Theme

Privacy and Cookies

Privacy Policy

Last updated: June 27, 2026

1. Scope of this Policy

This Privacy & Cookie Policy explains how the Operator of icterminal (“we”, “us” or the “Controller”) processes personal data in connection with icterminal.com, Request Access submissions, email communications, billing and payment administration, the restricted-access terminal, support, Alerts, Official Materials and related services (collectively, the “Services”).

The Controller’s full legal identity and contact details are set out in the Legal Notice.

2. Personal data we may process

Depending on how you interact with the Services, we may process the following categories of data:

  • Identity and contact data: name, surname, business name, job title, email address, telephone number, country, professional role and communications.
  • Application and account data: Request Access answers, customer status (business/professional or consumer), requested use case, approved access level, authorised users, account identifiers, authentication information, account settings and favourites.
  • Billing and tax data: billing name, legal entity information, address, tax code, VAT number, tax residence, invoice details, payment status and records required for accounting and tax compliance.
  • Payment-related data: payment reference, Stripe transaction identifiers, payment method status and related fraud-prevention data. Card details are ordinarily processed by Stripe or another payment provider and are not stored by us except where we receive limited transaction information.
  • Technical, usage and security data: IP address, device/browser data, session data, access logs, error logs, security events, authentication events, activity within the terminal, support diagnostics and cookie/consent preferences.
  • Alert and integration data: settings selected by you for metrics, wallets, threshold conditions, Telegram bot tokens, Slack webhooks, notification destinations and other alert parameters. Do not submit more data than necessary.
  • Public blockchain and analytical data: public wallet addresses, public transaction data, labels, analytical inferences, confidence indicators, historic balances and related metadata. A wallet address or label can be personal data when it can reasonably be linked to an identified or identifiable person.
  • Communications and support data: emails, contact-form messages, tickets, feedback, commercial discussions and records of contractual communications.

3. Purposes and legal bases

We process personal data only where we have a lawful basis under applicable data-protection law. The precise basis depends on the context and the type of interaction.

We process Request Access submissions, commercial discussions, eligibility review information and related communications in order to take steps requested by you before entering into a contract and, where appropriate, on the basis of our legitimate interest in assessing whether the professional Services are suitable for the requested use. If you do not provide information reasonably required for this purpose, we may be unable to assess or process your request.

We process account, authentication, access, terminal settings, favourites, customer support, service communications, Alert configurations and notification-related information where necessary to perform the contract with you or to take steps at your request before entering into it. This includes operating the restricted-access terminal and providing the features and access level described in the applicable Service Order.

We process billing, payment administration, invoicing, tax, accounting and record-keeping information where necessary to perform the contract and to comply with legal obligations applicable to the Operator, including Italian accounting, invoicing and tax obligations. Payment-card information is ordinarily handled by the relevant payment provider rather than by us.

We process technical, usage, security, access-log, fraud-prevention, error-diagnostic and abuse-prevention data on the basis of our legitimate interests in securing the Services, preventing unauthorised use, investigating incidents, improving reliability, protecting our rights and the rights of users, and maintaining the integrity of the terminal and its underlying infrastructure. Where necessary, this processing may also be required for the performance of the contract.

We process public blockchain data, wallet addresses, labels, analytical classifications, confidence indicators and related metadata on the basis of our legitimate interests in developing, operating, maintaining, improving and defending a professional on-chain analytics and intelligence environment; preserving data integrity; preventing misuse; and producing technically robust analytical outputs. We apply this basis only after considering the nature of the data, the public character of underlying blockchain data, the reasonable expectations of affected individuals and the safeguards described in this Policy. You may object to processing based on legitimate interests where applicable; see Section 11.

We process support communications, feedback, quality-control information, methodology and product-improvement inputs on the basis of contract performance where they relate to the Services, and otherwise on the basis of our legitimate interests in improving the quality, resilience, security and usefulness of the Services.

We use non-essential cookies, analytics technologies and comparable tracking tools only on the basis of your consent where consent is required. We may process essential cookies and consent-preference records where necessary to operate the website, remember your choices and demonstrate compliance with applicable law.

We may send service, security, contractual, billing and operational communications where necessary to perform the contract or comply with legal obligations. We send optional marketing communications only where permitted by applicable law, including on the basis of consent where required. You may withdraw consent or opt out of optional marketing at any time using the relevant unsubscribe mechanism.

We may process data where necessary to establish, exercise or defend legal claims, comply with lawful requests from authorities, enforce contractual terms, recover unpaid amounts or protect the security and integrity of the Services. The legal basis for this processing is our legitimate interests and, where applicable, compliance with a legal obligation.

Where we rely on consent, you may withdraw it at any time without affecting the lawfulness of processing carried out before withdrawal. Where processing is required by law or is necessary to enter into or perform a contract, failure to provide the relevant data may prevent us from providing the requested Service or completing the relevant transaction.

