Privacy Policy - Crypto Security Services

Effective Date: August 1, 2025
Last Updated: August 1, 2025

1. Controller Information

Business Name: Crypto Security Services
Contact Person: Joe LeFever
Address: Pistoriusstrasse 147, 13086 Berlin, Germany
Email: joe@sicherheight.io
Phone: +49 17645951044

2. Data We Collect

2.1 Client Information

  • Contact Details: Name, email address, phone number, company name

  • Contract Information: Service agreements, payment details, project scope

  • Communication Records: Emails, messages, meeting notes, calls

2.2 Investigation Data

  • Blockchain Data: Wallet addresses, transaction hashes, smart contract addresses

  • Public Information: Information from public blockchains, social media, public records

  • Client-Provided Data: Documents, evidence, and materials provided for investigation

2.3 Website Data (if applicable)

  • Technical Data: IP address, browser type, device information

  • Usage Data: Pages visited, time spent (only if website analytics are implemented)

3. Legal Basis for Processing

We process personal data based on:

  • Legitimate Interests (Art. 6(1)(f) GDPR): For investigation services and business operations

  • Contract Performance (Art. 6(1)(b) GDPR): To fulfill our service agreements

  • Legal Obligations (Art. 6(1)(c) GDPR): For compliance with German and EU law

  • Consent (Art. 6(1)(a) GDPR): Where explicitly provided for specific processing

4. How We Use Your Data

4.1 Primary Purposes

  • Service Delivery: Conducting blockchain investigations, security analysis, and reporting

  • Client Communication: Project updates, deliverables, and support

  • Legal Compliance: Meeting regulatory requirements and legal obligations

  • Business Operations: Invoicing, contract management, quality assurance

4.2 Analysis and Research

  • Case Analysis: Technical investigation work on blockchain transactions

  • Security Research: Analysis of smart contracts and DeFi protocols

  • Report Generation: Creating investigation reports and technical documentation

5. Data Sharing and Recipients

5.1 Third-Party Service Providers

  • Blockchain Analysis Tools: Crystal Intelligence, Chainalysis, TRM Labs (when required for cases)

  • Cloud Storage: Encrypted storage services for case files

  • Communication Tools: Secure email and messaging platforms

5.2 Legal Requirements

  • Law Enforcement: When required by court order or legal obligation

  • Regulatory Bodies: As required under German financial and data protection law

5.3 Client Authorization

  • Investigation Partners: When explicitly authorized by client for case collaboration

  • Legal Representatives: With client consent for legal proceedings

6. Data Retention

6.1 Retention Periods

  • Active Cases: Duration of engagement plus 3 years

  • Completed Cases: 7 years from completion (German commercial law requirement)

  • Communication Records: 3 years from last contact

  • Website Data: 2 years maximum (if applicable)

6.2 Secure Deletion

Data is securely deleted after retention periods using industry-standard methods.

7. Data Security

7.1 Technical Measures

  • Encryption: All case files encrypted at rest and in transit

  • Access Controls: Multi-factor authentication and secure access procedures

  • Air-Gapped Systems: Isolated analysis environments for sensitive cases

  • Regular Backups: Encrypted backup systems with tested recovery procedures

7.2 Organizational Measures

  • OPSEC Protocols: Strict operational security procedures

  • Incident Response: Documented procedures for data breaches

  • Vendor Management: Security requirements for all service providers

8. Your Rights Under GDPR

8.1 Individual Rights

  • Access (Art. 15): Request copies of your personal data

  • Rectification (Art. 16): Correct inaccurate personal data

  • Erasure (Art. 17): Request deletion of personal data

  • Restriction (Art. 18): Limit processing of personal data

  • Portability (Art. 20): Receive data in machine-readable format

  • Objection (Art. 21): Object to processing based on legitimate interests

8.2 Exercising Your Rights

To exercise these rights, contact us at: joe@sicherheight.io
We will respond within 30 days of receiving your request.

8.3 Limitations

Some rights may be limited by:

  • Legal obligations to retain data

  • Ongoing legal proceedings

  • Legitimate interests in investigation work

9. International Data Transfers

9.1 Third Countries

Data may be transferred to third countries only with:

  • Adequacy Decisions: EU Commission-approved countries

  • Standard Contractual Clauses: For blockchain analysis service providers

  • Explicit Consent: Where required for specific services

9.2 Safeguards

All international transfers include appropriate safeguards under GDPR Chapter V.

10. Special Categories of Data

We do not intentionally collect special categories of personal data. If such data is encountered during investigations:

  • Processing is based on substantial public interest (Art. 9(2)(g) GDPR)

  • Additional safeguards and security measures apply

11. Automated Decision Making

We do not engage in automated decision-making or profiling that significantly affects individuals.

12. Contact and Complaints

12.1 Contact Information

Email: joe@sicherheight.io
Address: Pistoriusstrasse 147, 13086 Berlin, Germany

12.2 Supervisory Authority

You have the right to lodge a complaint with:
German Federal Commissioner for Data Protection and Freedom of Information
Graurheindorfer Str. 153, 53117 Bonn, Germany

13. Changes to This Policy

We may update this privacy policy to reflect changes in our practices or legal requirements. Updated versions will be posted on our website with the revision date.

Document Version: 1.0