Privacy Policy

Effective Date: February 20, 2025 | Version 1.1

SolSentinel ("we," "us," "our") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our smart contract auditing platform.

1. Information We Collect

1.1 Information You Provide Directly

Data Type	Examples	Purpose
Account Information	Username, email address, Auth0 provider (GitHub, Google, etc.)	Account creation, authentication, service communications
Payment Information	Credit card details (stored by Stripe), billing address, subscription tier, refund request details	Payment processing, billing, subscription management, refund processing
Smart Contract Code	Solidity files, contract addresses, uploaded code	Security analysis, vulnerability detection, audit report generation
Support Communications	Email correspondence, support tickets, feedback	Customer support, service improvement

1.2 Information Collected Automatically

Data Type	Examples	Purpose
Usage Data	Audit history, file sizes, usage counts, API calls, feature usage	Usage tracking, tier limit enforcement, service analytics
Log Data	IP addresses, browser type, access times, pages viewed, error logs	Security, troubleshooting, service optimization
Device Information	Operating system, device type, screen resolution	UI optimization, compatibility testing
Cookies & Session Data	Session tokens, authentication cookies, preferences	Authentication, session management, user preferences

1.3 Information from Third Parties

• Auth0: User profile data (email, name, OAuth provider info) for authentication
• Stripe: Payment confirmation, subscription status, billing events
• Ethereum Blockchain (Infura): On-chain contract data when you request facet analysis

2. How We Use Your Information

2.1 Service Provision

• Process and analyze your smart contracts for vulnerabilities
• Generate audit reports with risk scores and recommendations
• Provide API access for automated auditing (Pro/Enterprise)
• Track usage limits and enforce tier restrictions
• Generate compliance documentation (MiCA, SEC FIT21)

2.2 Account Management

• Create and maintain your account
• Authenticate your identity and prevent unauthorized access
• Process payments and manage subscriptions
• Send service notifications and account updates
• Provide customer support

2.3 Service Improvement

• Analyze usage patterns to improve features
• Debug technical issues and optimize performance
• Conduct security audits and prevent abuse
• Develop new features based on user needs

2.4 Legal and Security

• Comply with legal obligations and regulatory requirements
• Detect and prevent fraud, abuse, and security threats
• Enforce our Terms of Service
• Respond to legal requests (subpoenas, court orders)

3. How We Share Your Information

3.1 Third-Party Service Providers

We share data with carefully selected service providers who help us operate our Service:

Provider	Purpose	Data Shared
Auth0 (Okta)	Authentication & user management	Email, username, OAuth tokens, login history
Stripe	Payment processing	Payment methods, billing info, transaction history
Claude AI (Anthropic)	AI-powered code analysis (primary)	Smart contract code (temporary processing only)
Grok AI (X.AI)	AI-powered code analysis (fallback)	Smart contract code (temporary processing only)
Infura (ConsenSys)	Ethereum blockchain access	Contract addresses, on-chain queries
Render	Cloud hosting & infrastructure	Server logs, application data

3.2 Legal Requirements

We may disclose your information if required by law or in response to:

• Court orders, subpoenas, or legal processes
• Government or regulatory requests
• Law enforcement investigations
• Protection of our rights, property, or safety
• Prevention of fraud or illegal activity

3.3 Business Transfers

If SolSentinel is acquired, merged, or sold, your information may be transferred to the new entity. We will notify you via email and provide you the option to delete your account before the transfer.

