Table of Contents
1. Introduction
TRACE Protocol ("we," "our," or "us"), operated by XDRIP Digital Management LLC, is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our blockchain document attestation services, including our website at traceprotocol.pro, web application, API services, and related platforms (collectively, the "Services").
Key Point: TRACE Protocol processes document hashes, not the documents themselves. Your actual documents never leave your control unless you explicitly choose to store them with us.
By accessing or using our Services, you agree to this Privacy Policy. If you do not agree with our policies and practices, please do not use our Services.
2. Information We Collect
2.1 Information You Provide
- Account Information: Name, email address, company name, job title, and password when you register for an account.
- Payment Information: Billing address, payment card details (processed by our payment processor), and transaction history.
- Document Metadata: File names, sizes, types, and timestamps of documents you attest (not the document contents unless you opt for storage).
- Communication Data: Information you provide when contacting support or participating in surveys.
2.2 Information Collected Automatically
- Usage Data: Pages visited, features used, API calls made, and interaction patterns.
- Device Information: IP address, browser type, operating system, and device identifiers.
- Log Data: Server logs including access times, error logs, and referral URLs.
- Cookies and Tracking: See our Cookie Policy for detailed information.
2.3 Blockchain Data
When you use our attestation services, the following data is recorded on public blockchains:
- SHA-256 hash of your document (cryptographic fingerprint)
- Timestamp of attestation
- Merkle root (for batched attestations)
- Transaction identifiers
Important: Blockchain data is immutable and publicly accessible. Document hashes cannot be reversed to reveal document contents, but the fact that an attestation occurred is permanent.
3. How We Use Your Information
We use your information for the following purposes:
- Service Delivery: To provide, maintain, and improve our attestation services.
- Account Management: To create and manage your account, process payments, and provide customer support.
- Communication: To send service updates, security alerts, and marketing communications (with your consent).
- Analytics: To understand usage patterns and improve our Services.
- Security: To detect, prevent, and respond to fraud, abuse, and security incidents.
- Legal Compliance: To comply with applicable laws, regulations, and legal processes.
4. Data Sharing and Disclosure
We do not sell your personal information. We may share your information in the following circumstances:
4.1 Service Providers
We engage trusted third-party service providers to perform functions on our behalf, including:
- Cloud hosting (AWS, Google Cloud)
- Payment processing (Stripe)
- Email services (SendGrid)
- Analytics (Google Analytics, Mixpanel)
4.2 Blockchain Networks
Document hashes and attestation metadata are published to public blockchain networks (BNB Smart Chain, Polygon, Solana) as part of our core service.
4.3 Legal Requirements
We may disclose information if required by law, subpoena, court order, or government request, or to protect rights, property, or safety.
4.4 Business Transfers
In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.
5. Data Security
We implement industry-standard security measures to protect your information:
- TLS 1.3 encryption for all data in transit
- AES-256 encryption for data at rest
- SOC 2 Type II certified infrastructure
- Regular security audits and penetration testing
- Multi-factor authentication options
- Role-based access controls
While we strive to protect your information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.
6. Data Retention
We retain your information for as long as necessary to provide our Services and comply with legal obligations:
- Account Data: Retained while your account is active and for 3 years after closure.
- Transaction Data: Retained for 7 years for tax and audit purposes.
- Usage Data: Retained for 2 years in identifiable form, then anonymized.
- Blockchain Data: Permanent and immutable by design.
7. Your Rights
Depending on your jurisdiction, you may have the following rights:
- Access: Request a copy of your personal information.
- Correction: Request correction of inaccurate information.
- Deletion: Request deletion of your personal information (subject to legal retention requirements).
- Portability: Request your data in a machine-readable format.
- Opt-Out: Opt out of marketing communications at any time.
- Restriction: Request restriction of processing in certain circumstances.
To exercise these rights, contact us at privacy@traceprotocol.pro.
GDPR Rights (EEA Residents)
If you are in the European Economic Area, you have additional rights under GDPR, including the right to lodge a complaint with a supervisory authority.
CCPA Rights (California Residents)
California residents have additional rights under CCPA, including the right to know what personal information is collected and the right to opt-out of the sale of personal information. We do not sell personal information.
8. International Data Transfers
Your information may be transferred to and processed in countries other than your country of residence. We ensure appropriate safeguards are in place, including:
- Standard Contractual Clauses approved by the European Commission
- Data Processing Agreements with all sub-processors
- Compliance with applicable data protection frameworks
9. Children's Privacy
Our Services are not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If you become aware that a child has provided us with personal information, please contact us immediately.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by:
- Posting the updated policy on our website
- Sending an email notification to registered users
- Displaying a prominent notice in our application
Your continued use of our Services after changes become effective constitutes acceptance of the updated policy.
11. Contact Us
If you have questions about this Privacy Policy or our data practices, please contact us:
TRACE Protocol
XDRIP Digital Management LLC
Email: privacy@traceprotocol.pro
Website: traceprotocol.pro
For data protection inquiries in the EU, you may also contact our Data Protection Officer at dpo@traceprotocol.pro.