Last Updated February 10, 2023
TransferChain was founded on the premise of impregnable privacy and security for the cloud. Our mission is to provide a privacy and security enhancing cloud solution that is unrivaled within the industry.
TransferChain prioritizes privacy in the design, architecture and operation of its products and services. We respect and understand the importance of your privacy and are therefore committed to extending complete protection to the personal information of our customers who use our products and services. Ensuring complete transparency in our practices for using and storing any data is our number one priority.
1. Information You Provide
Our overarching objective is to collect as little user information (including personal data) as possible in order to provide a completely private user experience when using our Services. Nevertheless, Your content (including, but not limited to audio, visual and video works and alphanumeric figures and signs) can never be accessed or used to identify any individual.
Personal data processing is limited to the following:
i. Account Information (“Personal Data”)
- Email Address. In cases where, You choose to register for our products or services on TransferChain with the email option, and/or You volunteer to participate in the beta testing of new applications and/or features, and/or You contact the TransferChain Support Team, and/or You choose to subscribe to our email newsletter, we will be receiving Your email address. However, even if You provide Your email address directly to us, TransferChain is not capable of associating an email address with customers’ content (including, but not limited to audio, visual and video works and alphanumeric figures and signs) uploaded to TransferChain's blockchain based end-to-end encrypted platform, in any way.
- Performance Information. In order to provide our Services in accordance with our contractual relationship (like the information we need regarding the amount of Your storage), we process activity usage of the Services. Examples include: the size information of the stored content, the amount of transferred content etc. This is solely done for the purpose of providing the necessary account size limits (e.g. 1 TB of storage).
ii. Content Uploaded by You (“Content”)
This is the content (including, but not limited to audio, visual and video works and alphanumeric figures and signs) our customers upload to our systems for the use of services provided by TransferChain. We maintain the confidentiality and accessibility of Content uploaded to our blockchain based distributed cloud systems, through an end-to-end encryption of each file with encryption keys that are generated, derived, encrypted entirely on the client-side, splitting each file into pieces on the client-side, and distributing pieces to the safest providers around the world, while utilizing our blockchain with the user and file authentication and authorization. As a result, any data that is uploaded to TransferChain can only be accessed by You and the intended recipients.
We would like to once again make it very clear that TransferChain acts as a data controller only with respect to the Personal Data and it has no access to and capability to access and/or process Content. Hence, it is of crucial importance that TransferChain should not be considered a data controller related to Content.
iii. De-Identified Website Analytics
All Content is only stored by TransferChain until deleted by the user. Once the Content is deleted from TransferChain Platform, it cannot be restored.
2. Purposes and Legal Basis for Processing
See the table below which sets out our purpose for processing Your Personal Data, which you chose to provide, our legal justifications (basis) under data protection regulations:
|Purpose for Processing of Your Personal Data||Legal Basis that Permits the Purpose||Categories of Personal Data That Can Be Used for the Purpose|
|To provide TransferChain’s Services||Performance of a Contract|
|To process your payment.||Performance of a Contract|
|To understand, diagnose, troubleshoot, and fix issues with TransferChain’s Services.||Performance of a Contract|
|To provide any Support Services initiated by You||Legitimate Interest|
For marketing or advertising where the law requires us to collect your consent.
For example, when the law requires consent for email marketing.
To comply with a legal obligation that we are subject to. This might be due to an obligation under the law of the country/region You are located in or Swiss Law (as we are headquartered in Switzerland).
|Compliance with Legal Obligations|
To comply with a request from authorities. This will only apply, in principal, when a competent Swiss authority contacts us.
|Compliance with Legal Obligations|
To establish, exercise, or defend legal claims.
|Compliance with Legal Obligations|
3.Disclosure of Information
TransferChain utilizes state-of-the-art cryptography, end-to-end encryption, distributed data and blockchain to deliver all-in-one private and secure cloud services for its customers. According to the current state of technology and the public knowledge of the human race, TransferChain is unable to access your Content, at any given time.
To clarify, due to its technical architecture TransferChain cannot and will not be able to disclose or provide access to any Content to authorities or other third parties even if it is required by applicable local regulations. However, if public authorities contact TransferChain with an information request that relates to Content, TransferChain will redirect the authorities to request that data directly from You. TransferChain will promptly notify You and provide a copy of such demand unless legally prohibited from doing so.
