WalletDNA Privacy Policy
Last Updated: May 10, 2026
Summary
WalletDNA is a blockchain analytics platform operated by WalletDNA, Inc., a California corporation. This policy explains what data we collect, what we do with it, who we share it with, and what rights you have.
In plain terms:
- We collect the data you give us when you sign up (name, email, payment info via Stripe) and the data we generate as you use the platform (the wallet addresses you look up, reports you generate, logs of your activity).
- We do not sell your personal information and do not use it for advertising.
- We do not act as a data processor for any user. We are the sole controller of all data on the platform.
- You may submit only public blockchain addresses for analysis — not personal data about third parties, customer lists, or KYC records.
- You have rights to access, correct, delete, and port your data, plus jurisdiction-specific rights described below.
- We send email through Resend. We process payments through Stripe. We host on Vercel. AI summaries are generated using Anthropic's Claude API. We do not store any third-party credentials.
- WalletDNA is not available in the European Economic Area, the United Kingdom, Switzerland, or jurisdictions subject to comprehensive U.S. sanctions. See Section 2.1 for details.
If you're in California or another jurisdiction with specific privacy rights, scroll to the section for your region.
1. Who We Are
WalletDNA, Inc. (“WalletDNA,” “we,” “us,” or “our”) operates the WalletDNA platform at walletdna.com (the “Platform”). We are a California corporation.
For privacy questions, please use our Contact Us form.
2. Scope of This Policy
This policy describes our practices regarding personal data we collect when you visit walletdna.com, create an account, or use the Platform. It does not cover third-party websites or services linked from the Platform.
This policy applies to two distinct categories of data:
- Data we collect about you as a user of the Platform (your account information, your usage of the service, your communications with us).
- Data we process about wallet owners — that is, the people or entities behind the blockchain addresses analyzed through the Platform. See Section 11 for the notice directed to them.
2.1 Geographic Availability
WalletDNA is currently available to users in the United States, Canada, and selected other jurisdictions. The Platform is not available to users located in, ordinarily resident in, or accessing from:
- The European Economic Area (the 27 EU member states plus Norway, Iceland, and Liechtenstein)
- The United Kingdom, including its Crown Dependencies and Overseas Territories
- Switzerland
- Cuba, Iran, North Korea, Syria, and the Ukrainian regions of Crimea, Donetsk, Luhansk, and Zaporizhzhia (per U.S. sanctions)
- Any other jurisdiction where WalletDNA does not offer service
We use IP-based geolocation to enforce these restrictions at signup and on an ongoing basis. We may suspend or terminate accounts that we determine are accessing the Platform from a restricted region, including via VPN, proxy, or other circumvention technologies.
This policy does not apply to residents of restricted regions, because we do not offer the Platform to them. If you believe you have created an account in error from a restricted region, contact us via our Contact Us form so we can delete your data.
3. Information We Collect
3.1 Information you provide
| Category | Examples | Purpose |
|---|---|---|
| Account data | Name, email address, password (hashed), account preferences | Create and maintain your account; authenticate you |
| Payment data | Cardholder name, billing address, payment card details — collected and processed by Stripe, not by us | Process subscription payments |
| Communications data | Submissions through our Contact Us form, LinkedIn correspondence | Respond to inquiries; improve service |
| Custom Sender Domain data | Domain name you wish to send from; DNS verification records | Enable branded email alerts |
| Sanctions and geo-screening data | Country detected at signup; results of OFAC SDN list screening at signup and on an ongoing basis | Compliance with U.S. sanctions laws and enforcement of geographic availability |
We do not collect or store SMTP credentials, passwords for third-party email servers, or any data used to access systems we do not operate.
