Privacy Policy
Last updated: December 2025
1. Information We Collect
When you purchase a Governance Truth Report, we collect:
- Your email address (for report delivery)
- DAO identifier (Snapshot space ID for analysis)
- Payment information (processed securely by Stripe)
2. Legal Basis for Processing
| Processing Activity | Legal Basis |
|---|---|
| Report generation | Performance of contract (Art. 6(1)(b)) |
| Payment processing | Performance of contract (Art. 6(1)(b)) |
| Email communication | Performance of contract (Art. 6(1)(b)) |
| Service improvement | Legitimate interest (Art. 6(1)(f)) |
3. Data Sharing
We share your data with the following service providers:
| Provider | Purpose | Location | Safeguards |
|---|---|---|---|
| Stripe | Payment processing | USA | SCCs |
| Neon | Database hosting | USA | SCCs |
| Resend | Email delivery | USA | SCCs |
| Anthropic | AI analysis | USA | SCCs |
| Vercel | Application hosting | USA | SCCs |
All providers have signed Data Processing Agreements and comply with GDPR requirements. SCCs = Standard Contractual Clauses approved by the European Commission.
4. Data Retention
We retain your data for the following periods:
| Data Type | Retention Period | Reason |
|---|---|---|
| Order records | 7 years | Austrian tax/accounting requirements |
| Report data | 1 year after delivery | Service warranty and support |
| Email address | Until deletion requested | Service delivery and communication |
After these periods, data is automatically deleted unless required for legal obligations.
5. International Data Transfers
Your data may be transferred to service providers in the United States. These transfers are protected by Standard Contractual Clauses (SCCs) approved by the European Commission, ensuring your data receives equivalent protection outside the EU.
6. Your Rights
Under GDPR, you have the following rights:
- Access: Request a copy of your personal data
- Rectification: Correct inaccurate data
- Erasure: Request deletion of your data (“right to be forgotten”)
- Portability: Receive your data in a machine-readable format
- Objection: Object to processing based on legitimate interests
- Restriction: Request limited processing in certain circumstances
To exercise any of these rights, contact us at hello@chainsights.one. We will respond within 30 days.
If you believe your rights have been violated, you may lodge a complaint with the Austrian Data Protection Authority (Datenschutzbehörde) at dsb.gv.at.
7. Data Security
We use industry-standard security measures to protect your information, including TLS encryption for all data in transit and encrypted database storage. Payment processing is handled entirely by Stripe (PCI-DSS compliant) and we never store your payment card details.
8. Contact
For privacy-related questions or to exercise your rights, contact us at: