Privacy Policy

Effective Date: February 16, 2026  |  Last Updated: February 16, 2026

This Privacy Policy describes how Vindicio Ltd. (Company Number 17020121) (“Vindicio,” “we,” “us,” or “our”) collects, uses, and protects your personal information when you use the Vindicio service (the “Service”).

1. Information We Collect

1.1 Information You Provide

When you use Vindicio through Telegram, we collect:

• Telegram ID: Your unique Telegram identifier for authentication and service delivery
• Conversation Data: Your messages to our AI assistant, including wallet addresses, transaction hashes, and blockchain data you submit for analysis
• Payment Information: Transaction data from Telegram Stars, CryptoCloud, or Stripe (we do not store payment card details directly)

1.2 Automatically Collected Information

• Analytics Data: Usage statistics and interaction patterns collected via Google Analytics
• Authentication Cookies: Technical cookies necessary for maintaining your session

2. How We Use Your Information

We use your personal information to:

• Provide blockchain intelligence and AML/KYT analysis services
• Maintain your conversation history and analysis reports
• Process payments and manage subscriptions
• Improve our AI models and Service functionality
• Comply with legal obligations and prevent illegal activities

3. Data Storage and Security

3.1 Storage Location

Your conversation history and submitted blockchain data are stored in Supabase, hosted on Vercel infrastructure in the United States. We implement appropriate safeguards for international data transfers as required by GDPR.

3.2 Access Controls

Your personal data is protected through:

• Industry-standard encryption in transit and at rest
• User-level database access restrictions
• No administrative access to individual user conversations without legal requirement

3.3 Data Retention

We retain your data for as long as your account is active. Upon account deletion, all personal data is permanently removed from our systems.

4. Data Sharing and Third Parties

4.1 Service Providers

We share data with the following third-party processors:

• OpenAI: For AI assistant functionality (subject to OpenAI's data processing terms)
• MistTrack: For blockchain intelligence analysis (subject to MistTrack's terms)
• Supabase: For secure data storage (EU-based infrastructure)
• Payment Processors: Telegram, CryptoCloud, and Stripe for payment processing
• Google Analytics: For usage analytics (anonymized where possible)

4.2 Legal Obligations

We may disclose your information if required by law, court order, or regulatory authority, or to protect our rights, safety, or the rights of others.

4.3 No Sale of Data

We do not sell, rent, or trade your personal information to third parties for marketing purposes.

5. Your Rights (GDPR)

If you are located in the European Union or European Economic Area, you have the following rights:

• Right to Access: Request a copy of your personal data
• Right to Rectification: Correct inaccurate personal data
• Right to Erasure: Request deletion of your personal data
• Right to Restrict Processing: Limit how we use your data
• Right to Data Portability: Receive your data in a machine-readable format
• Right to Object: Object to processing based on legitimate interests
• Right to Withdraw Consent: Withdraw consent at any time (where processing is based on consent)

To exercise these rights, contact us at: admin@vindic.io

6. International Data Transfers

Your data is stored and processed in the United States (Vercel/Supabase infrastructure). Additionally, some service providers (such as OpenAI) may process data outside the EU.

For transfers from the EU to the US and other jurisdictions, we rely on:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Data Processing Agreements with our service providers
• Appropriate technical and organizational security measures

By using our Service, you consent to the transfer of your data to the United States and other jurisdictions where our service providers operate.

7. Children's Privacy

Vindicio is not intended for users under 18 years of age. We do not knowingly collect personal information from children. If you are under 18, do not use the Service.

8. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by:

• Posting the updated Privacy Policy with a new “Last Updated” date
• Notifying you through the Service or via email (if provided)

Your continued use of the Service after changes take effect constitutes acceptance of the revised Privacy Policy.

9. Data Security

We implement industry-standard security measures to protect your personal information from unauthorized access, disclosure, alteration, or destruction. However, no method of transmission or storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

10. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

Email: admin@vindic.io

For GDPR-related requests, see our GDPR Compliance page.