However, as stated above, You agree and acknowledge that, TransferChain could be obliged by applicable local regulations to disclose limited information we have regarding the Services we provide to You, to public authorities. In such a case, in principle, TransferChain will only disclose such information by a binding request coming from the competent Swiss authorities. TransferChain’s general policy is to challenge requests whenever possible and where there are doubts as to the validity of the request or if there is a public interest in doing so. In such situations, we will not comply with the request only after all legal or other remedies have been exhausted.
TransferChain pays extreme attention to what security and privacy measures that the potential third party service providers take, before enabling any kind of their integrations to our Services. We only work with third party service providers who contractually undertake to use their best endeavors to protect personal data.
4. Retention, Storing and Protection of your Information
When you sign up for an account with us, we will retain any information you store on our Services (Content) for the purposes described under Section 1. If you deactivate your account, we will delete your Content immediately after your deactivation initiation. In addition, we will delete your Personal Data within 30 days after the deletion initiation (We only retain this necessary information for a short period of time to comply with our legal obligations, resolve disputes, or enforce our agreements).
If you would like your Personal Data or Content to be deleted earlier, then You can submit a data subject request as detailed under Section 6.
We do everything we can to protect Your Data from loss or misuse, and from unauthorized access, disclosure, alteration and destruction. This section describes some of the measures we take to ensure that Your Data is secure:
- We use technologies that have a high level of application and infrastructure security measures to host and protect Your data and our systems, TransferChain is also ISO 27001 certified;
- We conduct independent penetration tests on an annual basis and are continuously scanning our systems and applications for vulnerabilities in our systems; if You ever think that You have found a security issue or vulnerability in one of our systems please let us know at firstname.lastname@example.org
- We use TLS 1.2 and 1.3 to ensure the security of your Personal Data and Content whilst it is in transit;
- We perform periodic internal and external data protection and security audits;
- The corresponding encryption keys that are used to encrypt Your Content is solely available, in an encrypted format, on your device and in the blockchain, thus Your Content can only be decrypted by you and the individuals with whom you explicitly share with;
- We can NEVER access your encryption keys or passwords;
- We NEVER receive any of Your Content that is not encrypted and not split into pieces;
Please visit our Security Page for more detailed information about our data security measures.
Our website may from time to time contain links to and from other websites. If You follow a link to any of those websites, please note that those websites ought to have their own privacy policies and that we do not accept any responsibility or liability for those websites. Please check those privacy policies before You share Your personal data with those websites.
5. Your rights
Depending on the applicable data protection laws, You may have certain rights in relation to the Personal Data that we hold about You, which are designed to give You more choice and control over Your Personal Data. These rights are explained below:
|Your Right||What does this mean?|
|The right to request access to Personal Data||You can request a copy of the data we hold about You and related information; the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period|
|The right to request rectification of Personal Data||You can ask us to correct any inaccurate data about You, to complete any incomplete data that we hold about You, and to notify third parties to whom Your data have been transferred to, about such correction|
|The right to request erasure of Personal Data||You can request that we delete or destruct the Personal Data we hold about You, and to notify third parties to whom we have shared Your data, about Your request|
|The right to learn purpose of processing||You can learn the purpose of processing of Your Personal Data and whether Your data are used in accordance with the said purpose|
|The right to learn third parties||You can learn the third parties those which Your Personal Data have been transferred to|
|The right to withdraw consent / unsubscribe||You can withdraw Your previously given explicit consent without providing any reason|
|The right to object||You can object to the adverse consequences that may arise due to Personal Data processing activities carried out exclusively through automated systems|
|The right to lodge a complaint||You have the right to lodge a complaint with a supervisory authority|
|The right to request compensation||You have the right to request compensation for the damages in case you incur damages due to unlawful processing of your personal data.|
You can exercise any of the data subject rights that You are entitled to according to the applicable privacy regulations by sending an email to email@example.com.
6. How to contact us
If You have questions about this Policy, about how we receive, store and use Personal Data, or if You have a grievance You wish to raise with us, You can contact our Data Protection Officer through firstname.lastname@example.org.
If You have any questions, concerns or feedback of a more general nature, please contact us at email@example.com.