Privacy policy

Last updated · May 1, 2026 · GDPR, UK GDPR, CCPA / CPRA aligned

1. A note on our approach

Abnometrics, Inc. ("Abnometrics," "we," "us," or "our") operates a software-as-a-service platform that performs anomaly detection across crypto-asset market data (the "Service"). Subscribers receive signals derived from public venue feeds and public on-chain data; we do not custody assets, route orders, or interact with subscriber wallets or trading systems.

We collect only what we need to operate the Service and communicate with you. We do not sell personal information. This Privacy Policy explains, in plain English first and with the necessary legal precision after, what we collect and what choices you have. If anything below is unclear, please write to privacy@abnometrics.com.

2. Scope and applicability

This Policy applies to personal information processed by Abnometrics in connection with: (a) this marketing site; (b) the Service and its associated subscriber interfaces; (c) communications you exchange with us; and (d) the limited business operations needed to run the foregoing.

This Policy does not address Abnometrics' processing of market data, which is non-personal information about public markets and public blockchains (see Section 4). Where Abnometrics processes personal information solely on behalf of a subscriber and at its direction, we act as a processor (GDPR) or service provider (CCPA); the subscriber's own privacy notice governs the underlying collection.

3. Information we collect

3.1 Information you provide

• Identification and contact — name, business email, organisation, role, and any details you share when requesting access, applying for a role, or corresponding with us.
• Authentication — password hash and multi-factor authentication metadata. Where single sign-on is used, we receive only the assertion claims you authorise.
• Subscription and billing — billing contact, invoice details, and payment-method tokens. Card data is processed and stored exclusively by our payment provider; we do not retain primary account numbers.
• Correspondence — content of email, chat, scheduled-call notes, and any materials you voluntarily share with us.

3.2 Information collected automatically

• Service usage logs — endpoints accessed, signals viewed and acted upon, timestamps, IP address, user-agent, and inferred coarse geography. Used for product analytics, abuse prevention, signal distribution auditing, and security monitoring.
• Device and session — session identifiers, browser fingerprints used solely for fraud and forwarding-detection, and crash diagnostics.
• Cookies — see Section 8.

4. Sources of market data we process

The Service ingests data from public crypto-asset markets and public distributed ledgers. This includes, without limitation, exchange order books, trade and funding feeds, derivatives state, oracle reports, stablecoin issuance and redemption events, and public on-chain transactions on supported networks.

• This material is not, in general, personal information. Where any portion incidentally relates to an identifiable natural person (for example, a publicly attributed wallet or named market participant in a published report), we treat that portion as personal information and process it on the lawful bases set out in Section 6.
• We do not connect to, ingest from, or extract data from any subscriber's private trading accounts, custodial wallets, internal systems, or any non-public source.
• We do not custody crypto-assets, hold private keys, or initiate any transfer of digital assets. Period.

5. How we use information

• Operate the Service — authentication, entitlement enforcement, signal delivery, distribution auditing, and feedback processing.
• Protect signal value and integrity — detect unauthorised redistribution, account sharing, and abuse; enforce contractual restrictions on forwarding.
• Communicate with you — service notices, security advisories, billing, and (where you have consented) occasional product correspondence. We do not send unsolicited marketing email.
• Improve the models — we use aggregated and de-identified signals about how the Service is used to improve detection. Subscriber identity is not used for this purpose, and no subscriber-identifiable information is exposed to any other subscriber at any time.
• Comply with law — including tax, accounting, sanctions, AML where applicable, and lawful requests from competent authorities.

6. Lawful bases for processing (EEA / UK)

Where the GDPR or UK GDPR applies, Abnometrics relies on the following bases: (i) performance of a contract with you or steps taken at your request prior to entering into a contract; (ii) our legitimate interests in operating, securing, and improving the Service and in preventing unauthorised use, balanced against your rights; (iii) compliance with a legal obligation; and (iv) your consent where required and where we ask for it explicitly. You may withdraw consent at any time without affecting prior lawful processing.

7. Disclosures and sub-processors

We disclose personal information only to (a) sub-processors engaged to operate the Service, under written agreements containing data-protection terms substantially equivalent to those in this Policy; (b) professional advisors (legal, accounting, audit) under duties of confidentiality; (c) authorities where compelled by valid legal process; and (d) an acquirer or successor in connection with a corporate transaction, with notice to you where permitted by law.

A current list of sub-processors is maintained at abnometrics.com/sub-processors and includes the categories of cloud hosting, payment processing, transactional email, and compliance automation. We provide reasonable advance notice of material changes to that list and a mechanism to object on legitimate grounds.

We do not sell personal information as that term is defined under the CCPA and similar laws, and we have not done so in the preceding twelve (12) months.

8. Cookies and analytics

The Service uses a minimal set of first-party cookies for authentication, session management, and CSRF protection. This marketing site uses privacy-respecting, cookieless analytics for aggregate traffic measurement. We do not use third-party advertising cookies and do not participate in cross-site behavioural advertising.

9. Retention

• Account records — retained for the duration of your account and for six (6) months thereafter, longer where required for tax, audit, or legal purposes.
• Signal access and distribution logs — retained for up to twenty-four (24) months for integrity, forwarding-detection, and contractual enforcement purposes.
• Security and operational logs — retained for up to twelve (12) months, then deleted or aggregated.
• Billing records — retained for the period required by applicable tax and accounting law.

10. Security

Abnometrics maintains a written information security program designed against the SOC 2 Trust Services Criteria. Controls include, without limitation: encryption at rest (AES-256) and in transit (TLS 1.3); tenant isolation; least-privilege role-based access with hardware-key multi-factor authentication; quarterly third-party penetration testing; continuous monitoring with 24/7 on-call response; and an active responsible disclosure program reachable at security@abnometrics.com. No security program is perfect; we will notify affected persons and competent authorities of personal-data incidents as required by applicable law.

11. Your rights and choices

Depending on where you reside, you may have rights to: access the personal information we hold about you; request correction or deletion; restrict or object to certain processing; receive your data in a portable format; withdraw any previously given consent; and lodge a complaint with the supervisory authority of your habitual residence (EEA / UK) or with your state Attorney General (US). California residents have the additional rights described in the CCPA / CPRA, including the right to limit use of sensitive information; we do not collect categories of sensitive information beyond authentication credentials.

To exercise any of the foregoing, write to privacy@abnometrics.com. We respond within thirty (30) days, extendable once for an additional period where reasonably necessary and where notified to you in writing. We may need to verify your identity before honouring a request.

12. International transfers

Abnometrics is established in the United States and transfers personal information from the European Economic Area, the United Kingdom, and Switzerland to the United States under the European Commission's Standard Contractual Clauses, the UK International Data Transfer Addendum, and (for entities certified under the relevant successor framework) the EU–U.S. Data Privacy Framework, as applicable. We also rely on appropriate supplementary measures where our assessment indicates they are required. A copy of the clauses we rely on is available on request.

13. Children

The Service is intended for use by businesses and sophisticated parties only. It is not directed to and is not offered to children under sixteen (16) years of age, and we do not knowingly collect personal information from such children.

14. Changes to this policy

We may update this Policy from time to time. Material changes will be communicated by email to administrators of active subscriber accounts at least thirty (30) days before they take effect, and we will indicate the "Last updated" date above. Continued use of the Service after the effective date constitutes acceptance of the updated Policy to the extent permitted by law.

15. How to contact us

For privacy questions or to exercise any of the rights described above, please write to:

Abnometrics, Inc.
Attn: Privacy
privacy@abnometrics.com

For security disclosures: security@abnometrics.com. For all other inquiries: hello@abnometrics.com.