Privacy Policy
Last updated: December 2025
1. Information We Collect
Paid Reports
When you purchase a Governance Truth Report, we collect:
- Your email address (for report delivery)
- DAO identifier (Snapshot space ID for analysis)
- Payment information (processed securely by Stripe)
Free Governance Health Checks
When you request a free health check, we collect:
- Email address (required for report delivery)
- DAO identifier (Snapshot space ID)
- Governance score and metrics
- Timestamp of check
- Consent records (report delivery + optional marketing)
Purpose: Report delivery (required) + Quota enforcement (1 free check per month)
Storage: Email addresses are stored in plain text to deliver your report. A SHA-256 hash is also stored for quota tracking. If you opt into marketing emails, your email is added to our marketing list.
Retention: 24 months for quota records. Marketing list retained until unsubscribe.
Two Consent Options:
- Required: Report delivery via email (cannot use service without this)
- Optional: Marketing emails (updates, tips, offers - unsubscribe anytime)
Public Rankings (Optional)
You may opt-in to have your DAO's score displayed on our public leaderboard.
- What's published: DAO name, overall score, ranking position
- What's NOT published: Your email/wallet, detailed metrics, voter identities
- Opt-out: Email hello@chainsights.one anytime to remove your DAO from rankings
- Legal Basis: Consent (explicit opt-in required)
Email Notifications
We collect email addresses from users who opt-in to receive notifications about new DAO rankings.
Legal Basis: Consent (GDPR Article 6(1)(a))
Purpose: Sending weekly email notifications when new DAOs are analyzed and added to our rankings.
Data Stored: Email address, subscription timestamp, confirmation status, unsubscribe status
Retention: Email addresses are retained until you unsubscribe. You can unsubscribe at any time using the link provided in every email.
Email Processor: We use Resend (Ireland) as our email service provider. View their privacy policy at https://resend.com/legal/privacy-policy.
Your Rights:
- Access your data via the privacy request form
- Delete your data (unsubscribe link in emails or privacy request form)
- Export your data via privacy request form
2. Legal Basis for Processing
| Processing Activity | Legal Basis |
|---|---|
| Report generation | Performance of contract (Art. 6(1)(b)) |
| Payment processing | Performance of contract (Art. 6(1)(b)) |
| Email communication | Performance of contract (Art. 6(1)(b)) |
| Free health checks (report delivery) | Performance of contract (Art. 6(1)(b)) |
| Free health checks (quota enforcement) | Legitimate interest (Art. 6(1)(f)) |
| Marketing emails (opt-in) | Consent (Art. 6(1)(a)) |
| Public rankings (opt-in) | Consent (Art. 6(1)(a)) |
| Rankings Watch email notifications (opt-in) | Consent (Art. 6(1)(a)) |
| Service improvement | Legitimate interest (Art. 6(1)(f)) |
3. Data Sharing
We share your data with the following service providers:
| Provider | Purpose | Location | Safeguards |
|---|---|---|---|
| Stripe | Payment processing | USA | SCCs |
| Neon | Database hosting | Germany (EU) | GDPR |
| Resend | Email delivery | Ireland (EU) | GDPR |
| Anthropic | AI analysis | USA | SCCs |
| Vercel | Application hosting | Germany (EU) | GDPR |
All providers have signed Data Processing Agreements and comply with GDPR requirements. SCCs = Standard Contractual Clauses approved by the European Commission.
4. Data Retention
We retain your data for the following periods:
| Data Type | Retention Period | Reason |
|---|---|---|
| Order records | 7 years | Austrian tax/accounting requirements |
| Report data | 1 year after delivery | Service warranty and support |
| Email address | Until deletion requested | Service delivery and communication |
After these periods, data is automatically deleted unless required for legal obligations.
5. International Data Transfers
Your data may be transferred to service providers in the United States. These transfers are protected by Standard Contractual Clauses (SCCs) approved by the European Commission, ensuring your data receives equivalent protection outside the EU.
6. Your Rights
Under GDPR, you have the following rights:
- Access: Request a copy of your personal data
- Rectification: Correct inaccurate data
- Erasure: Request deletion of your data (“right to be forgotten”)
- Portability: Receive your data in a machine-readable format
- Objection: Object to processing based on legitimate interests
- Restriction: Request limited processing in certain circumstances
To exercise any of these rights, contact us at hello@chainsights.one. We will respond within 30 days.
If you believe your rights have been violated, you may lodge a complaint with the Austrian Data Protection Authority (Datenschutzbehörde) at dsb.gv.at.
7. Data Security
We use industry-standard security measures to protect your information, including TLS encryption for all data in transit and encrypted database storage. Payment processing is handled entirely by Stripe (PCI-DSS compliant) and we never store your payment card details.
8. Analytics
We use Vercel Analytics, a privacy-first analytics service, to understand how visitors use our website. Vercel Analytics:
- Does not use cookies
- Does not collect personal information
- Does not track users across websites
- Is fully GDPR compliant without consent requirements
We collect anonymous usage data such as page views, referrers, and device types to improve our service. This data cannot be used to identify individual users.
9. Contact
For privacy-related questions or to exercise your rights, contact us at: