This Privacy Policy describes how the Global Sanctions Intelligence Group ("GSIG"), a product of Vonartis Foundation ("we", "us"), collects, uses, and protects information in connection with the GSIG API, website, and related services (the "Service").
Account information: When you create a GSIG account, we collect your name, email address, company name, company type, jurisdiction, and a hashed version of your password. We do not store passwords in plaintext.
Payment information: Subscription payments are processed by Stripe. We store your Stripe customer ID and subscription ID but do not store credit card numbers, bank details, or other payment credentials. Stripe's privacy policy governs the handling of your payment data.
x402 payment data: When you pay via x402 (USDC), we record your blockchain wallet address, the payment amount, the transaction hash, and the endpoint accessed. This data is logged for payment verification and may be cross-referenced with our intelligence database for security and compliance purposes.
API usage data: We log every API call including the endpoint, the blockchain address queried, the response code, response time, and timestamp. This data is used for billing, rate limiting, analytics, and service improvement.
Technical data: We collect IP addresses, browser user agents, and session identifiers for security, fraud prevention, and service operation.
| Data type | Purpose | Retention |
|---|---|---|
| Account details (name, email, company) | Account management, communication | Duration of account + 2 years |
| Password hash (bcrypt) | Authentication | Duration of account |
| Stripe customer/subscription ID | Payment processing, billing | Duration of account + 7 years |
| API usage logs | Billing, rate limiting, analytics | 12 months rolling |
| x402 payer wallet address | Payment verification, security | 12 months rolling |
| IP addresses, user agents | Security, fraud prevention | 90 days |
| Session tokens (hashed) | Authentication | Until expiry (24 hours) |
We use the information we collect to operate and improve the Service, process payments, enforce usage limits, prevent abuse, communicate with you about your account, and comply with legal obligations. We do not use your personal information for advertising or sell it to third parties.
The blockchain addresses you query through the GSIG API are recorded in our usage logs. We may aggregate and anonymise query patterns for service improvement (e.g., understanding which chains are most frequently screened). We do not share individual query logs with third parties except as required by law or with your explicit consent.
Important: The intelligence data in GSIG reports (sanctions matches, entity attributions, money flow data) is derived from publicly available blockchain data and published regulatory lists. This data is not personal data of our customers.
We share data with third parties only in the following circumstances:
Payment processors: Stripe processes subscription payments. Coinbase's x402 facilitator verifies USDC payments. Each operates under their own privacy policies.
Legal requirements: We may disclose data to law enforcement or regulatory authorities if required by law, court order, or government regulation.
Regulatory partnerships: GSIG participates in mutual intelligence exchange with monetary authorities. This involves sharing aggregate sanctions intelligence data, not customer account data or usage logs.
We implement appropriate technical and organisational measures to protect your data, including encrypted storage, hashed passwords (bcrypt), hashed API keys (SHA-256), database access controls, and network firewalls. Our database is hosted on infrastructure that is not directly accessible from the internet.
Depending on your jurisdiction, you may have the right to access your personal data, request correction or deletion, object to processing, request data portability, and withdraw consent. To exercise any of these rights, contact us at info@gsig.uk.
Note that deleting your account will also revoke your API keys and terminate your subscription. Usage logs may be retained in anonymised form for the periods described above.
Your data may be processed in jurisdictions outside your country of residence. We take appropriate steps to ensure adequate protection of your data in accordance with applicable data protection laws.
The GSIG website uses minimal cookies for session management (login authentication). We do not use advertising cookies, tracking pixels, or third-party analytics that track users across websites. The API does not set cookies.
The Service is not intended for use by individuals under 18. We do not knowingly collect data from minors.
We may update this Privacy Policy by posting the revised version on this page. Material changes will be communicated via email to account holders.
For privacy inquiries, contact us at info@gsig.uk.
For security concerns, contact security@gsig.uk.