Privacy Policy

Last Updated: January 2025 This Privacy Policy explains how BlockSecOps ("we", "us", "our") collects, uses, and protects your information. --- When you create...

Last updated: January 14, 2026

Privacy Policy

Last Updated: January 2025

This Privacy Policy explains how BlockSecOps ("we", "us", "our") collects, uses, and protects your information.

1. Information We Collect

1.1 Account Information

When you create an account:

  • Email address
  • Name (optional)
  • Organization name (if applicable)
  • Authentication credentials

1.2 Wallet Information

When you connect a Web3 wallet:

  • Wallet address (public key)
  • Signed messages for authentication
  • Transaction history related to credits

1.3 Usage Information

When you use the Service:

  • Smart contract code you upload
  • Scan results and findings
  • API calls and queries
  • Feature usage patterns
  • IP addresses and device information

1.4 Payment Information

When you purchase credits or subscriptions:

  • Billing address
  • Payment method (handled by payment processors)
  • Transaction records
  • Cryptocurrency wallet transactions (for x402)

1.5 Communication Data

When you contact us:

  • Support tickets
  • Email correspondence
  • Feedback and surveys

2. How We Use Your Information

2.1 Service Operation

We use your information to:

  • Provide security scanning services
  • Generate vulnerability reports
  • Manage your account and subscriptions
  • Process payments and credits
  • Send service notifications

2.2 Improvement

We use aggregated data to:

  • Improve scanner accuracy
  • Develop new features
  • Enhance user experience
  • Fix bugs and issues

2.3 Security

We use your information to:

  • Detect and prevent fraud
  • Monitor for abuse
  • Enforce Terms of Service
  • Protect our systems and users

2.4 Communication

We may contact you about:

  • Account and billing matters
  • Service updates and changes
  • Security advisories
  • Marketing (with consent)

3. Information Sharing

3.1 We Do NOT Sell Your Data

We do not sell, rent, or trade your personal information to third parties.

3.2 Service Providers

We share data with providers who help us operate:

  • Cloud infrastructure (data hosting)
  • Payment processors (billing)
  • Authentication services (login)
  • Analytics (usage patterns)

All providers are bound by confidentiality agreements.

3.3 Legal Requirements

We may disclose information if required by:

  • Law or legal process
  • Government requests
  • Protection of rights and safety
  • Enforcement of Terms of Service

3.4 Business Transfers

In the event of merger, acquisition, or sale, your information may be transferred. We will notify you of any such change.

3.5 With Your Consent

We may share information when you explicitly consent, such as:

  • Sharing reports with team members
  • Publishing case studies (with permission)
  • Integration with third-party services you enable

4. Data Retention

4.1 Account Data

  • Retained while your account is active
  • Deleted within 30 days of account deletion request

4.2 Smart Contract Code

  • Retained based on your settings
  • Can be deleted immediately upon request
  • Not retained after contract deletion

4.3 Scan Results

  • Retained per your plan's retention period:
    • Free: 30 days
    • Developer: 90 days
    • Startup/Professional: 1 year
    • Enterprise: Configurable

4.4 Audit Logs

  • Retained per your plan:
    • Standard: 90 days
    • Enterprise: 2 years (configurable)

4.5 Aggregated Data

Anonymized, aggregated data may be retained indefinitely for research and improvement purposes.

5. Your Rights

5.1 Access

You can request a copy of your personal data at any time.

5.2 Correction

You can update or correct your account information.

5.3 Deletion

You can request deletion of your data ("right to be forgotten").

5.4 Portability

You can export your data in machine-readable formats.

5.5 Restriction

You can request we limit how we process your data.

5.6 Objection

You can object to certain processing activities.

5.7 Exercising Rights

To exercise these rights:

  • Use account settings for self-service options
  • Email [email protected] for requests
  • Enterprise customers can contact their CSM

6. Data Security

6.1 Encryption

  • Data encrypted at rest (AES-256)
  • Data encrypted in transit (TLS 1.3)
  • Optional customer-managed encryption keys

6.2 Access Controls

  • Role-based access control
  • Multi-factor authentication
  • Audit logging of access

6.3 Infrastructure

  • SOC 2 Type II compliant infrastructure
  • Regular security assessments
  • Incident response procedures

See our Data Security Policy for details.

7. Cookies and Tracking

7.1 Essential Cookies

Required for Service operation:

  • Authentication
  • Session management
  • Security features

7.2 Analytics Cookies

With consent:

  • Usage patterns
  • Feature adoption
  • Performance metrics

7.3 Marketing Cookies

With consent:

  • Advertising effectiveness
  • Referral tracking

7.4 Cookie Management

You can manage cookies through:

  • Browser settings
  • Our cookie preferences panel
  • Opt-out links provided

8. International Transfers

8.1 Data Location

Primary data processing in:

  • United States (default)
  • European Union (for EU customers)
  • Other regions (Enterprise option)

8.2 Transfer Mechanisms

International transfers protected by:

  • Standard Contractual Clauses
  • Data Processing Agreements
  • Adequacy decisions where applicable

9. Children's Privacy

BlockSecOps is not intended for children under 18. We do not knowingly collect information from children. If we learn we have collected data from a child, we will delete it promptly.

10. California Privacy Rights (CCPA)

California residents have additional rights:

  • Right to know what data we collect
  • Right to delete personal information
  • Right to opt-out of data sales (we don't sell data)
  • Right to non-discrimination

To exercise CCPA rights, email [email protected].

11. European Privacy Rights (GDPR)

EU/EEA residents have additional protections:

  • Legal basis for processing
  • Data Protection Officer access
  • Supervisory authority complaints
  • Cross-border transfer safeguards

Our Data Protection Officer can be contacted at [email protected].

12. Changes to This Policy

We may update this Privacy Policy periodically. Changes will be:

  • Posted with updated "Last Updated" date
  • Communicated via email for material changes
  • Highlighted in-app for significant updates

Continued use after changes constitutes acceptance.

13. Contact Us

For privacy-related inquiries:

Email: [email protected]
Data Protection Officer: [email protected]
Address: BlockSecOps, Inc., Delaware, USA

Related Policies