WhaleWatchR
WE KNOW. NOW.

Legal

Privacy Policy

WhaleWatchR complies with the GDPR. This notice explains which data we process, why we process it, and the rights available to you.

1. Controller & Contact

Controller (Art. 4 (7) GDPR): WhaleWatchR, Am Hohen Ufer 8, 32549 Bad Oeynhausen. Email [email protected].

2. Categories of Data

  • Email address for account management and transactional communication.
  • Wallet address submitted for analysis.
  • Usage telemetry (request logs, timestamps, success/error codes).
  • Technical data (IP address, user agent, coarse location derived from IP for abuse prevention).

3. Purposes & Legal Bases

  • Contract performance (Art. 6 (1) b) GDPR) for providing the WhaleWatchR dashboard and API.
  • Legitimate interests (Art. 6 (1) f) GDPR) to secure infrastructure, prevent fraud, and improve the service.
  • Consent (Art. 6 (1) a) GDPR) for marketing email or beta-program outreach. Consent can be withdrawn any time.
  • Legal obligations (Art. 6 (1) c) GDPR) where retention is required under tax or commercial law.

4. Processors & Recipients

We rely on carefully selected processors with GDPR-compliant data-processing agreements:

  • Cloudflare, Inc. (CDN, security, analytics) – data centers worldwide with SCCs.
  • Brevo / Sendinblue (transactional email + double opt-in) – EU-based infrastructure.
  • Additional processors may be added; an updated list will be maintained here.

5. Retention

Account information is stored while you maintain a WhaleWatchR subscription. Analysis logs stay for up to 30 days unless longer storage is necessary for security incidents. Invoices and billing data remain for ten (10) years under German tax law.

6. International Transfers

When data leaves the EU/EEA, we rely on adequacy decisions or Standard Contractual Clauses (SCCs). Details are available upon request via [email protected].

7. Data Subject Rights

Under Articles 12–23 GDPR you may request:

  • Access, rectification, or deletion of your personal data.
  • Restriction of processing and data portability.
  • Objection to processing based on legitimate interests.
  • Complaint to your supervisory authority.

8. Contact & Deletion Requests

Submit privacy questions or deletion requests to [email protected]. Please include the wallet/email identifiers we should remove. We respond within one month as required by Art. 12 GDPR.