Privacy Policy

Introduction

Last Updated: May 1, 2025 Deconflict, Inc. (“Deconflict,” “we,” “us,” or “our”) respects your privacy and is committed to protecting the personal information of those who interact with our Services. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you access our crypto wallet intelligence platform and related services (collectively, the “Services”). This Privacy Policy applies to law enforcement agencies, financial institutions, cryptocurrency exchanges, fintech companies, and other verified users (“you” or “users”) who register for and use our Services. By accessing or using our Services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access or use our Services.

1. Scope and Application

1.1 What This Policy Covers

This Privacy Policy applies to personal information we collect through:

• Our website at deconflict.com
• Our web-based application and dashboard
• Our API services
• Email and other communications with us
• Registration and account management processes

1.2 What This Policy Does Not Cover

This Privacy Policy does not apply to:

• Information processed on behalf of our customers: When law enforcement agencies or other customers submit crypto wallet data to our platform, we act as a service provider processing that data according to our contracts with those customers, not under this Privacy Policy.
• Third-party websites or services:Our Services may contain links to third-party websites or services that have their own privacy policies. We are not responsible for the privacy practices of these third parties.
• Employee or job applicant data:Information about Deconflict employees and job applicants is covered under separate internal policies.

1.3 Important Distinction: User Data vs. Submitted Wallet Data

User Personal Information (covered by this Privacy Policy): Information about you as a registered user of our platform, including your name, email address, organization, and account credentials. Submitted Wallet Intelligence (not covered by this Privacy Policy): Crypto wallet addresses, risk indicators, and related intelligence submitted by law enforcement agencies and other verified users. This data is processed under our Terms of Service and customer contracts, and does not contain personally identifiable information about suspects, victims, or investigation subjects.

2. Information We Collect

The information we collect depends on how you interact with our Services and the requirements of applicable law. We collect only the information necessary to provide, secure, and improve our Services.

2.1 Personal Information You Provide Directly

1. Account Registration

   When you create an account, we collect:

   • Full legal name
   • Official email address (typically a government, institutional, or corporate domain email)
   • Organization or agency name
   • Job title or role
   • Username and password (passwords are salted and hashed)
   • Phone number (optional, for multi-factor authentication)
   • Payment information (if applicable)

2. Identity Verification

   For law enforcement and certain institutional users, we may collect:

   • Agency or institutional affiliation documentation
   • Professional credentials or verification codes
   • Official correspondence to confirm identity and authorization
   We do not collect:
   • Government-issued badge numbers or employee identification numbers
   • Social Security numbers or national identification numbers
   • Biometric information such as fingerprints or facial recognition data
   • CJIS data, criminal histories, or law enforcement case files
   • Police report numbers, victim or suspect information

3. Communications with Us

   When you contact us for support, feedback, or inquiries, we may collect:

   • Email address
   • Phone number
   • Content of your messages and correspondence
   • Any information you choose to provide in your communications

4. Wallet Submission Data

   When you submit crypto wallet intelligence to our platform, we collect:

   • Crypto wallet addresses (public blockchain identifiers)
   • Risk indicators, flags, or classifications you assign
   • Timestamps and metadata about submissions
   • Your agency or organization identifier (not your personal name)
   • Optional contextual notes (we instruct users not to include PII, case numbers, or investigative details)
   This wallet data is not personal information and is used to train our machine learning models and provide intelligence via our API.

2.2 Information Collected Automatically

1. Technical Information When you access our Services, we automatically collect:

   • IP address and approximate geographic location (derived from IP)
   • Browser type and version
   • Operating system and device type
   • Access timestamps and session duration
   • Referring URLs and pages visited within our Services
   • API request logs (for API users)

2. Security and Fraud Prevention Data To protect our Services and users, we collect:

   • Login attempt records and authentication logs
   • Unusual access patterns or anomalies
   • Rate limiting and abuse detection metrics

3. Technologies We Use

   We do not use:
   • Cookies for tracking or analytics
   • Third-party analytics services (e.g., Google Analytics)
   • Social media pixels or advertising trackers
   We do use:
   • Session tokens for authentication (temporary, deleted on logout)
   • Server logs for security monitoring and troubleshooting
   • Technical cookies strictly necessary for platform functionality (e.g., maintaining your login session)
   If we decide to implement analytics or additional tracking technologies in the future, we will update this Privacy Policy and provide appropriate notice and choice mechanisms.

