Introduction
This Privacy Policy sets out how we collect, use, store, transfer, and protect the Personal Data that you provide or that is otherwise received by us.
For the purposes of this Privacy Policy, "we", "us", and "our" refer to Blockhound AG, a corporation registered under the legislation of Switzerland, with Company No. CHE‑260.999.384 and registered address at Dammstrasse 16, 6300, Zug, Switzerland as to the Controller of your Personal Data, and "you", "User", "your" refer to you as to the Data Subject.
This Privacy Policy applies to the User's usage of the Website and the submission of the request for the Services.
You agree that you have read, understood, and agreed to be bound by this Privacy Policy.
If you do not agree with this Privacy Policy, you should discontinue use of the Website and Services.
The Processing of Personal Data in regard to the provision of Services and related payments is governed under an individual services agreement with the User construed on the basis of the Terms of Service.
Terminology
- Consent
- Any freely given, specific, informed, and unambiguous indication of the Data Subject's wishes signifies agreement to the Processing of Personal Data.
- Controller
- The natural or legal person (and others) who determines the purposes and means of Processing. For the purposes of this Privacy Policy, the Controller is Blockhound AG.
- Cookie Policy
- The agreement between you and us that describes how we use and process Cookies — see our Cookie Policy.
- Data Protection Authority
- The Federal Data Protection and Information Commissioner (FDPIC).
- Data Subject
- The natural person whose Personal Data is processed.
- Legal Grounds
- One of the legally defined grounds for which the Processing of Personal Data is permitted: Consent, Legitimate interest, Obligation.
- Personal Data
- Any information relating to an identified or identifiable natural person.
- Personal Data Breach
- A breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, Personal Data transmitted, stored, or otherwise Processed.
- Processing
- Any action or set of actions with Personal Data.
- Profiling
- Any form of automated Processing of Personal Data consisting of the use of Personal Data to evaluate certain personal aspects relating to a natural person to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location, or movements.
- Services
- The services we offer and provide are defined under an individual services agreement with the User construed on the basis of the Terms of Service.
- Third-Party
- Any person, except the Data Subject, us, and the Data Protection Authority, to whom the Personal Data is transferred.
- Website
- The website is owned by us and is located at https://www.blockhound.ch/.
Data Subject's Rights
You have the following rights as a Data Subject, subject to existing limitations and exemptions under the applicable law:
Right to access Personal Data. You can receive information regarding specific Personal Data we have collected about you.
Right to rectification of Personal Data. You can correct your Personal Data if it has been changed or incorrectly collected.
Right to erase (deletion) Personal Data. We may stop Processing your Personal Data and delete applicable Personal Data from the information systems.
Right to restrict the Processing of your Personal Data. You may limit us from Processing Personal Data.
Right to Personal Data portability. You may receive Personal Data in a human and machine-readable format for transmission to another Controller.
Right to withdraw consent. You can withdraw your consent on Personal Data Processing if we use this ground for Processing.
Right to ask a question and/or make a claim on Data Processing. You are allowed to ask us any question related to Personal Data Processing or file a claim with the Data Protection Authority.
Additional Rights Under Applicable Law
Where applicable, individuals located in the European Economic Area ("EEA"), the European Union ("EU"), or the United Kingdom may also benefit from additional rights and protections under applicable data protection laws, including the General Data Protection Regulation (GDPR) and related legislation.
Where the GDPR applies, Users may have the right to object to certain processing activities, including processing based on legitimate interests, and the right to lodge a complaint with a competent supervisory authority in their country of residence, place of work, or place of the alleged infringement.
Principles Of Data Processing
We process Personal Data according to the following principles:
Lawfulness, Fairness, and Transparency. Personal Data must be processed lawfully, fairly, and transparently.
Purpose Limitation. Personal Data must be collected for specified, explicit, and legitimate purposes and not further processed in an incompatible manner.
Data Minimization. Personal Data must be adequate, relevant, and limited to what is necessary concerning the purposes for which they are processed.
Accuracy. Personal Data must be accurate and, where necessary, kept up to date.
Integrity and Confidentiality. Personal Data must be processed in a manner that ensures appropriate security, including protection against unauthorised or unlawful Processing and accidental loss, destruction, or damage.
