Privacy Policy
Last updated: December 2024
This Privacy Policy explains how BarrelProof Labs processes personal data in accordance with Regulation (EU) 2016/679 (GDPR).
1. Data Controller
BarrelProof Labs acts as data controller for public website visitors and as data processor for institutional clients where applicable.
2. Categories of Data Processed
- Identification and contact data (name, email, organisation)
- Technical identifiers (IP address, logs)
- Compliance-related metadata provided by institutional users
The platform does not process or store private keys or client funds.
3. Purpose of Processing
Personal data is processed solely for:
- Technical analysis and reporting preparation
- Platform security and audit logging
- User authentication and access control
4. Legal Basis
Processing is based on:
- Contractual necessity (Art. 6(1)(b) GDPR)
- Legal obligations (Art. 6(1)(c))
- Legitimate interests (Art. 6(1)(f))
5. Data Retention
Data is retained only for the period necessary to fulfil regulatory and contractual obligations, in line with MiCA and DORA requirements.
6. Data Sharing
Data may be shared with:
- Hosting and cloud infrastructure providers
- Security and monitoring service providers
All subprocessors are bound by GDPR-compliant agreements.
7. Security Measures
BarrelProof Labs implements:
- Encryption at rest and in transit
- Role-based access control
- Immutable audit logs
8. International Transfers
Where applicable, data transfers outside the EU are subject to appropriate safeguards under GDPR.
9. Data Subject Rights
Data subjects may exercise rights of access, rectification, erasure, restriction, and objection in accordance with GDPR.
10. Contact
Privacy-related requests may be addressed to support@barrelprooflabs.org