2.3 Information from Third-Party Sources

We may receive limited information from third parties, including:

• Email domain verification services to confirm institutional affiliations
• Public records or professional databases to verify law enforcement or institutional credentials
• Payment processors (if applicable) for billing and transaction processing

We do not purchase personal information from data brokers or marketing lists.

3. How We Use Your Personal Information

We use your personal information for the following legitimate business purposes:

3.1 To Provide and Operate Our Services

• Create and manage your user account
• Authenticate your identity and authorize access to appropriate features
• Enable you to submit and access crypto wallet intelligence
• Provide API access to verified customers
• Process and respond to your support requests
• Facilitate deconfliction and investigative coordination among verified users

3.2 To Improve and Develop Our Services

• Train and improve machine learning models for crypto wallet risk assessment (using aggregated, anonymized wallet data, not personal information)
• Analyze usage patterns to enhance platform features and user experience
• Develop new intelligence products and API capabilities
• Conduct internal research and development

3.3 To Ensure Security and Prevent Fraud

• Detect and prevent unauthorized access, account takeovers, and security threats
• Monitor for platform abuse, data scraping, or malicious activity
• Investigate and respond to potential violations of our Terms of Service
• Maintain audit logs for security and compliance purposes

3.4 To Comply with Legal Obligations

• Respond to lawful requests from law enforcement or regulatory authorities
• Comply with applicable laws, regulations, and legal processes
• Enforce our Terms of Service and other agreements
• Protect our rights, property, and safety, and those of our users and the public

3.5 To Communicate with You

• Send account-related notifications (e.g., password resets, security alerts)
• Provide technical support and respond to inquiries
• Notify you of material changes to our Services, Terms of Service, or Privacy Policy

We do not use your personal information for:

• Marketing, advertising, or promotional communications (unless you explicitly opt in)
• Selling or renting your personal information to third parties
• Behavioral profiling or targeted advertising

4. How We Share Your Personal Information

We share your personal information only in the limited circumstances described below. We do not sell, rent, or trade your personal information.

4.1 With Service Providers

We engage trusted third-party service providers to perform functions on our behalf, including:

• Cloud infrastructure and hosting:Amazon Web Services (AWS) for secure, U.S.-based data storage and computing
• Email communications:Transactional email service providers for account notifications and support
• Security services:Providers of authentication, encryption, and threat detection tools

These service providers are contractually obligated to use your information only to provide services to us, implement appropriate security measures, comply with applicable data protection laws, and not disclose or use your information for their own purposes.

4.2 API Data Sharing (Aggregated Wallet Intelligence)

We provide aggregated, anonymized crypto wallet intelligence to verified customers (financial institutions, cryptocurrency exchanges, fintech companies) via our API. This intelligence includes:

• Wallet risk types and classifications
• Flagged wallet categories (e.g., sanctioned entities, fraud indicators)
• Statistical patterns and trends

What we share via API:

• Crypto wallet addresses and associated risk metadata
• Aggregated intelligence derived from multiple sources
• Machine learning-generated risk assessments
• Graphing of the funds in some cases
• Your personal information (name, email, agency affiliation) in certain circumstances

What we do NOT share via API:

• Investigation-specific details, case numbers, or contextual notes
• Any personally identifiable information about suspects, victims, or investigation subjects

Contractual and Technical Safeguards:

• API customers are contractually prohibited from attempting to re-identify data sources or users
• Rate limiting and access controls prevent bulk data extraction
• Regular audits and monitoring ensure compliance with data use restrictions
• Anonymization techniques prevent traceability to individual agencies

4.3 Law Enforcement Deconfliction

When multiple law enforcement agencies flag the same crypto wallet, we facilitate deconfliction by:

• Notifying agencies of potential overlapping investigations
• Providing contact information of the submitting agency (agency name and official contact email only) to other verified law enforcement users

Privacy protections:

• Only verified law enforcement users can see law enforcement contact details. In some cases this information can be seen by financial institution investigators to coordinate information sharing.
• Personal names of individual officers or agents are not disclosed unless the user chooses to include them in their agency profile
• No case details, investigative context, or sensitive law enforcement information is shared
• The things that financial institution investigators will see are the reporting party and their contact information for information sharing purposes only.

