Scorechain AI - Privacy Policy

2. Scope and Application

This Privacy Policy applies to all processing of personal data by Scorechain SA in connection with the operation of the Scorechain AI online service (accessible via go.scorechain.com) and any related digital interfaces, including account registration, payments, analytics, and marketing communications.

This Policy complies with the General Data Protection Regulation (EU) 2016/679 (GDPR) and the Luxembourg Data Protection Act.

3. Categories of Personal Data Processed

Scorechain processes the following categories of data:
‍
‍3.1 Account and Identification Data
‍Name, surname, and company name (if provided)Email addressLogin method (Google account or email/password)Account creation and login timestamps

3.2 Service Usage Data
‍Blockchain addresses submitted for scoring or monitoringHistorical list of previously scored addresses and corresponding risk dataTechnical logs relating to Service performance

3.3 Payment and Billing Data
‍Invoice identifiersPayment metadata managed by third-party processors Payment timestamps and statuses

3.4 Technical and Tracking Data
‍IP address and device/browser informationCookie identifiers, analytics and advertising tags, consent preferences (via Usercentrics)

3.5 Marketing and Communication Data
‍Email address and communication preferences, when users have provided explicit consent to receive updates, newsletters, or promotional offers.

4. Purposes and Legal Bases of Processing

Scorechain processes personal data for the following purposes:
‍
Service Provision
‍Purpose: To create and manage user accounts, provide address scoring, and maintain access to past analyses.
Legal Basis: Performance of a contract (Art. 6(1)(b) GDPR)
‍
Payments & Billing
‍Purpose: To process and verify transactions, issue invoices, and comply with financial and tax obligations.
Legal Basis: Performance of a contract / Legal obligation (Art. 6(1)(b), 6(1)(c) GDPR)

Fraud Prevention & Security
‍Purpose: To detect misuse, ensure platform integrity, and secure access.
Legal Basis: Legitimate interest (Art. 6(1)(f) GDPR)

Analytics & Performance Monitoring
‍Purpose: To understand usage patterns and improve service quality (e.g. Google Analytics, Microsoft Clarity).
Legal Basis: Consent (Art. 6(1)(a) GDPR)

Advertising & Retargeting
‍Purpose: To deliver relevant advertisements via third-party networks (Google Ads, Meta Pixel, LinkedIn, Microsoft, Twitter/X, Reddit).
Legal Basis: Consent (Art. 6(1)(a) GDPR)

Marketing Emails
‍Purpose: To send newsletters, product news, or promotional communications to users who have opted in.
Legal Basis: Consent (Art. 6(1)(a) GDPR)

Legal Compliance
‍Purpose: To respond to lawful requests, enforce contractual terms, or comply with applicable financial and AML laws.
Legal Basis: Legal obligation (Art. 6(1)(c) GDPR)

5. Data Sharing and Recipients

Personal data may be shared with the following categories of recipients, only when necessary for the above purposes:

‍Payment Processors:
These providers act as independent data controllers for payment-related data.

‍Hosting and Infrastructure Providers:
Scorechain’s systems are hosted within the European Union

‍Analytics and Advertising Partners:
Marketing and analytics tools integrated through Google Tag Manager (including Google Analytics, Google Ads, Meta Pixel, LinkedIn Insight, Microsoft Ads, Microsoft Clarity, Twitter/X, and Reddit).
These tools are activated only upon user consent via Usercentrics.

‍Email Communication Providers:
Used for transactional and, where consented, marketing communications.

‍Legal Authorities:
Where required by law, Scorechain may disclose information to competent authorities or courts.

‍Accounting and Tax
Personal data related to payments or invoicing may be processed or shared as necessary to comply with Scorechain’s legal obligations under applicable accounting and tax laws.Such data may be transmitted to external accountants, auditors, or competent authorities when required.

No personal data is sold or transferred to third parties for independent commercial purposes.

6. Cookies and Tracking Technologies

Scorechain uses cookies and similar technologies to enable Service functionality, measure performance, and deliver personalized advertisements.Cookies fall into the following categories:
‍Essential cookies – required for platform security and operation.
‍Analytics cookies – used to understand usage and improve performance.
‍Marketing cookies – used for advertising and retargeting across platforms.

Consent for non-essential cookies (analytics and marketing) is obtained and managed via Usercentrics, where users can grant, refuse, or withdraw consent at any time.
Cookie retention complies with CNPD guidance and does not exceed 13 months from consent.
A detailed Cookie Policy is available at /cookies.

7. Marketing Communications

If you opt in, Scorechain may use your email address to send newsletters, updates, or promotional offers regarding Scorechain AI and other Scorechain products.You may withdraw consent at any time by:
Clicking the “unsubscribe” link in any marketing email, or
Contacting support@scorechain.com.

Withdrawal of consent does not affect the lawfulness of processing carried out before withdrawal.
Transactional or service-related communications (e.g., billing, security, or account notices) are sent regardless of marketing preferences.

8. Data Retention

Scorechain retains personal data only for as long as necessary to fulfill the purposes described in this Privacy Policy and to comply with legal obligations.
‍
Account and Service Data:
Retention Period: While the account remains active and up to 12 months after account closure or last activity.
‍
Payment and Billing Records
Retention Period: As required under applicable financial and tax laws, for up to 10 years.
‍
Address Scoring History:
Retention Period: While the account is active and up to 12 months after deletion.
‍
Analytics and Advertising Data:
Retention Period: 13 months after collection or until consent is withdrawn, whichever occurs first.
‍
Email and Marketing Preferences:
Retention Period: Until consent is withdrawn or 12 months after the last interaction.

9. International Transfers

All Scorechain data and infrastructure are located within the European Union. Third-party processors outside the EEA (e.g., global analytics or email providers) operate under valid transfer mechanisms such as the EU–U.S. Data Privacy Framework or Standard Contractual Clauses (SCCs) ensuring adequate protection of personal data.

10. Data Security

Scorechain implements appropriate technical and organizational measures to protect personal data, including:Encryption of communications and stored data;Role-based access control for authorized staff only;Periodic security reviews and data minimization practices.

No system can guarantee absolute security; however, Scorechain maintains industry-standard safeguards to prevent unauthorized access, alteration, disclosure, or destruction of data.

11. Your Rights

12. Automated Decision-Making

Scorechain does not carry out any automated decision-making or profiling that produces legal or similarly significant effects on individuals.

13. Updates to This Policy

Scorechain may modify this Privacy Policy from time to time to reflect legal or operational changes. Material updates will be announced through the Scorechain AI platform or by email. The date of the latest update will always appear at the top of this page.

14. Contact

Scorechain SA
11, boulevard du Jazz L-4370 Belvaux, Luxembourg
Mail: support@scorechain.com