily provide.
Art. 6(1)(b) — Processing necessary for the performance of a contract (API service delivery).
Art. 6(1)(c) — Legal obligation (AML/CFT compliance obligations under 6AMLD, GwG).
Art. 6(1)(f) — Legitimate interests (security, fraud prevention, service improvement).
API registration data: retained for the duration of your account plus 3 years for legal compliance.
Forensic PDF reports and SAR records: retained for 5 years per FATF Recommendation 11.
Server logs: retained for 90 days by Netlify.
Payment records: retained for 10 years per German commercial law (§ 257 HGB).
We share data with the following processors under GDPR Art. 28 agreements:
We do not sell, rent, or trade your personal data to any third parties.
Netlify and Stripe are US-based. Transfers to the USA are made under Standard Contractual Clauses (SCCs) as approved by the European Commission under GDPR Art. 46(2)(c).
You have the right to: access your data · rectification · erasure ("right to be forgotten") · restriction of processing · data portability · object to processing · lodge a complaint with the supervisory authority.
To exercise any right, contact: contact@quantchainanalysis.com
Supervisory authority: Landesbeauftragter für den Datenschutz Baden-Württemberg · www.baden-wuerttemberg.datenschutz.de
This website does not use tracking cookies or advertising cookies. No third-party analytics scripts are loaded. The only browser storage used is session memory for the live analysis tool, which is cleared when you close the browser tab.
The QCA system is designed with a zero-storage biometric architecture. No raw biometric data (fingerprints, face images, voice patterns) is transmitted to or stored by QuantChainAnalysis. The biometric commitment scheme uses one-way cryptographic hashing — the original biometric cannot be reconstructed from the stored hash. GDPR Art. 9 (special category data) obligations are satisfied by design.