3.2 Information we generate as you use the Platform
| Category | Examples | Purpose |
|---|---|---|
| Query data | Wallet addresses you look up; search history; reports generated | Provide the Platform's core service |
| Usage logs | Features used, pages viewed, timestamps, session duration | Operate, secure, and improve the Platform |
| Technical data | IP address, browser type, operating system, device identifiers, language preference, time zone | Operate the Platform; detect fraud and abuse; enforce geographic and sanctions controls |
| Security logs | Login events, failed login attempts, IP geo-blocking events, SDN screening events | Detect unauthorized access; demonstrate sanctions compliance |
| Email engagement data | Delivery status, open events, click events on alerts (via Resend) | Confirm delivery; troubleshoot email issues |
3.3 Information you submit for analysis
You may submit blockchain addresses to the Platform for analysis. The Platform restricts uploads to public blockchain addresses (and optional non-personal labels). You may not submit:
- Names, email addresses, phone numbers, or other identifiers of natural persons
- Customer lists, KYC records, or any data you process on behalf of others
- Transaction histories tied to identified individuals
- Any data subject to a confidentiality or data-protection obligation owed by you to a third party
Where a wallet address can be linked to a natural person, it may constitute personal data of that wallet owner under applicable law. We process such data as a controller; see Section 11.
3.4 Analytics and cookies
We use Vercel Web Analytics to understand how the Platform is used. Vercel Analytics is privacy-preserving: it does not use cookies, does not store IP addresses (it hashes them in transit and discards the hash), and does not track users across sessions or websites. Because we use no advertising cookies, no cross-context behavioral tracking, and no analytics that require consent, we do not display a cookie consent banner.
We use strictly necessary cookies for session management, authentication, and security. These cannot be disabled if you wish to use the Platform.
We honor Global Privacy Control (GPC) signals from your browser. If your browser transmits a GPC signal, we treat it as a valid opt-out of any sale or sharing of your personal information — though we do not sell or share personal information in any case.
4. How We Use Your Information
We use personal data for the following purposes:
- Provide, operate, and maintain the Platform
- Process payments via Stripe
- Authenticate users and protect account security
- Detect, prevent, and respond to fraud, abuse, and security incidents
- Comply with U.S. sanctions laws (geo-blocking, SDN screening, ongoing monitoring)
- Enforce the geographic availability restrictions in Section 2.1
- Send transactional emails (alerts, notifications, account communications)
- Respond to support inquiries
- Improve the Platform
- Comply with legal obligations (tax, accounting, regulatory, law enforcement)
- Defend our legal rights and respond to claims
We do not use your personal data to train third-party AI models. Where we use AI to generate summaries, see Section 6.
We do not sell your personal information and do not share it for cross-context behavioral advertising. We do not send marketing emails.
5. How We Share Your Information
5.1 Service providers
| Provider | Purpose | Data shared | Location |
|---|---|---|---|
| Stripe, Inc. | Payment processing | Name, billing address, payment card details | United States |
| Resend, Inc. | Transactional email delivery | Recipient email address, name, message content | United States |
| Vercel Inc. | Cloud hosting, edge compute, content delivery, web analytics | All Platform data; hashed IP for analytics | United States (with global edge network) |
| Anthropic, PBC | AI-generated analytical summaries (Claude API) | Wallet addresses and aggregated analytical data submitted for summarization (no user account data) | United States |
| Sanctions screening provider | OFAC SDN list and other sanctions list screening; ongoing rescreening | Name, email | Per provider's disclosed location |
All service providers are bound by data processing agreements requiring them to process personal data only on our instructions for the specified purposes and to apply appropriate security measures. WalletDNA remains the controller of all data; service providers act as our processors.
Anthropic's data handling. Wallet addresses and analytical data submitted to Anthropic's Claude API are not used to train Anthropic's models and are retained by Anthropic only as needed to provide the service and detect abuse (typically up to 30 days). We do not send user account information, names, email addresses, or payment data to Anthropic.
5.2 Legal disclosures
We may disclose personal data when we believe in good faith that disclosure is necessary to:
- Comply with applicable law, legal process, or governmental request (including subpoenas, court orders, and lawful requests from regulators)
- Enforce our Terms of Use
- Protect the rights, property, or safety of WalletDNA, our users, or the public
- Detect, prevent, or address fraud, security, or technical issues
- Comply with U.S. sanctions laws
Where legally permitted, we will notify you of legal requests for your data before responding. For law enforcement requests, please use our Contact Us form.
