Privacy Notice — Outbound Marketing Communications

Effective: 19 April 2026 · Version 1.0 · LIA reference: LIA-AletheiaTech-2026-04-v1

This notice explains how Aletheia Tech LTD (operating the brand BlockchainAnalysis.io; "we", "our") processes the personal data of professional contacts we reach out to as part of our B2B sales activity.

1. Who we are (Data Controller)

• Legal name: Aletheia Tech LTD (operating brand: BlockchainAnalysis.io)
• Registered office: London, United Kingdom
• Data Protection Officer: privacy@blockchainanalysis.io

2. What personal data we process

We process limited business-context personal data necessary to identify and contact you in your professional capacity:

• Full name
• Job title and seniority
• Employer / company affiliation
• Business email address
• Public LinkedIn profile URL (where available)
• Country of professional residence

We do not process personal email addresses, home addresses, or personal phone numbers.

3. Where we get your data (sources)

Your data was sourced from one or more of the following:

• Public regulatory registers: ESMA MiCA register, UK FCA Financial Services Register, UAE VARA public register, Singapore MAS Financial Institutions Directory.
• Company websites: publicly listed contact information at info@, compliance@, legal@ and similar role-based addresses.
• Licensed B2B data providers: Apollo.io and Hunter.io, under their respective data processing terms.

We do not scrape LinkedIn or any platform whose terms prohibit it.

4. Legal basis for processing

Our legal basis is legitimate interest under Article 6(1)(f) GDPR, as documented in our Legitimate Interest Assessment (LIA) referenced above. We have determined that:

• We have a legitimate commercial interest in promoting our compliance product to professionals in roles for which the product is directly relevant (Compliance, Legal, Risk, MLRO, DPO).
• Outreach is necessary because the target professionals do not typically subscribe to vendor mailing lists, and the product addresses regulatory obligations they are personally accountable for.
• Your interests, rights, and freedoms are not overridden: we contact you on a business email, in your professional capacity, with a clear opt-out and no behavioural tracking.

You retain the absolute right to object at any time (see Section 7).

5. What we do with your data

• We send up to 4 commercial emails to your business address (1 initial + 3 follow-ups across ~6 weeks), unless you reply or unsubscribe — in which case we stop immediately.
• We log opens and clicks at the campaign level only (aggregate metrics) — we do not build personal behavioural profiles.
• We use the data to qualify whether you may want a 15-minute product demonstration. If you book one, that conversation falls under a separate contractual basis.

6. How long we keep your data (retention)

• Active outreach data: 24 months from last interaction, then deleted.
• Suppression list: permanent — once you unsubscribe, your address is retained only in the suppression list (not linked to enriched profile data) to ensure you are never contacted again.
• Aggregated campaign metrics: retained indefinitely in non-identifying form.

7. Your rights

Under the GDPR (and equivalent UK / UAE / Singapore data protection laws where applicable) you have the right to:

• Object to this processing — exercise via the one-click unsubscribe link in any email footer, or by emailing privacy@blockchainanalysis.io.
• Access the personal data we hold about you.
• Rectify inaccurate data.
• Erase your data (right to be forgotten).
• Restrict processing.
• Data portability.
• Lodge a complaint with your supervisory authority (in the EU: your national DPA; in the UK: ICO; in the UAE: ADGM DPC or DIFC Commissioner of Data Protection; in Singapore: PDPC).

We respond to all requests within 30 days and provide proof of action taken.

8. Recipients of your data

We share your data with the following processors, all bound by GDPR-compliant Data Processing Agreements:

• Brevo (EU, France) — email delivery infrastructure
• Cloudflare (US, Frankfurt edge) — DNS, email routing, unsubscribe endpoint
• Apollo.io (US) — data enrichment
• Hunter.io (FR/EU) — email verification
• Our internal CRM (Postgres database hosted in EU) — campaign management

9. International transfers

Where data is transferred outside the European Economic Area (e.g., to US-based processors), we rely on Standard Contractual Clauses (SCCs) approved by the European Commission, as well as supplementary measures including encryption in transit and at rest.

10. Changes to this notice

We may update this notice from time to time. The "Effective" date at the top reflects the latest version. Material changes will be notified to active recipients before taking effect.

Contact

For any privacy-related question or to exercise your rights:
Data Protection Officer · privacy@blockchainanalysis.io
Aletheia Tech LTD · London, United Kingdom · Operating brand: BlockchainAnalysis.io