4.4 For Legal Compliance and Protection

We may disclose your personal information if required or permitted by law, including to:

• Comply with a subpoena, court order, or other legal process
• Respond to lawful requests from government authorities, regulatory agencies, or law enforcement
• Enforce our Terms of Service or other agreements
• Detect, prevent, or investigate fraud, security incidents, or illegal activity
• Protect the rights, property, or safety of Deconflict, our users, or the public

In such cases, we will attempt to notify you unless prohibited by law or if doing so would compromise an investigation.

4.5 In Connection with Business Transactions

If Deconflict is involved in a merger, acquisition, asset sale, bankruptcy, or other business transaction, your personal information may be transferred or disclosed as part of that transaction. In such cases, we will notify you via email and the acquiring entity will be bound by this Privacy Policy or will provide you with notice and choice regarding any changes.

4.6 With Your Consent

We may share your personal information with third parties when you explicitly authorize us to do so.

4.7 Aggregated and De-Identified Information

We may share aggregated, anonymized, or de-identified information that cannot reasonably be used to identify you, including statistical reports on platform usage and trends, anonymized wallet intelligence for research and development, and industry insights. Once information is de-identified, we may use and disclose it without restriction, provided we do not attempt to re-identify such information.

5. Legal Basis for Processing

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your personal information based on the following legal grounds:

5.1 Contractual Necessity

Processing is necessary to perform our contract with you (our Terms of Service) and provide the Services you requested.

5.2 Legitimate Interests

We process your information based on our legitimate business interests, including securing and improving our Services, preventing fraud and abuse, conducting research and development, and facilitating law enforcement deconfliction and public safety. We balance our legitimate interests against your privacy rights.

5.3 Legal Obligations

We process your information to comply with applicable laws, regulations, and legal processes.

5.4 Consent

In some cases, we process your information based on your explicit consent. When we rely on consent, you have the right to withdraw it at any time by contacting us at contact@deconflict.com.

6. Data Security

We implement industry-standard administrative, technical, and physical safeguards to protect your personal information.

6.1 Technical Safeguards

• Encryption:All data is encrypted in transit using TLS 1.3 (256-bit encryption) and at rest using AES-256 encryption
• Secure infrastructure:Data is hosted on Amazon Web Services (AWS) U.S.-based servers with enterprise-grade security controls
• Password protection:User passwords are salted and hashed using bcrypt
• Multi-factor authentication (MFA):Optional MFA for enhanced account security
• Intrusion detection:Automated monitoring for unusual access patterns and security threats
• Regular security assessments:Periodic vulnerability scans and penetration testing

6.2 Administrative Safeguards

• Role-based access controls:Deconflict personnel access personal information only on a need-to-know basis
• Employee training:Regular security awareness and privacy training for all employees
• Confidentiality agreements:All personnel are bound by confidentiality obligations
• Vendor management:Third-party service providers undergo security assessments and are contractually required to protect your information

6.3 Physical Safeguards

• Secure data centers:AWS facilities employ physical security measures including access controls, surveillance, and environmental protections
• Controlled access:Deconflict offices restrict physical access to systems containing personal information

6.4 Incident Response

In the event of a data breach affecting your personal information, we will investigate and contain the incident promptly, notify affected users within 72 hours where legally required, report the breach to applicable regulatory authorities as required by law, and provide information about the breach and steps you can take to protect yourself.

6.5 Limitations

While we implement robust security measures, no system is completely secure. We cannot guarantee absolute security of your information. You are responsible for maintaining the confidentiality of your account credentials, using strong unique passwords, enabling multi-factor authentication, and promptly notifying us of any unauthorized access to your account. If you become aware of any security vulnerability or unauthorized access, please contact us immediately at contact@deconflict.com.

7. Data Retention

We retain your personal information only as long as necessary to fulfill the purposes described in this Privacy Policy.

