1. Introduction

Welcome to CryptoTrail Inc (“CryptoTrail”, “we”, “us”, or “our”). This Privacy Policy explains how we collect, use, disclose, and protect personal information when you visit cryptotrail.org or use our crypto recovery, blockchain investigation, asset tracing, and scam report assistance services (the “Services”).

CryptoTrail Inc is registered and headquartered in the United Kingdom. We operate in accordance with the UK Data Protection Act 2018, the UK GDPR, and applicable privacy and data protection laws.

2. Information We Collect

We collect information that you provide directly and information collected automatically.

A. Personal information you provide

When you use our Services or contact us, you may provide us with personal information including, but not limited to:

• Full name
• Email address
• Phone number
• Cryptocurrency wallet address(es)
• Transaction records and related blockchain transaction data
• Identification documents and information submitted for verification or compliance (e.g., photo ID)
• Communications you send to us (emails, chat transcripts, form submissions)

B. Information collected automatically

We and our service providers automatically collect technical and usage information when you visit our site, including:

• IP address
• Browser type and version
• Operating system and device type
• Pages viewed and time spent on pages
• Referrer URL and referral source
• Analytics and performance information

We use Google Analytics and Cloudflare for analytics, performance, and security. See Cookies & Tracking for more details.

3. How We Use Your Information

We process personal information for the following purposes:

• To provide and operate the Services (e.g., analyse a recovery request, perform blockchain investigation, and support asset tracing).
• To verify identity and perform compliance or anti-fraud checks, including identity document verification where required.
• To communicate with you about our Services, respond to support requests, and send important service updates.
• To improve, test, and monitor our Services, and analyse usage trends and customer behaviour.
• To maintain security, prevent abuse, detect and prevent fraud and malicious activity.
• To comply with legal obligations, regulatory requests or court orders.

4. Legal Basis for Processing

Under the UK GDPR, we rely on the following legal bases to process personal data:

• Performance of a contract: When you enter into an agreement with us to provide Services.
• Legitimate interests: For fraud prevention, platform security, analytics, and service improvement (balanced against your rights and freedoms).
• Legal obligation: Where processing is necessary to comply with applicable laws or regulatory requirements.
• Consent: For optional communications such as marketing emails where we have obtained your explicit consent.

5. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes outlined in this Policy, to satisfy legal, accounting, or reporting requirements, and to resolve disputes. Typical retention periods include:

• Records related to a recovery case: retained for the duration of the case and generally up to 5 years following last activity, unless a longer retention period is required by law.
• Support communications: retained as needed to respond to issues and for quality and training purposes.
• Analytics and logs: retained in aggregated or pseudonymised form for trend analysis; raw logs retained for security and fraud prevention for a limited period.

If you request deletion and we are not legally required to retain certain data, we will delete or anonymise your personal information within a reasonable timeframe after verifying your request.

6. How We Protect Your Data

We implement appropriate technical and organisational measures to protect personal data, including:

• Encryption of sensitive communications and data in transit.
• Secure servers and access controls to restrict data access to authorised personnel only.
• Use of Cloudflare for DDoS protection and security hardening.
• Regular security reviews and vulnerability testing.

Note: While we use industry-standard safeguards, no method of transmission or storage is 100% secure. Absolute security cannot be guaranteed — please avoid sharing highly sensitive information by insecure channels.

7. Cookies & Tracking Technologies

We and our third-party partners use cookies, web beacons, scripts and other tracking technologies to collect information about your interactions with our website and Services. Uses include:

• Essential cookies for site functionality and session management.
• Analytics cookies to measure performance and usage (via Google Analytics).
• Security cookies and measures for fraud detection and platform protection (via Cloudflare).

You can manage cookies through your browser settings. Blocking some cookies may affect site functionality.

8. Sharing & Disclosure of Your Information

We do not sell or rent personal data to third parties. We may disclose personal information to:

• Service providers who perform services on our behalf (e.g., analytics, hosting, security). These providers are contractually bound to protect the data and use it only for the services they provide.
• Legal authorities: When required by law, court order, or to respond to lawful requests (including to investigate fraud or security breaches).
• Professional advisors: For legal, auditing, or compliance matters.
• Affiliated entities: Where necessary for internal business purposes or corporate restructuring.

All disclosures are governed by data processing agreements and confidentiality obligations where applicable.

9. International Data Transfers

As a UK-based company with a global user base, personal data may be processed in jurisdictions outside the UK. When transfers occur, we implement safeguards such as:

• Standard Contractual Clauses (SCCs) or other lawful transfer mechanisms approved under UK data protection law.
• Ensuring recipients provide an adequate level of protection for personal data.

If you want specific details about where your data is processed, please contact us at privacy@cryptotrail.org.

10. Your Rights

Under applicable data protection laws you may have the right to:

• Access — Request a copy of the personal information we hold about you.
• Rectification — Request correction of inaccurate personal data.
• Erasure — Request deletion of your personal data where we have no lawful basis to retain it.
• Restriction — Request restriction of processing in certain circumstances.
• Data portability — Request a machine-readable copy of your personal data.
• Objection — Object to processing based on our legitimate interests, including profiling and direct marketing.

To exercise these rights, contact us at privacy@cryptotrail.org. We may request information to verify your identity before responding to a request. We will respond within applicable legal timeframes.

11. Children’s Privacy

Our Services are not intended for individuals under the age of 18. We do not knowingly collect personal information from children under 18. If you believe a child’s personal data has been collected, please contact us and we will take steps to delete that information.

12. Third-Party Links

Our website may contain links to third-party websites, tools or services not operated by CryptoTrail. We are not responsible for the privacy practices or content of third-party sites. We encourage you to review the privacy policies of any site you visit.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes to our practices, legal requirements, or Services. When we make material changes we will update the “Last Updated” date at the top of this page. Continued use of our Services after changes constitutes acceptance of the updated policy.

14. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, you may contact:

This policy is provided for informational purposes and does not create any contractual or legal rights for any party. For legal advice specific to your situation, please consult a qualified attorney.