Krystal Trace is a preliminary blockchain trace evidence product. This privacy policy explains what information we collect during Phase 1, how we use it, and the choices available to users. It is written for claimants, solicitors, forensic accountants, and claimant-group coordinators who need a plain account of the data flow before putting matter material into the product.

We collect account details such as name, email address, organisation, login events, plan selection, and billing status. We also collect matter content that users choose to provide: claimant records, evidence notes, transaction identifiers, wallet addresses, uploaded documents, trace settings, generated graph data, confidence grades, labels, report drafts, and final exports. Public-chain data is processed because it is necessary to produce the trace. We do not ask for private keys, seed phrases, exchange passwords, 2FA codes, or remote access to wallets.

We use this data to operate the service, authenticate accounts, run transaction tracing, generate evidence packs, maintain audit trails, respond to support requests, protect against abuse, and satisfy legal or contractual record-keeping duties. We do not add analytics tracking pixels by default and we do not sell claimant or matter data. Essential cookies may be used for login sessions, security, and service continuity. Non-essential analytics cookies are not enabled in Phase 1.

Named sub-processors may include Ollama Inc. for US-hosted transient processing, Anthropic PBC for report drafting and high-stakes analysis, and DeepSeek only as a fallback for non-private public-chain summary work. Private claimant evidence is not routed through DeepSeek's direct China-hosted API. Matters marked for sovereign mode use on-server local inference only, which is slower but avoids third-party LLM processing for matter content.

Where a solicitor, expert, or cohort administrator opens a workspace for other claimants, they are responsible for confirming they have a lawful basis and authority to upload the relevant material. We may show account-level activity, matter membership, export events, and report-generation history to that workspace owner so they can manage evidence integrity and access control. We do not use claimant evidence to train public AI models, and Phase 1 does not enable third-party marketing integrations.

Users in the UK or EU may request access, deletion, rectification, restriction, objection, or data portability where applicable. We may need to retain some evidence and audit records where deletion would compromise matter integrity, fraud prevention, or legal obligations. Trace data is retained for the matter lifetime plus seven years for evidence integrity unless a shorter period is agreed. Account data is deleted on request within 30 days where no legal or integrity hold applies.

Data requests should be sent to privacy@krystaltrace.example. We may ask for identity or authority confirmation before acting on a request, especially where a solicitor, cohort administrator, or expert is acting for a claimant.

Privacy policy v0.1 - under legal review. For active matters, contact us before relying on this.