5.3 Business transfers
If WalletDNA is involved in a merger, acquisition, financing, or sale of assets, personal data may be transferred as part of that transaction. We will notify you of any such transfer and any choices you may have.
5.4 With your consent
We share personal data with third parties when you direct us to do so.
6. Artificial Intelligence and Automated Processing
The Platform uses artificial intelligence to generate analytical summaries, risk scores, and entity labels. Specifically:
- Wallet addresses you submit for analysis may be processed by Anthropic's Claude API to generate natural-language summaries
- No account data, billing data, or directly identifying user information is sent to AI providers
- Anthropic processes data solely on our instructions, does not use it to train its models, and retains it only as needed to provide the service and detect abuse (typically up to 30 days)
- AI-generated outputs are probabilistic inferences, not factual determinations
We do not use AI to make decisions producing legal or similarly significant effects about you without human involvement. Our outputs about wallet owners are informational only.
7. Data Location
WalletDNA is based in California, United States. Our service providers are primarily located in the United States, and your personal data is stored and processed in the United States. By using the Platform, you understand that your data will be processed in the United States.
We do not currently accept users from the European Economic Area, the United Kingdom, or Switzerland. See Section 2.1 for details on geographic availability.
8. How Long We Retain Your Data
| Data category | Retention period |
|---|---|
| Account data (active accounts) | For as long as your account is active |
| Account data (after account deletion) | 12 months, then deleted, except where longer retention is required for legal compliance |
| Query data and usage logs | 24 months from collection |
| Saved reports | Until you delete them, or 12 months after account deletion |
| Payment records | 7 years (tax and accounting requirements) |
| Sanctions screening logs (geo-blocking, SDN screening) | 7 years (OFAC compliance) |
| Security logs | 24 months |
| Email engagement data | 24 months |
| Communications via Contact Us form | 3 years from last interaction |
We may retain data for longer periods where required by law, where necessary to defend or pursue legal claims, or where data has been fully anonymized.
9. How We Protect Your Data
We implement technical and organizational measures to protect personal data, including:
- Encryption in transit (TLS 1.2 or higher) for all data transmitted to and from the Platform
- Encryption at rest for data stored in our databases
- Access controls limiting personal data access to personnel who need it for their role
- Regular security reviews of our infrastructure and code
- Logging and monitoring of access to sensitive data
- Vendor security reviews for service providers handling personal data
- Incident response procedures, including breach notification where required by law
No system is perfectly secure. If we become aware of a personal data breach affecting your information, we will notify you and applicable regulators as required by law. To report a security concern, please use our Contact Us form.
10. Your Privacy Rights
Depending on your location, you have the following rights regarding personal data we hold about you:
- Access — request a copy of the personal data we hold about you
- Correction — request correction of inaccurate or incomplete data
- Deletion — request deletion of your personal data, subject to legal exceptions
- Portability — receive your personal data in a structured, commonly used, machine-readable format
- Opt out — opt out of any sale or sharing of personal information (we do not sell or share, but you may submit a request anyway)
- Non-discrimination — exercise your rights without facing discrimination
- Withdraw consent — where processing is based on consent, withdraw it at any time
To exercise these rights, please use our Contact Us form. We respond within 45 days, with one possible 45-day extension where permitted by law. We may need to verify your identity before responding. There is no fee for exercising these rights unless requests are manifestly unfounded or excessive.
11. Information for Wallet Owners and Data Subjects
This section is directed to individuals whose blockchain addresses are analyzed through the Platform but who are not themselves WalletDNA users.
11.1 What we do
WalletDNA analyzes publicly observable blockchain data — including wallet addresses, transactions, and on-chain activity — to produce analytical outputs such as entity labels, cluster assignments, and risk scores. Where this data can be linked, alone or in combination with other information, to an identifiable natural person, it may constitute personal data under applicable law, and you may be a data subject with rights.
11.2 Why we have not contacted you directly
Because blockchain addresses are pseudonymous and we typically have no means of contacting the wallet owner directly, we provide notice through this public policy rather than individually.
