Privacy Policy

When you sign up for early access or create an account, we collect basic information such as your name and the details you provide during registration.

We automatically collect certain technical data when you use the Service, including transaction signatures submitted for analysis, API request logs, browser type, device identifiers, IP address, and timestamps. This data is collected solely to operate, secure, and improve the platform.

We do not collect sensitive personal information such as government IDs, financial account credentials, or payment card details through the platform.

To provide and operate the Autopsy platform, process forensic analysis requests (transaction parsing, CPI tracing, risk scoring, fund flow tracing, AI summaries), and deliver results through the interface and API.

To maintain security, detect abuse, and protect the integrity of the platform and its users.

To analyze aggregated, anonymized usage patterns to improve performance, reliability, and feature development.

To display service-related notices such as important platform updates or security alerts within the platform interface.

We do not sell, rent, or trade your personal data to third parties.

Transaction data and analysis results submitted through the platform are retained for up to 90 days to support audit history and re-analysis features. You may request deletion of your submitted data at any time through your account settings.

Account information is retained for the duration of your account. Upon account deletion, personal data associated with your account is removed within 30 days, except where we are required to retain it for legal or compliance obligations.

Anonymized, aggregated data derived from platform usage may be retained indefinitely to support product improvement.

We use strictly necessary cookies to maintain session state and authentication. These are required for the platform to function and cannot be disabled while using the Service.

We do not use third-party advertising cookies, behavioral tracking pixels, or sell data to ad networks. Analytics, if used, are limited to first-party or privacy-preserving tools.

You may manage cookie preferences through your browser settings. Disabling essential cookies may impact the functionality of the platform.

Autopsy uses trusted infrastructure and cloud service providers to host and operate the platform. These providers process data only as directed by us and are contractually bound to appropriate data protection standards.

Blockchain data fetched from public Solana RPC endpoints is publicly available on-chain and is not personal data controlled by Autopsy Labs. Wallet addresses and transaction signatures are treated as pseudonymous identifiers, not personal data, unless explicitly linked to an identified individual.

The AML/Compliance module may cross-reference submitted wallet addresses against publicly available sanctions lists (such as the OFAC SDN list) and apply country tagging based on network heuristics. This processing is performed to support legitimate compliance workflows.

We do not integrate third-party advertising SDKs or analytics tools that share your data with external parties for their own purposes.

We implement industry-standard security measures to protect your data, including encryption in transit via TLS, access controls, and regular security reviews of our infrastructure.

API keys and authentication tokens are hashed and never stored in plaintext. We recommend rotating API keys periodically and using environment variables rather than hard-coding credentials.

While we take reasonable and appropriate steps to protect your information, no system is completely immune from attack. In the event of a data breach affecting your personal information, we will notify you as required by applicable law.

Depending on your jurisdiction, you may have rights regarding your personal data, including the right to access, correct, export, or delete information we hold about you.

You can exercise data rights through your account settings. For requests that cannot be fulfilled through the platform, you may reach us through the contact options available on our website.

If you are located in the European Economic Area or United Kingdom, you have additional rights under the GDPR and UK GDPR, including the right to lodge a complaint with your local data protection authority.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or applicable law. The "last updated" date at the top of this page will be revised accordingly.

For material changes that significantly affect how we handle your data, we will provide a prominent notice on the platform prior to the changes taking effect.

Your continued use of the Service after a policy update constitutes your acceptance of the revised terms.