Last Updated: February 2025 | Version: v2.0
Data Collection Scope
Data We Collect
ChainStream only collects data necessary to provide our services: Account Data| Data Type | Collection Purpose | Necessity |
|---|---|---|
| Email address | Account identification, notifications | Required |
| Password hash | Account security | Required |
| Company name | Enterprise customer identification | Optional |
| Payment info | Billing processing | Required for paid users |
| Data Type | Collection Purpose | Retention Period |
|---|---|---|
| API call records | Billing, performance optimization | 90 days |
| Error logs | Troubleshooting | 30 days |
| Feature usage stats | Product improvement | Long-term after anonymization |
| Data Type | Collection Purpose |
|---|---|
| IP address | Security protection, geographic routing |
| Device info | Compatibility optimization |
| Browser type | Interface adaptation |
Data We Don’t Collect
- Private keys or seed phrases — Our service architecture is designed without access to user private keys
- On-chain asset details — We only provide query capabilities, we don’t store asset information
- Real identity information — No KYC required, no real identity association
- Associated identity of queried addresses — Query requests are decoupled from identity
Cookies and Tracking Technologies
Cookie Usage
| Cookie Type | Purpose | Can Be Disabled |
|---|---|---|
| Essential Cookies | Session management, security | No |
| Functional Cookies | User preference settings | Yes |
| Analytics Cookies | Service improvement | Yes |
Cookie Management
Users can manage cookies through browser settings.Disabling essential cookies may prevent the service from functioning properly.
Data Processing Principles
Minimization Principle
We only collect and process the minimum data necessary for business operations.Purpose Limitation
Data is only used for the following purposes:- Providing and improving services
- Billing
- Security protection
- Customer support
Transparency Principle
- Clear disclosure of data usage
- Advance notification of significant changes
- Provision of data access channels
Data Storage and Protection
Storage Locations
| Data Type | Storage Location | Backup Location |
|---|---|---|
| Primary data | AWS Singapore | AWS Tokyo |
| Log data | AWS Singapore | - |
| Backup data | AWS Tokyo | - |
Encryption Measures
Transmission Encryption- All API communications use TLS 1.3
- WebSocket connections use WSS protocol
- Insecure cipher suites are disabled
| Data Type | Encryption Method |
|---|---|
| Database | AES-256 |
| File storage | AES-256 |
| Backups | AES-256 |
| Key management | AWS KMS |
Access Control
- Role-Based Access Control (RBAC)
- Least privilege principle
- Access log auditing
- Multi-factor authentication required
Security Audits
- Regular security assessments
- Third-party penetration testing
- Vulnerability response mechanism
- Security incident notification
Data Retention Periods
| Data Type | Retention Period | Deletion Method |
|---|---|---|
| Account data | Account lifetime + 30 days | Automatic deletion |
| API call logs | 90 days | Automatic deletion |
| Error logs | 30 days | Automatic deletion |
| Billing records | 7 years (legal requirement) | Deletion upon expiry |
| Security logs | 1 year | Automatic deletion |
After account deletion, we will clear all identifiable personal data within 30 days, except for data required to be retained by law.
Third-Party Data Sharing
Data Sharing Principles
- No data selling: We never sell user data to third parties
- Minimal sharing: Only share the minimum data required for services
- Contractual constraints: All sub-processors sign data processing agreements
Sub-processors
Enterprise customers can contact [email protected] for the complete sub-processor list.
User Rights
Rights Overview
| Right | Description | How to Exercise |
|---|---|---|
| Right of Access | Obtain a copy of your data | Email request |
| Right of Rectification | Correct inaccurate data | Email request |
| Right of Erasure | Request deletion of your data | Email request |
| Right of Portability | Export in machine-readable format | Email request |
| Right to Object | Object to certain data processing | Email request |
Right of Access
You have the right to request access to your personal data held by us. How to request: Send email to [email protected]Right of Rectification
You have the right to request correction of inaccurate personal data. How to exercise: Send email to [email protected]Right of Erasure
You have the right to request deletion of your personal data. How to exercise:- Account deletion: Send email to [email protected]
- Complete deletion: Data will be cleared within 30 days
- Retention exceptions: Data required by law to be retained
Right of Portability
You have the right to obtain a copy of your data.- Supported formats: JSON, CSV
- Export scope: Account information, usage records
- How to request: Send email to [email protected]
- Processing time: Within 30 days
Right to Object
You have the right to object to certain data processing activities:- Marketing communications: Can unsubscribe at any time
- Data analytics: Can opt out
Compliance Statement
GDPR Compliance
ChainStream complies with the EU General Data Protection Regulation (GDPR):- Lawful basis for data processing
- Data subject rights protection
- Data protection impact assessment
- Data breach notification mechanism
CCPA Compliance
For California users, we comply with the California Consumer Privacy Act:- Right to know
- Right to delete
- Right to opt-out
- Right to non-discrimination
Data Processing Agreement
Enterprise customers can sign a Data Processing Agreement (DPA):- Standard Contractual Clauses (SCCs)
- Data processing scope definition
- Security measure commitments
- Sub-processor list
Privacy Policy Updates
- 30 days advance notice for significant changes
- Update date clearly marked
- Historical versions available for review
FAQ
Can ChainStream see my wallet private keys?
Can ChainStream see my wallet private keys?
No. ChainStream’s architecture is designed to ensure we cannot access users’ private keys or seed phrases. We only provide on-chain data reading services and do not involve any private key operations.
What will my API query records be used for?
What will my API query records be used for?
API query records are only used for: billing statistics, service performance optimization, and anomaly detection. We do not analyze the specific address content of your queries, nor do we sell query data to third parties.
Will data be completely cleared after account deletion?
Will data be completely cleared after account deletion?
After account deletion, we will clear all identifiable personal data within 30 days. However, billing-related records need to be retained for the legally required period.
Where is data stored?
Where is data stored?
Primary data is stored in AWS Singapore region, backups are stored in AWS Tokyo region.
How do I exercise my data rights?
How do I exercise my data rights?
You can exercise your rights to access, correct, delete, and export data by sending an email to [email protected]. We will respond to your request within 30 days.
Contact Information
Privacy Inquiries
| Matter | Contact | Response Time |
|---|---|---|
| Privacy issues | [email protected] | 5 business days |
| Data requests | [email protected] | Within 30 days |
| Security issues | [email protected] | Within 24 hours |
| Enterprise DPA | [email protected] | 3 business days |
Complaints and Suggestions
If you have any concerns about our data processing, you can:- Contact our privacy team
- File a complaint with your local data protection authority