11.3 Your rights
If you believe we hold or process data about you, you may request:
- Access to the data we hold about you
- Correction of inaccurate analytical outputs
- Deletion or erasure of data we hold about you
- That we stop processing data about you
To exercise these rights, please use our Contact Us form. Because we identify data subjects by wallet address, we will typically ask you to demonstrate control of the relevant address (for example, by signing a message with the corresponding private key) before responding. This is to protect you from impersonation by someone else claiming to act on your behalf.
11.4 What happens when you object
If you object to our processing of data about you, we will assess your request and cease processing unless we can demonstrate compelling legitimate grounds — such as fraud prevention, anti-money-laundering analysis, or the establishment or defense of legal claims — that override your interests. Where we continue processing after an objection, we will explain our reasoning in writing.
12. For California Residents
This section provides additional disclosures required by the California Consumer Privacy Act (“CCPA”), as amended by the California Privacy Rights Act (“CPRA”).
12.1 Categories of personal information we collect
In the past 12 months, we have collected the following categories of personal information (as defined under Cal. Civ. Code § 1798.140):
| Category | Collected? | Source |
|---|---|---|
| Identifiers (name, email, IP address, account ID) | Yes | From you |
| Customer records (payment information) | Yes | From you, via Stripe |
| Commercial information (subscription history) | Yes | From you |
| Internet or other electronic activity (browsing, usage logs) | Yes | From your use of the Platform |
| Geolocation data (approximate, from IP) | Yes | From your use of the Platform |
| Inferences (analytical outputs about wallet owners) | Yes | Generated by us |
| Sensitive personal information | No | — |
12.2 Purposes for collection
We collect personal information for the purposes described in Section 4.
12.3 Categories we disclose
We disclose personal information to service providers and processors for business purposes only, as described in Section 5. We do not sell personal information. We do not share personal information for cross-context behavioral advertising.
12.4 Your rights as a California resident
You have the right to:
- Know what personal information we collect, use, and disclose
- Delete personal information we have collected, subject to exceptions
- Correct inaccurate personal information
- Opt out of sale or sharing of personal information (we do not sell or share, but you may submit a request anyway)
- Limit use of sensitive personal information (we do not use sensitive personal information beyond permitted business purposes)
- Non-discrimination for exercising your rights
To exercise these rights, please use our Contact Us form. We will respond within 45 days, with one possible 45-day extension.
We honor Global Privacy Control (GPC) signals as opt-out requests for sale and sharing.
12.5 Authorized agents
You may designate an authorized agent to make a request on your behalf. We will require written proof of the agent's authority and may verify your identity directly.
12.6 “Do Not Sell or Share My Personal Information”
We do not sell or share personal information as those terms are defined under the CCPA. You may confirm this preference at any time via our Contact Us form.
You may complain to the California Privacy Protection Agency if you believe your rights have been violated.
13. For Residents of Other U.S. States
If you are a resident of Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, or another U.S. state with a comprehensive consumer privacy law, you have rights similar to those described in Section 12, including the rights to access, correct, delete, and opt out of the sale or targeted advertising use of your personal information. We do not sell personal information or use it for targeted advertising.
To exercise these rights, please use our Contact Us form.
14. Children
The Platform is not directed to children under 18, and we do not knowingly collect personal information from children under 13 (or under 16 in jurisdictions where a higher age applies). If we learn that we have collected personal information from a child without verifiable parental consent, we will delete it promptly. If you believe we may have collected such information, contact us via our Contact Us form.
15. Communications
We send transactional emails — including account confirmations, wallet alerts, security notifications, and billing communications — as part of providing the Platform. You cannot opt out of essential transactional emails while maintaining an account.
We do not currently send marketing emails. If we begin doing so in the future, we will obtain consent where required by law and provide an unsubscribe option in every marketing email.
16. Third-Party Links
The Platform may contain links to third-party websites or services. We are not responsible for the privacy practices of those third parties. Review their privacy policies before providing any personal information.
17. Changes to This Policy
We may update this policy from time to time. The “Last Updated” date at the top reflects the most recent change. For material changes, we will provide at least 30 days' advance notice by email or prominent notice on the Platform before the changes take effect.
18. Contact Us
For all privacy questions, requests, and complaints, please use our Contact Us form.