7.1 Account and Registration Data

• Active accounts:We retain your registration information while your account is active and you continue to use our Services
• Inactive accounts:If your account remains inactive for 24 consecutive months, we may send you a notice and subsequently delete your account and associated personal information
• Account deletion:If you request deletion of your account, we will delete your personal information within 30 days, unless we are required to retain it for legal, compliance, or security purposes

7.2 Technical Logs and Security Data

• Access logs:IP addresses, login timestamps, and technical logs are retained for 12 months for security monitoring and troubleshooting
• Security incident data:Information related to security incidents or abuse investigations may be retained longer as necessary

7.3 Communications and Support Records

Correspondence and support tickets are retained for 24 months to provide continuity of service and address follow-up inquiries.

7.4 Wallet Intelligence Data

Crypto wallet data submitted to our platform is retained indefinitely to support ongoing intelligence operations, model training, and API services. This data does not contain personal information and is not subject to the retention limits above. Once wallet data is aggregated and anonymized, it may be retained permanently.

7.5 Legal Holds

If we are subject to a legal obligation, litigation, regulatory investigation, or other legal process, we may retain your information beyond the standard retention periods until the matter is resolved.

7.6 Deletion Upon Request

You may request deletion of your personal information at any time. We will honor such requests unless we have a legal obligation or legitimate business reason to retain the information.

8. International Data Transfers

8.1 Data Storage Location

All personal information collected through our Services is stored and processed in the United States on secure Amazon Web Services (AWS) infrastructure located in U.S. data centers.

8.2 Transfers from the EEA, UK, and Switzerland

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, your personal information will be transferred to and processed in the United States. The United States may not provide the same level of data protection as required under EEA, UK, or Swiss law. To ensure adequate protection of your personal information during international transfers, we rely on the following legal mechanisms:

1. Standard Contractual Clauses

   We use Standard Contractual Clauses (SCCs) approved by the European Commission, UK International Data Transfer Agreement/Addendum, or Swiss-approved transfer mechanisms, as applicable. These are standardized contractual terms that provide appropriate safeguards for the transfer of personal information and ensure that your information receives an adequate level of protection.

2. Supplementary Measures

   In addition to Standard Contractual Clauses, we implement supplementary technical and organizational measures to protect your personal information, including:
   • Encryption in transit and at rest (256-bit AES encryption)
   • Role-based access controls limiting who can access personal information
   • Regular security audits and assessments
   • Contractual obligations binding our service providers to protect your information<
   • Data minimization practices to collect only necessary information

3. Your Rights

   If you are located in the EEA, UK, or Switzerland, you have the right to obtain information about the safeguards we use for international transfers and, in certain circumstances, to object to the transfer of your personal information. To exercise these rights or for more information about our data transfer practices, please contact us at contact@deconflict.com.

8.3 Transfers from Other Jurisdictions

For users in other jurisdictions outside the EEA, UK, and Switzerland, we process your personal information in accordance with applicable local laws and implement appropriate safeguards as required.

9. Your Privacy Rights

Depending on your location and applicable law, you may have certain rights regarding your personal information.

9.1 Rights for All Users

1. Access:Request access to the personal information we hold about you
2. Correction:Request correction of inaccurate or incomplete personal information
3. Deletion:Request deletion of your personal information, subject to certain exceptions
4. Objection and Restriction:Object to or request restriction of certain processing

9.2 Additional Rights for EEA, UK, and Swiss Users

1. Data Portability:Receive a copy of your personal information in a structured, machine-readable format
2. Withdrawal of Consent:Withdraw consent at any time (does not affect lawfulness of prior processing)
3. Lodge a Complaint:Lodge a complaint with a supervisory authority

9.3 Additional Rights for California Residents

1. Right to Know:Request disclosure of personal information collected, sources, purposes, and third parties with whom we share it
2. Right to Delete:Request deletion of your personal information
3. Right to Correct:Request correction of inaccurate personal information
4. Right to Opt-Out:We do not sell personal information, but if we ever do, you have the right to opt out
5. Right to Limit Sensitive Personal Information:We do not collect sensitive personal information as defined by the CCPA
6. Right to Non-Discrimination:We will not discriminate against you for exercising privacy rights
7. Authorized Agents:You may designate an authorized agent to submit requests on your behalf

9.4 Additional Rights for Other U.S. State Residents

If you are a resident of Virginia, Colorado, Connecticut, Utah, or other states with comprehensive privacy laws, you may have similar rights to those described above.

