Protecting Your Data, Always

Geometric design with green and black

1. Introduction

SphinxGo ("Company," "we," "us," "our") is committed to protecting your privacy and ensuring you have a positive experience on our website and mobile applications (collectively, the "Services").
This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website (sphinxgo.com) and use our Services.

Please read this Privacy Policy carefully. If you do not agree with our policies and practices, please do not use our Services.

2. Information We Collect

2.1 Information You Provide Directly

Identity Verification Information

  • Government-issued identification documents (driver's license, passport)
  • Full name, date of birth, address
  • Photographs from identification documents
  • Contact information (email, phone number)

Account Information

  • Username and password
  • Profile information
  • Billing and payment information
  • Communication preferences

Service Usage Information

  • Blockchain addresses you query or monitor
  • Transaction reports you request
  • Certification applications and supporting documents
  • Support tickets and communications

2.2 Information Collected Automatically

Technical Information

  • IP address and device identifiers
  • Browser type and version
  • Operating system
  • Pages visited and time spent
  • Referring website
  • Cookies and similar tracking technologies

Usage Analytics

  • Features accessed
  • Services used
  • API calls and endpoints
  • Error logs and debugging information

2.3 Information from Third Parties

  • Payment processors
  • Identity verification services
  • Registration authorities
  • Analytics providers

3. How We Use Your Information

3.1 Primary Uses

Service Delivery

  • Process and fulfill your requests for transaction reports
  • Verify and certify blockchain addresses
  • Provide address analytics and monitoring
  • Generate compliance documentation
  • Maintain and improve our Services

Identity Verification & Certification

  • Verify your identity
  • Validate government-issued identification
  • Create deterministic cryptographic representations (hashes)
  • Maintain certification status
  • Prevent fraud and unauthorized access

Communication

  • Send service updates and notifications
  • Respond to inquiries and support requests
  • Send promotional materials (with consent)
  • Notify you of policy changes

Security & Compliance

  • Detect and prevent fraud
  • Enforce our Terms of Service
  • Comply with legal obligations
  • Maintain audit trails

3.2 Legal Basis for Processing (GDPR/CCPA)

  • Contractual Necessity
  • Legal Obligation
  • Legitimate Interest
  • Consent

4. Data Security & Protection

4.1 Security Measures

Encryption

  • End-to-end encryption for identity documents
  • Data encrypted in transit and at rest

Credential Handling

  • Documents converted to cryptographic hashes
  • Original documents not permanently stored
  • Encrypted versions deleted after verification

Access Controls

  • Role-based access control
  • Multifactor authentication
  • Audit logging
  • Security assessments

Data Minimization

  • Collect only necessary information
  • Automatic deletion of identification documents

4.2 Secure Deletion Protocol

  1. Identity information converted to a cryptographic hash
  2. Encrypted copies shared with registration authorities
  3. Verification completed
  4. Encrypted documents deleted
  5. Only the hash is retained
  6. Original documents never stored

5. Data Retention

Data Type Retention Period Purpose
Identity Documents (Encrypted) Until verification complete Verification only
Hashed Credentials Indefinite Certification and verification
Transaction Reports User-defined Service delivery
Account Information Until account deletion Service provision
Technical Logs 90 days Security & debugging
Payment Records 7 years Legal/tax compliance

User-Initiated Deletion: You may request deletion at any time. Data will be deleted within 30 days, except where law requires retention.

6. Sharing Your Information

6.1 Shared With Third Parties

  • Service Providers
  • Registration Authorities
  • Legal Requirements (law enforcement, courts, etc.)

6.2 We Do NOT Share

  • Original identification documents
  • Unencrypted personal information
  • Your data without consent
  • Blockchain addresses (unless required)

7. Your Privacy Rights

7.1 Access & Portability

  • Access your data
  • Receive a portable copy

7.2 Correction & Deletion

  • Correct inaccuracies
  • Request deletion

7.3 Withdrawal of Consent

  • Marketing
  • Optional analytics

7.4 Exercising Your Rights

Email: start@sphinxgo.com

8. Children's Privacy

We do not knowingly collect data from children under 18.

9. International Data Transfers

Data may be transferred to the U.S. and other countries.

10. Third-Party Links

We are not responsible for third-party privacy practices.

11. California Privacy Rights (CCPA)

  • Right to Know
  • Right to Delete
  • Right to Opt-Out
  • Right to Non-Discrimination

12. European Privacy Rights (GDPR)

  • Access
  • Rectification
  • Erasure
  • Restriction
  • Portability
  • Objection
  • Complaint

13. Cookies & Tracking

  • Essential
  • Analytics
  • Marketing

14. Contact Us

Email: start@sphinxgo.com

15. Policy Changes

We may update this policy and notify you of changes.

16. Compliance Certifications

  • GDPR
  • CCPA
  • Apple Privacy Requirements
  • Security audits