Privacy Policy
Effective Date: June 2026Data Collection
TrustSniffer processes deterministic, publicly available blockchain data (transaction hashes, wallet addresses, smart contract bytecode) and publicly accessible web content (DNS records, HTTP responses, DOM structure). This data is inherently non-personal.
Our Web Intelligence engine collects and analyzes publicly accessible website content including: rendered HTML/DOM structure, client-side JavaScript, HTTP response headers, SSL/TLS certificates, DNS records (A, MX, NS, TXT), WHOIS registration data, and visual page screenshots. We log URLs submitted for analysis and retain scan artifacts to improve phishing and scam detection models.
We collect limited account information when you register: email address, organization name, and API usage metadata. We do not collect or process personally identifiable information (PII) associated with wallet addresses unless you explicitly provide it. We do not extract or store end-user credentials, form inputs, or private session data from scanned websites.
GDPR & CCPA Compliance
GDPR (EU/EEA)
We process data under the legitimate interest legal basis for blockchain analytics (publicly available data). For account data, processing is based on contractual necessity. You have the right to access, rectify, erase, restrict processing, and data portability. Contact privacy@trustsniffer.com to exercise these rights.
CCPA (California)
We do not sell personal information. California residents may request disclosure of collected data categories and deletion of account data. We respond to verified requests within 45 days.
Data Retention
Analysis artifacts (risk verdicts, scan outputs) are retained for the duration of your subscription plus 90 days. Upon account deletion, all tenant-scoped data is purged within 30 days. Aggregated, anonymized analytics data may be retained indefinitely for service improvement.
Blockchain data indexed from public networks is not subject to deletion requests as it constitutes publicly available information not controlled by TrustSniffer.
Third-Party Subprocessors
We engage the following subprocessors to deliver our services:
| Provider | Purpose | Location |
|---|---|---|
| Hetzner | Infrastructure hosting | EU (Finland, Germany) |
| Cloudflare | CDN, DDoS protection | Global |
| Postmark | Transactional email | US |
| Alchemy / Infura | Blockchain RPC nodes | US, EU |
We maintain Data Processing Agreements (DPAs) with all subprocessors. The current subprocessor list is updated at least annually.
Contact
For privacy inquiries or to exercise your data rights: privacy@trustsniffer.com