Data Subject's Rights Enforcement
Data Subject Request Form. The User can enforce his rights by contacting us at requests@blockhound.ch.
Verification Methods. The specific verification method we use is the request for information.
Failed Verification. If the User fails verification or we have reasonable personality doubts, we shall provide a message stating that we have doubts, why we have these doubts, and why, in this case, we cannot respond.
Successful Verification. We will respond to the request if the User successfully passes the verification.
Personal Data Collection
Website Visit
When the User visits the Website, the User gives us the Personal Data under the following conditions:
- Personal Data
- A version of a web browser, IP address, time zone, and information about the interactions with the Website.
- Purpose
- To load and operate the Website accurately.
- Source
- Collected automatically when you access and interact with our Website.
- Legal ground
- Legitimate interest.
- Terms
- While the User is using the Website and 3 years after, unless we need to have the Personal Data longer under our obligation.
Request Submission
When the User submits a request through the Website, contacts us regarding a potential case, or requests information about our Services, we may collect and process the following Personal Data:
- Personal Data
-
- Full name;
- Email address;
- Phone number, WhatsApp number, Telegram username, or other contact details provided by the User;
- Country of residence;
- Citizenship or nationality information where necessary for regulatory, sanctions, jurisdictional, or legal assessments;
- Type of incident or matter for which assistance is requested;
- Date of incident;
- Estimated loss or value involved;
- Wallet addresses, blockchain networks, transaction identifiers, exchange accounts, platform references, bank references, or other identifiers relevant to the requested Services;
- Information regarding law enforcement reports or investigations;
- Free-text descriptions and supporting information voluntarily provided by the User.
- Purpose
-
- To assess whether we can assist with the matter;
- To communicate with the User regarding the request;
- To perform case assessment, tracing, investigative, intelligence, forensic, compliance, and related professional services;
- To determine whether we are legally permitted to provide Services under applicable sanctions, anti-money laundering, export control, or other regulatory requirements;
- To prepare, enter into, and perform a contractual relationship with the User.
- Source
- Collected directly from the User through the Website, communications, or other interactions with us.
- Legal Ground
- Taking steps requested by the User prior to entering into a contract, our legitimate interest in evaluating and responding to inquiries, and, where required by applicable law, the User's consent.
- Terms
- Inquiry submissions and case assessment requests are generally retained for up to 3 years from the last interaction. If the User becomes a client, Personal Data may be retained for the duration of the engagement and thereafter as required by applicable laws, contractual obligations, dispute resolution requirements, regulatory requirements, or legitimate business needs. In particular, identification documents, transaction records, and case files connected to a client engagement are retained for at least 10 years following the end of the business relationship, in accordance with the Swiss Anti-Money Laundering Act (AMLA) and applicable professional rules.
Customer Support Information
When the User contacts our customer support, the User gives us the Personal Data under the following conditions:
- Personal Data
- It depends on a case-by-case basis but can include name, email, wallet address and other information.
- Purpose
- To provide information about our Services, consult how to use our Services.
- Source
- Collected from the User.
- Legal ground
- Consent.
- Terms
- 3 years after the User contacted our support unless we need to have this Personal Data longer under our obligation.
Other Conditions
Data source. We process Personal Data received from you. If, in the future, we process Personal Data obtained from Third Parties, we will notify you of this.
Profiling. We do not use Profiling on you.
Sanctions and Regulatory Compliance. We may process nationality, citizenship, residency, transaction, and related information where necessary to determine whether we may lawfully provide Services and to comply with applicable sanctions, anti-money laundering, export control, and other legal or regulatory requirements.
Data Storage and Deletion. We retain Personal Data only for as long as necessary to fulfil the purposes described in this Privacy Policy, comply with legal obligations, resolve disputes, enforce agreements, and protect our legitimate interests.
Personal Data may be stored and processed through our service providers, including Netlify, Google Workspace, Coda, and other infrastructure providers used in the operation of our business.
We implement reasonable technical and organisational measures designed to protect Personal Data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access.
Cookies. We use cookies in accordance with the Cookie Policy.