4. Data Retention

4.1 Active Accounts

• Account Data: Retained while your account is active
• Usage History: Stored for 2 years for billing and analytics
• Uploaded Code: Deleted immediately after analysis (unless Enterprise archival enabled)
• Audit Reports: Stored for 90 days (downloadable during this period)
• Payment Records: Retained for 7 years (legal/tax requirements)

4.2 Deleted Accounts

When you delete your account:

• Personal data is anonymized or deleted within 30 days
• Backups containing your data are purged within 90 days
• Payment records retained for legal compliance (7 years)
• Aggregated, non-identifiable analytics may be retained indefinitely

5. Your Privacy Rights

5.1 GDPR Rights (EU Residents)

If you are located in the European Union, you have the following rights:

• Right to Access: Request a copy of your personal data
• Right to Rectification: Correct inaccurate or incomplete data
• Right to Erasure ("Right to be Forgotten"): Request deletion of your data
• Right to Restriction: Limit how we process your data
• Right to Data Portability: Receive your data in a machine-readable format
• Right to Object: Object to processing for specific purposes
• Right to Withdraw Consent: Revoke consent at any time (doesn't affect past processing)
• Right to Lodge a Complaint: File a complaint with your local data protection authority

5.2 CCPA Rights (California Residents)

If you are a California resident, you have the following rights:

• Right to Know: Request disclosure of data collected about you
• Right to Delete: Request deletion of your personal information
• Right to Opt-Out: Opt-out of the sale of personal information (we don't sell data)
• Right to Non-Discrimination: Equal service regardless of exercising your rights

5.3 How to Exercise Your Rights

6. Data Security

6.1 Security Measures

We implement industry-standard security practices:

• Encryption: TLS/SSL for data in transit, AES-256 for data at rest
• Authentication: OAuth 2.0 via Auth0, multi-factor authentication support
• Access Controls: Role-based access, principle of least privilege
• Monitoring: 24/7 security monitoring, intrusion detection
• Regular Audits: Quarterly security assessments and penetration testing
• Secure Infrastructure: Hosted on Render with automated backups

6.2 Data Breach Notification

In the event of a data breach affecting your personal information, we will:

• Notify affected users within 72 hours (GDPR requirement)
• Report to relevant authorities as required by law
• Provide details on the breach and steps we're taking
• Offer guidance on protecting your account

6.3 Your Security Responsibilities

You are responsible for:

• Keeping your password secure and confidential
• Using strong, unique passwords
• Enabling two-factor authentication (if available)
• Logging out of shared devices
• Reporting suspicious activity immediately

7. International Data Transfers

SolSentinel is based in the United States. If you access our Service from outside the US, your information will be transferred to, stored, and processed in the United States.

7.1 EU-US Data Transfers

For EU users, we rely on:

• Standard Contractual Clauses (SCCs): Approved by the European Commission
• Adequacy Decisions: Where available
• Service Provider Safeguards: Our third-party providers (Auth0, Stripe) are certified under EU-US data transfer frameworks

8. Cookies and Tracking Technologies

8.1 Types of Cookies We Use

Cookie Type	Purpose	Duration
Essential Cookies	Authentication, session management, security (CSRF tokens)	Session / 2 weeks
Functional Cookies	Remember preferences (theme, language)	1 year
Analytics Cookies	Usage statistics, feature adoption (anonymized)	2 years

8.2 Cookie Control

You can control cookies through:

• Browser settings (most browsers allow blocking third-party cookies)
• Opt-out tools provided by analytics providers
• Disabling non-essential cookies in your Account Settings

Note: Blocking essential cookies may prevent you from using certain features.

9. Children's Privacy

SolSentinel is not intended for users under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected data from a child, contact us immediately at support@solsentinel.io, and we will delete it promptly.

10. Third-Party Links

Our Service may contain links to third-party websites (e.g., documentation, external tools). We are not responsible for the privacy practices of these sites. We encourage you to review their privacy policies before providing any information.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Changes will be effective:

• Immediately for new users
• 30 days after notification for existing users

We will notify you of material changes via:

• Email to your registered address
• In-app notification upon next login
• Prominent notice on our website

Continued use after changes take effect constitutes acceptance of the updated policy.

12. Contact Us

13. Data Processing Summary

---

Last Updated: February 20, 2025 | Version 1.1
By using SolSentinel, you acknowledge that you have read and understood this Privacy Policy.