Last updated: March 21, 2024
This Privacy Policy explains how Chainalysis collects, uses, and discloses personal information in the operation of the chainalysis.com website and associated webpages (the “Chainalysis Website”), and our web-based services such as Chainalysis Academy, webinars and trainings by the company, and our online products, services, and applications (collectively with the Chainalysis Website, the “Service(s)”). It also describes some of the individual rights that you may have regarding your Personal Data. This Privacy Policy is not a contract and does not create any legal rights or obligations not otherwise provided by applicable law.
Jurisdiction-specific disclosures in this Privacy Policy are intended to apply only to those individuals who reside in those jurisdictions and their respective data privacy laws, as applicable. Accordingly, please note that references in this Privacy Policy to the European General Data Protection Regulation (GDPR) and the EU-US Data Privacy Framework, the Swiss-U.S. Data Privacy Framework, and the UK Extension to the EU-U.S. Data Privacy Frameworks are aimed at citizens of the European Economic Area, Switzerland, and the UK (as applicable).
A reference to “Chainalysis,” “we,” or “us” in this Privacy Policy is a reference to Chainalysis Inc. and its relevant affiliates that are involved in the collection, use, disclosure, or other processing of Personal Data as described in this policy. We are a blockchain analysis company providing blockchain analytics, compliance, and investigation offerings to banks, businesses, and governments.
Data privacy laws sometimes differentiate between “controllers” and “processors” of personal information. A “controller” determines the purposes and means (i.e., the why and how) of processing personal information. A “processor”, which is sometimes referred to as a “service provider,” on the other hand, processes personal information on behalf of a controller and is subject to the latter’s instructions and corresponding contractual restrictions. Chainalysis Inc. and/or its relevant affiliates act as the controller of Personal Data (as defined below) for the data processing activities described in this Privacy Policy, unless otherwise noted. This Privacy Policy does not generally apply to the company’s processing activities in its capacity as a processor or service provider.
In this Privacy Policy, we describe our practices regarding information that relates to you as an identified or identifiable natural person (“Personal Data”). This Privacy Policy relates only to Personal Data, and not to any data we handle that is anonymous or has been anonymized (whether in an aggregated form or not).
We may collect Personal Data when you access the Chainalysis Website, register or subscribe for the Service, subscribe to a webinar or marketing communications, become a trainee at the Chainalysis Academy, become a user of our forum, contact us, send us feedback, otherwise interact with us, and when we perform our Services in general. This Personal Data is collected either directly from you, such as when you register with us, or automatically, such as when you browse or use the Chainalysis Website, or when we collect Personal Data from other sources for our Services, which may include receiving Personal Data from suppliers we have engaged or third-party data sources. The Personal Data we collect depends on the particular Services you have requested and/or activities being carried out and could include:
When you request or use our Services, we may ask for certain Personal Data from you in order to provide such Services. If you choose not to provide such information, then you might not be able to take advantage of some of the Services.
Chainalysis may use the above-mentioned Personal Data to:
Chainalysis shares your Personal Data, including the categories outlined in this Privacy Policy, with third parties for the purposes described below. We may also share your Personal Data among other subsidiaries or affiliates that either follow this Privacy Policy or have practices at least as protective as those described in this Privacy Policy. Under certain circumstances, we may be required to disclose your Personal Data in response to valid requests by government authorities, including to meet national security or law enforcement requirements.
Third-Party Service Providers and Vendors
In certain circumstances, third-party service providers or vendors that Chainalysis has engaged to perform business functions on our behalf might have access to your Personal Data. Such parties may include:
We allow our service providers to handle your Personal Data to the extent we are satisfied they take the appropriate measures, depending on the jurisdiction they are based in and the data subjects they deal with, to protect your Personal Data. Where applicable, these measures may include professional obligations of confidentiality and privilege. We also impose contractual obligations on service providers to ensure they can only use your Personal Data to provide services to us and to you or to receive our Services. Where required by the Data Privacy Framework, we enter into written agreements with those parties requiring them to provide materially the same level of protection the Data Privacy Framework requires, and limiting their use of the data to the services procured. We take reasonable steps to ensure that third-party agents and service providers process Personal Data in accordance with our Data Privacy Framework obligations, and stop and remediate unauthorized processing. In our capacity as a data controller (i.e., the entity determining the means and purposes of processing the Personal Data), we remain liable for the acts of our third-party agents or service providers for their handling of the Personal Data that we transfer to them unless we prove that we are not responsible for the event giving rise to the damage.
Third-Party Partners
We may make available to you services or products in collaboration with third parties, for example, those that are jointly offered by Chainalysis and its third-party partners or other businesses. We will make reasonable efforts to let you know when a third party is involved, in which case we may share your Personal Data with that third party.
In particular, if you register in order to participate in an event, webinar, or training organized by us, or download or access material on our website, we may share your Personal Data with partners that co-organize or sponsor these activities and projects. If required by applicable law, we will seek your consent or opt-in to such sharing, for instance, via the registration form or another affirmative action by you. In these circumstances, your information will be subject to the relevant partner’s privacy statements. If you do not wish for your information to be shared in this manner, you may choose to not register for the event or otherwise participate, or not access the material, as the case may be. Or, you can opt out in accordance with the choices provided to you in this Privacy Policy.
Payment Processors
We may share Personal Data with, or direct customers to provide such information, to payment processors who process payment for services on our behalf.
Marketing Partners
In some instances, we may share Personal Data with our marketing partners, including ad networks, social networks, retargeting partners, and marketing communication providers, in order to communicate with you about our products and services and market our products and services to you. See our Cookies Policy for more information on your choices regarding interest-based advertising and targeted advertising.
Business Transactions
Chainalysis may take part in or be involved with a corporate business transaction, such as a merger, acquisition, joint venture, or financing or sale of company assets. We may assign or transfer this Privacy Policy and your Personal Data to a third party in connection with such a corporate business transaction, for example, during negotiations or as an asset. Personal Data may also be disclosed in the event of insolvency, bankruptcy, or receivership.
Legal Obligations and Rights
In addition to the purposes described above, we disclose Personal Data to third parties, such as legal advisors and law enforcement, to respond to subpoenas, court orders, or legal process, or to establish or exercise our legal rights or defend against legal claims. We may also share such Personal Data if we believe it is necessary in order to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, violations of our agreement for services, or as otherwise required by law.
Transfers Directed or Permitted by You
We may disclose Personal Data about you to certain other third parties at your direction or with your consent or permission.
The Chainalysis Website and/or the Service may contain links to websites and applications other than the Service, including websites, services, and applications operated by affiliates and other third parties. The Chainalysis Website sometimes may also include third-party Social Media features, such as the Facebook Like or Share buttons and Widgets or interactive mini-programs, that run on our site. These third-party features may collect your IP address and which web page you are visiting on the Chainalysis Website, and may set a cookie to enable the feature to function properly. Social Media features and Widgets are either hosted by a third party or hosted directly on the Chainalysis Website.
If you submit Personal Data to any third parties or through third-party services or applications, the processing of your Personal Data is governed by their privacy policies, however, we will take the steps described in our Cookies Policy to make you aware of any third-party cookies being placed and to provide you with information on how to exercise control over them, when available.
We may also offer publicly-accessible blogs or community forums in our Service or the Chainalysis Website. You should be aware that any information provided in these areas may be read, collected, and used by others who access them. To request removal of your Personal Data from our blog or community forum, you may remove your posted content by deleting your message, or alternatively, contacting us at [email protected]. In some cases, we may not be able to remove your Personal Data, in which case we will let you know if we are unable to do so and why. Please note that your use of any such blogs or forums is always subject to the terms and conditions applicable to such blogs or forums.
To enable our systems to recognize your browser or device and to provide and improve our Services, we use cookies and similar technologies. For more information about how we use them, how you can control them, and your choices regarding interest-based advertising and targeted advertising please see our Cookies Policy.
Where we have your consent to do so or where otherwise permitted by law, we may send you information about the Services, including features you may be interested in, for example, by postal mail, email or telephone. Some of these communications may include marketing materials. If you would like to opt out of getting marketing communications from Chainalysis please contact us at [email protected] or follow the available opt-out or unsubscribe instructions included in each communication. Please note that we may still continue to send you transactional and other non-marketing communications, for example, messages about products or services you or your organization have requested, events you’ve registered for, announcements about service levels or security-related issues, etc., even after you’ve opted out.
Some of the third parties with whom we share Personal Data may be based outside the European Economic Area (EEA) or the United Kingdom (UK). Chainalysis only transfers Personal Data to countries outside the EEA and UK if that country or the recipient has an adequate level of protection according to applicable data protection laws, such as the European GDPR and UK GDPR. For example, we may rely on the standard contractual clauses published by the European Commission and similar measures under UK laws when we share your Personal Data within the Chainalysis corporate group.
Chainalysis complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. Chainalysis has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF. Chainalysis has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.
For purposes of enforcing compliance with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) Data Privacy Framework, Chainalysis is subject to the investigatory and enforcement authority of the U.S. Federal Trade Commission. For more information about the Data Privacy Framework, visit the Data Privacy Framework website. To review Chainalysis’s certification, see the U.S. Department of Commerce’s Data Privacy Framework list located here.
If you are a beneficiary of the rights afforded under the Data Privacy Framework, pursuant to Annex 1 of the DPF Principles you have the possibility, under certain conditions, to invoke binding arbitration in the event of a complaint regarding our processing of your HR Data. Subject to your compliance with Annex 1 of the DPF Principles and in accordance with those Principles, Chainalysis commits to refer unresolved complaints concerning our handling of personal data received in reliance on the Data Privacy Framework to the International Centre for Dispute Resolution, the international division of the American Arbitration Association (“ICDR-AAA”), an alternative dispute resolution provider based in the United States. If you do not receive timely acknowledgment of your Data Privacy Framework-related complaint from us, or if we have not addressed your Data Privacy Framework-related complaint to your satisfaction, please visit here for more information or to file a complaint. The services of the ICDR-AAA are provided at no cost to you.
Chainalysis will retain Personal Data we process on behalf of our customers or users for as long as needed to provide the Service to our customers, subject to our compliance with this Privacy Policy and any relevant customer agreements. We may further retain and use this Personal Data as necessary, including by not limited to:
We have established internal policies for the deletion of Personal Data from customer accounts following the termination of a customer’s subscription to the Service pursuant to our agreements with such customers.
To the extent granted by applicable law, you may have certain rights to control or seek information about Chainalysis’ processing of your Personal Data. Depending on your jurisdiction, and subject to its relevant exemptions and exceptions, these rights may include, among others, the right to:
Additionally, in compliance with its commitments under the Data Privacy Framework, Chainalysis respects your privacy rights and offers you the opportunity to choose (opt-out) whether your Personal Data is disclosed to third parties or used for purposes materially different from the original collection purpose. You have the right to opt out of such disclosures or uses. If you would like to exercise your right to opt out of such disclosures or uses, then you can submit a written request to the contact information provided below in the section “How to Exercise Your Rights”. Please note, however, that in certain circumstances, such as when disclosure of your Personal Data is necessary for third parties acting as agents to perform tasks on our behalf and under our instructions, your opt-out right will not be applicable. However, we always establish contractual agreements with such agents to safeguard your Personal Data.
For sensitive Personal Data, including but not limited to medical or health conditions, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, or information specifying your sex life, Chainalysis requires affirmative express consent from you (opt-in) before disclosing it to third parties or using it for purposes other than originally intended. Additionally, any Personal Data received from a third party, identified and treated as sensitive by that third party, will be treated as sensitive by Chainalysis.
How to Exercise Your Rights:
If you would like to exercise your legal rights with respect to Personal Data that we process as a “controller,” please contact us at [email protected]. In some cases, we may need to request additional information from you to verify your identity as the relevant person to whom these rights are granted. We will let you know whether we can comply with your request in the applicable time period for your jurisdiction. Please note that some of the legal rights you have may be inapplicable to Chainalysis’ data processing activities. For example, we do not sell Personal Data at this time, as those terms are defined under applicable data privacy laws.
Customers of our web-based Services may be able to update or change the Personal Data they previously provided to Chainalysis by logging into the relevant Service and editing such information, where applicable. Depending on your choices, however, certain Services may become more limited for you or unavailable.
Please see the section “Marketing Communications” for information on how to manage marketing communications we send based on your Personal Data.
For more information about your choices regarding interest-based advertising and targeted advertising, please see our Cookies Policy.
As described above, we may also process Personal Data as a processor on behalf of a customer that is the controller of the Personal Data. If your Personal Data has been submitted to us in our role as a processor by or on behalf of a Chainalysis customer and you wish to exercise any rights you may have under applicable laws, please inquire with them directly.
Do Not Track (“DNT”) is a web browser setting a user can set to request that web applications disable their tracking of that user. When the setting is turned on, the web browser sends a special signal to websites, analytics companies, ad networks, plug-in providers, and other web services to stop tracking the user’s browsing activity. There is, however, no common standard adopted by industry groups, technology companies, or regulators on how these signals should be interpreted. As a result, we do not currently commit to responding to web browser DNT signals on the Chainalysis Website. If you would like to learn more about DNT, please visit All About Do Not Track (DNT).
Chainalysis does not intend to, or knowingly, collect or solicit any Personal Data from children under the age of thirteen (13), nor are the Services directed to children under the age of thirteen (13). If you are under the age of thirteen (13), please do not use our Service or otherwise provide us with any Personal Data either directly or by other means. We encourage parents and legal guardians to monitor their children’s Internet usage and to help enforce our Privacy Policy by instructing their children never to use our Service or provide Personal Data to us. If you have reason to believe that a child under the age of thirteen (13) has provided Personal Data to Chainalysis or is otherwise included in our Services, please contact us, and we will use commercially reasonable efforts to delete that Personal Data.
This Privacy Policy was updated on March 21, 2024. We may change this Privacy Policy from time to time. If we make any material changes, we will notify you by email, through the Service, or by posting a prominent notice on the Chainalysis Website prior to the change becoming effective. We encourage you to periodically review this page for the latest information on our privacy practices. All changes shall be effective from the date of publication unless otherwise provided.
We may choose or be required by local data privacy laws to provide different or additional disclosures relating to the processing of Personal Data about residents of certain countries, regions, or states. If you reside in the following jurisdictions, please click on the relevant links below for additional information:
If you believe that you have found a security vulnerability relating to a Chainalysis product or the chainalysis.com website, please send a bug report to [email protected]. Before doing so, please review the Chainalysis Vulnerability Disclosure Policy for submission guidelines.
Please contact us if you have any questions about this Privacy Policy or the Personal Data we hold about you by email at [email protected] or by postal mail at:
Chainalysis Inc.
ATTN: Brittany Cuthbert, Head of Privacy
114 5th Avenue, 19th Floor
New York, NY 10011