4. How data is obtained

We obtain data directly from you when you use the website, submit a Request Access form, communicate with us, complete payment, configure an account or set an Alert. We may also obtain technical information automatically through the Services and public blockchain data from public networks, nodes, indexers, public sources and analytical processes. We may receive limited payment/billing information from payment, invoicing and accounting providers.

5. Public blockchain data, labels and correction requests

Blockchain transaction data and wallet addresses are generally public and may be permanently recorded on the relevant blockchain. We cannot delete or alter data stored on a public blockchain. We may, however, correct, remove, update, qualify or cease displaying an address label, analytical inference or confidence indicator within icterminal where appropriate.

Labels are analytical classifications, not official certifications. If you believe a label or other analytical information is materially inaccurate, you may contact us with clear supporting information. We will assess the request in accordance with applicable law, our legitimate interests, data integrity, freedom of expression/information, security considerations and the public nature of the underlying blockchain data.

6. Recipients and service providers

We may disclose personal data only where necessary to provide or protect the Services, comply with law, or pursue legitimate interests. Recipients may include:

  • Google services, including Google Forms for Request Access collection, Google Workspace or equivalent email/collaboration services, and Google Analytics where enabled under the applicable consent configuration;
  • Stripe or another payment provider for payment collection, fraud prevention and payment administration;
  • Aruba or another electronic invoicing/accounting provider for invoicing, fiscal-document management and related compliance activities;
  • hosting, cloud, security, database, logging, analytics, email, support, communications, node, RPC, indexer, data and infrastructure providers actually used by the Operator;
  • Telegram, Slack or another communication provider chosen by the Customer for Alerts; such providers may process data under their own independent terms and privacy notices;
  • professional advisers, accountants, lawyers, insurers, auditors, debt-recovery providers, public authorities and courts where necessary or legally required.
  • A recipient may act as processor, independent controller or joint controller depending on the service and the applicable relationship. We use appropriate contractual and organisational safeguards where required.

7. International transfers

Some providers may process or access personal data outside the European Economic Area. Where a transfer is subject to GDPR transfer rules, we rely on an adequacy decision, standard contractual clauses, another recognised safeguard or a lawful derogation, as applicable. You may request general information on the safeguards relevant to a specific transfer by contacting us.

8. Retention

We keep data for no longer than reasonably necessary for the purpose for which it was collected, subject to legal obligations and the need to establish, exercise or defend legal claims. Typical periods are:

  • Request Access submissions not converted into a customer relationship: normally up to 12 months after the last meaningful interaction, unless a longer period is needed for compliance or a dispute.
  • Customer account, access and operational records: for the contract term and normally up to 12 months after account closure, subject to security, fraud-prevention, dispute and legal-retention needs.
  • Billing, tax and accounting records: for the period required by Italian law, commonly up to 10 years where applicable.
  • Support and contractual communications: for the duration of the relationship and normally up to 24 months thereafter, or longer where a legal claim, audit, tax or regulatory need applies.
  • Security and access logs: for a proportionate period needed to investigate incidents, prevent abuse and protect the Services; the actual period depends on log type and risk.
  • Cookie and consent records: for the time needed to remember preferences, demonstrate compliance and manage consent, as configured in the consent-management tool.

9. Cookies and similar technologies

icterminal uses strictly necessary cookies and similar technologies required to operate, secure and remember preferences for the website and terminal. We may also use analytics technologies, including Google Analytics, and other non-essential technologies only in accordance with applicable law and the consent choices presented through our cookie banner.

The cookie banner and/or preference centre provides the current categories, providers, purposes and choices for the technologies actually deployed. You can change consent choices at any time through the cookie banner or preference centre. Disabling cookies may affect functionality.

Strictly necessary technologies do not generally require consent, but we still provide this information. Non-essential analytics, advertising or profiling technologies are activated only where a valid consent is required and recorded. Do not state that a cookie is “technical” or consent-free unless the live configuration genuinely satisfies applicable legal requirements.

10. Security

We apply technical and organisational measures designed to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access. No internet-based service can guarantee absolute security. You must keep your credentials, alert tokens and third-party webhooks confidential and notify us promptly of suspected compromise.

11. Your rights

Subject to applicable law and relevant limitations, you may request access, rectification, erasure, restriction, portability, objection to processing based on legitimate interests, withdrawal of consent, and information about data processing. You may also lodge a complaint with the competent supervisory authority, including the Italian Garante per la protezione dei dati personali where applicable.

To exercise rights, contact us and provide enough information to identify the relevant account or request. We may request information needed to verify identity and protect data against unauthorised disclosure. We will respond within the time limits required by law.

12. Children, automated decisions and changes

The Services are not directed to children. Do not submit personal data of a child unless you have lawful authority and have contacted us first.

We do not intentionally make decisions based solely on automated processing that produce legal or similarly significant effects about individuals. Automated analytics, labels, rankings and Alert logic are technical features, not decisions about your legal rights or eligibility.

We may update this Policy to reflect legal, technical, vendor or operational changes. The current version will be published on icterminal.com with its effective date. Material changes may be notified through the Service or email where appropriate.