9.5 How to Exercise Your Rights

To exercise any privacy rights, please contact us at: Email:contact@deconflict.com Subject Line:Privacy Rights Request Mail:Deconflict, Inc., 8 The Green STE A Dover, DE 19901 United States Include your full name, email address associated with your account, and description of the specific right(s) you wish to exercise.

9.6 Verification Process

To protect your privacy and security, we will verify your identity before fulfilling your request. We will respond to verified requests within the timeframes required by applicable law, typically within 30-45 days.

9.7 Appeals

If we deny your privacy request, you have the right to appeal. Contact us at contact@deconflict.com with “Privacy Rights Appeal” in the subject line.

10. Do Not Track and Global Privacy Control

10.1 Do Not Track

Our Services do not respond to Do Not Track (DNT) signals as there is no industry consensus on how to respond to them.

10.2 Global Privacy Control

If we detect a Global Privacy Control (GPC) signal from your browser, we will treat it as a request to opt out of the sale or sharing of your personal information, to the extent required by law. Learn more at https://globalprivacycontrol.org/.

11. Children’s Privacy

Our Services are not directed to individuals under the age of 18, and we do not knowingly collect personal information from children under 13 years of age. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at contact@deconflict.com. If we become aware that we have collected personal information from a child under 13 without parental consent, we will take steps to delete that information as soon as possible.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the “Last Updated” date, post the updated Privacy Policy on our website, notify you via email for material changes, and provide prominent notice on our website for significant changes. Your continued use of our Services after changes become effective constitutes acceptance of the updated Privacy Policy. If you do not agree with the changes, you must stop using our Services and may request deletion of your account.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:

Deconflict, Inc.

8 The Green STE A Dover, DE 19901 United States United States

• Email:contact@deconflict.com
• Subject Line:Privacy Inquiry

For Data Privacy Framework inquiries (EEA, UK, Swiss users):

• Email: contact@deconflict.com
• Subject Line: Data Privacy Framework Inquiry

For Privacy Rights Requests:

• Email: contact@deconflict.com
• Subject Line: Privacy Rights Request

We will respond to your inquiry within 30 days.

14. Notice at Collection for California and Other U.S. State Residents

This section provides additional disclosures required by the California Consumer Privacy Act (CCPA), California Privacy Rights Act (CPRA), and similar state privacy laws.

14.1 Categories of Personal Information Collected

Category	Examples	Sources	Business Purposes	Third Parties
Identifiers	Name, email, username, organization, IP address	Directly from you; automatically	Account management, authentication, security	Service providers (AWS, email); law enforcement (deconfliction)
Professional Information	Job title, agency affiliation, credentials	Directly from you; verification sources	Identity verification, access control	Service providers; law enforcement (deconfliction)
Internet Activity	IP, browser, access logs, API usage	Automatically	Security, platform improvement	Service providers (AWS, security tools)
Commercial Information	Account status, subscription info	Directly from you; internal	Service provision, billing	Service providers

14.2 Sensitive Personal Information

We do not collect sensitive personal information as defined by the CCPA/CPRA (Social Security numbers, financial account credentials, precise geolocation, biometric information, health information, or information about sex life or sexual orientation).

14.3 Sale or Sharing of Personal Information

We do not “sell” or “share” personal information as defined by the CCPA/CPRA. We have not sold or shared personal information in the preceding 12 months, and we do not have actual knowledge of any sale or sharing of personal information of minors under 16 years of age.

14.4 Retention Periods

We retain personal information for the periods described in Section 7 of this Privacy Policy.

14.5 Automated Decision-Making

We use machine learning models to generate crypto wallet risk scores. These automated processes do not produce legal or similarly significant effects concerning you as a registered user.

14.6 Right to Opt Out

If we ever engage in the sale or sharing of personal information, we will provide a clear link titled “Do Not Sell or Share My Personal Information” on our website.

14.7 Financial Incentive Programs

We do not offer financial incentive programs that involve the collection, retention, or sale of personal information. By using our Services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy.