Chainkeep

Privacy Policy

1. Who we are

[Company name], the data controller for your account data. ICO registration: [NUMBER].

2. What we collect

Account data (name, email, hashed password, optional two-factor secrets, encrypted at rest); the documents and emails you add — which can include identity documents and financial records; access-log data for shared documents (recipient activity, IP address, browser); and technical logs needed to run the service.

3. Why we process it (lawful bases)

Performing our contract with you (storing and organising your record); your consent (notification emails, which you control in Settings); and legitimate interests (security logging, abuse prevention).

4. AI processing

Document text is sent to our AI provider ([provider], under a no-training-on-inputs agreement) to generate summaries and answer your questions. Your documents are not used to train models.

5. Email

If you use your transaction’s forwarding address, we store forwarded emails and safe attachments in your record, and retain the raw message as received. Emails sent via Chainkeep on your behalf carry your name and set replies to your own address.

6. Sharing and processors

We never sell your data. Processors: [hosting provider], [object storage provider], [email provider], [AI provider] — each under a data processing agreement.

7. Retention

[Retention schedule — for review. Deleted accounts are purged within N days, including backups.]

8. Your rights

Access and portability: Settings → Export gives you everything as a zip. Erasure: Settings → Delete account. You can also contact [email] for any UK GDPR right, and you may complain to the ICO.

9. Security

Encryption in transit and at rest, hashed share tokens, mandatory link expiry, an append-only tamper-evident access log, optional two-factor authentication, and malware scanning of incoming files.