We use Google Analytics to understand how visitors interact with the Website. Analytics technologies are activated only after obtaining consent where required by applicable law and may be disabled by the User through our cookie management tools.
Third-Party Service Providers And International Transfers
We use carefully selected third-party service providers to operate our Website, communicate with Users, manage requests, and improve our Services. These providers may process Personal Data on our behalf and may include:
- Netlify, for website hosting and form processing;
- Google Workspace, for email and business communications;
- Coda, for customer relationship management, case management, and internal business operations;
- Google Analytics, for website analytics and performance measurement;
- CookieYes, for cookie consent management and storage of consent records;
- Telegram and WhatsApp (Meta), where the User chooses to contact us through these messaging channels; messages sent via these channels are processed on the respective providers' infrastructure and are subject to their own privacy policies.
Some of these service providers may process Personal Data in countries outside Switzerland or the European Economic Area, including the United States and other jurisdictions in which they operate.
Where Personal Data is transferred internationally, we take reasonable steps to ensure appropriate safeguards are in place in accordance with applicable data protection laws. Depending on the recipient and jurisdiction, these safeguards include the European Commission's Standard Contractual Clauses (SCCs) with the Swiss addendum where applicable, reliance on adequacy decisions, and reliance on the EU-US and Swiss-US Data Privacy Framework certifications of providers such as Google and Netlify.
How We Protect Personal Data
We maintain administrative, technical, and physical safeguards designed to protect the Personal Data we have about you against accidental, unlawful, or unauthorised destruction, loss, alteration, access, disclosure, or use.
We have implemented appropriate security measures to prevent your Personal Data from being accidentally lost, used, or accessed unauthorizedly, altered, or disclosed. In addition, we limit access to your data to Third Parties.
We have put in place procedures to deal with any suspected Personal Data Breach and will notify you and the Data Protection Authority of a Data Breach.
Data Breach Notification
Notifying the Data Protection Authority
We shall notify the respective Data Protection Authority as soon as practically possible after we become aware of the Data Breach and report the following information:
- The nature of the Data Breach.
- The name and contact details of the responsible person from whom more information can be obtained.
- The possible consequences of the Data Breach.
- The measures taken or proposed by us to address the Data Breach.
Notifying You
We shall immediately inform you of the fact of the Data Breach if this is required for the protection and report the following information:
- The nature of the Data Breach in clear and straightforward language.
- The responsible person's name and contact details from which more information can be obtained.
- The possible consequences of breaching the security of Personal Data.
- The measures taken or proposed by us to address the Data Breach.
- Useful tips and know-how that can help you reduce the risks of a Data Breach.
Exemptions
We may limit, delay or dispense with the provision of information about the Data Breach to the Data Subject if:
- There is a reason for doing so pursuant to Article 26 paragraph 1 letter b or paragraph 2 letter b of the Data Protection Act of Switzerland, or the provision of information is prohibited by a statutory duty of confidentiality;
- The provision of information is impossible or requires disproportionate effort; or
- The provision of information to the Data Subject is equally guaranteed by making a public announcement.
Miscellaneous
Effective Date. This version of the Privacy Policy is valid from the Effective Date.
Changes. We may make changes from time to time without your consent. The new version will be valid from the time of the changes noted at the beginning of this Privacy Policy.
Governing Law and Dispute Resolution. This Privacy Policy is construed in accordance with the legislation of Switzerland. All disputes and disagreements arising between the User and us in connection with this Privacy Policy shall be settled through negotiations. In the event disputes cannot be settled within 20 (twenty) calendar days, the resolution of such disputes shall be attributed to the competent courts of Switzerland with Swiss law as material and procedural legislation.
Headings. The headings are just to help you understand what each section is about, and they will not change the meaning of anything. Using words like "including" or "such as" doesn't mean we have listed everything that could be included.
Languages. This Privacy Policy is available in English. If there are any differences between the English and any other translated versions, the English version shall prevail.
Questions And Concerns
If you have any questions about privacy and our Privacy Policy, please contact us through our support: requests@blockhound.ch.
You can ask the Data Protection Authority any question about your Personal Data or make a complaint. The timing and procedure for responding depend on the internal policies of the Data Protection Authority.

