Privacy Notice
Last updated: April 20, 2026
1. Who We Are
BL Research Limited (“BL Research”, “we”, “us”, or “our”) acts as a data controller for personal data processed in connection with this dashboard and our related services. We are registered in England and Wales.
In certain cases, we also act as a data processor on behalf of our customers (“originators”), who submit transaction data to our services. In these cases, we process such data strictly in accordance with the originator's instructions and applicable data processing agreements.
For any privacy-related queries, please contact us at: operations@blinklabs.xyz
2. Personal Data We Collect
We may collect and process the following categories of personal data:
- Account & Identity data: name, email address, and organisation details.
- Usage & Technical data: IP address, browser type, device information, pages visited, access timestamps, and interaction logs.
- Transaction & Operational data: blockchain transaction identifiers, wallet addresses, payout records, sponsorship records, and related metrics.
- Communication data: support requests or correspondence.
Where we process transaction data on behalf of originators, we do not collect or store directly identifying personal data about the end users of those originators. However, wallet addresses and transaction data may, in certain contexts, be considered personal data under applicable law.
We do not knowingly collect data from individuals under 18 years of age.
3. How and Why We Use Your Data
We process personal data only where we have a lawful basis under the UK GDPR and EU GDPR. Where we rely on legitimate interests, we have conducted appropriate balancing tests.
| Purpose | Lawful Basis |
|---|---|
| Providing and managing your access to the dashboard | Performance of a contract (Art. 6(1)(b)) |
| Authenticating users and maintaining account security | Legitimate interests / contract performance (Art. 6(1)(b)(f)) |
| Generating transaction and analytics for originators | Performance of a contract + legitimate interests (Art. 6(1)(b)(f)) |
| Improving and troubleshooting services | Legitimate interests (Art. 6(1)(f)) |
| Communications and support | Legitimate interests / contract (Art. 6(1)(b)(f)) |
| Legal compliance | Legal obligation (Art. 6(1)(c)) |
Transaction and order flow data is treated as confidential business information and is processed solely to provide services to the relevant originator.
Analytics are generated on an originator-specific basis and aggregated across that originator's users. We do not use or combine transaction data across different customers.
4. Data Sharing and Third Parties
We do not sell personal data.
- Service providers: third-party processors under data processing agreements. A list of sub-processors is available upon request.
- Your organisation: visible to authorised members.
- Legal requirements: disclosure where required by law.
- Business transfers: subject to equivalent protections.
5. International Transfers
Transfers outside the UK/EEA are protected using safeguards including Standard Contractual Clauses and, where applicable, the UK Addendum, adequacy decisions, or equivalent mechanisms.
6. Data Retention
We retain data only as necessary:
- Account data: duration of account + 90 days
- Transaction records: up to 7 years (off-chain records only)
- Logs: up to 15 days
Blockchain data may persist indefinitely on public networks beyond our control.
7. Security
We implement technical and organisational measures including encryption (TLS), strict access controls, infrastructure isolation, secure key management (including MPC where applicable), and continuous monitoring.
Access to sensitive transaction data is restricted on a need-to-know basis and logged.
We will notify affected users and regulators of personal data breaches where required by law.
8. Blockchain-Specific Considerations
Blockchain networks are public, decentralized, and immutable. Transaction data submitted to such networks may be publicly visible and cannot be deleted or modified once confirmed.
Our responsibility is limited to the processing of data within our systems and our relationship with originators. We are not responsible for the public or permanent nature of blockchain data, nor for third-party indexing or reuse of such data.
We do not maintain direct relationships with end users of originators and are not responsible for how originators link wallet addresses to individuals.
9. Cookies and Tracking
Only strictly necessary cookies are used. No advertising or third-party tracking.
10. Your Rights
Standard GDPR rights apply.
Requests relating to data processed on behalf of an originator should be directed to that originator.
11. US Privacy Disclosure
We do not sell or share personal data as defined under applicable US privacy laws.
12. Changes to This Notice
We may update this notice periodically.
13. Contact Us
Email: operations@blinklabs.xyz
