Privacy Policy
How we collect, use, and protect your information.
Effective Date: 2026-02-18 · Last Updated: 2026-02-18
1. Who We Are
Sigvex ("we," "us," or "our") operates the Sigvex platform at sigvex.io (the "Service"), a smart contract bytecode decompilation and security analysis platform. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you interact with our Service, website, APIs, and related tools.
For privacy-related inquiries, you may contact us via our contact form.
2. Account Users Under Organizations
If you access the Service as part of or on behalf of an organization (such as your employer or another entity), your use may be subject to that organization's policies and administrative controls. In these cases, your organization may manage your account, set usage permissions, and access or process your personal data in connection with your use of the Service.
We may disclose relevant personal data to authorized representatives of your organization to facilitate account administration, support requests, and compliance with organizational policies. Your organization is responsible for ensuring that any personal data it provides to us, or requests us to process, complies with applicable data protection laws.
3. Scope
This Privacy Policy applies to all personal data processed through:
- The Sigvex website at sigvex.io.
- The Sigvex web application and interactive analysis tools.
- Sigvex REST APIs and programmatic interfaces.
- Browser-based fuzzing tools.
- Communications between you and Sigvex (support, inquiries, feedback).
This policy does not apply to third-party websites or services linked from our platform. We encourage you to review the privacy policies of any third-party service before providing personal data to them.
4. Personal Data We Collect
3.1 Data You Provide Directly
- Account Registration: Email address, display name, and authentication credentials when you create an account. We use third-party authentication providers and do not store passwords directly.
- Analysis Inputs: Blockchain network identifiers, contract addresses, and bytecode you submit for decompilation or security analysis.
- Communications: Information you provide when contacting us for support, submitting feedback, or participating in surveys.
- Payment Information: If you subscribe to paid features, billing details are processed by our third-party payment processor. We do not store full payment card numbers.
3.2 Data Collected Automatically
- Usage Data: Pages visited, features used, analysis requests made, API calls, search queries, and interaction timestamps.
- Device and Browser Data: Browser type and version, operating system, screen resolution, device type, and preferred language.
- Network Data: IP address, referring URL, access times, and general geographic location derived from IP address.
- Cookies and Similar Technologies: Session identifiers, preference settings, and analytics data. See Section 10 for details.
3.3 Data From Third Parties
- Authentication Providers: If you sign in via a third-party provider (e.g., GitHub, Google), we receive your name, email, and profile identifier as permitted by your settings with that provider.
- Blockchain Networks: Publicly available on-chain data (contract bytecode, transaction data) retrieved from blockchain RPC providers in the course of performing analysis you request.
5. How and Why We Use Your Data
We process your personal data for the following purposes and on the corresponding legal bases:
| Purpose | Legal Basis (GDPR) |
|---|---|
| Provide, operate, and maintain the Service, including processing analysis requests and delivering results | Performance of contract |
| Authenticate users and manage accounts | Performance of contract |
| Process payments for paid features | Performance of contract |
| Respond to support requests and communications | Performance of contract / Legitimate interest |
| Monitor and improve Service performance, reliability, and user experience | Legitimate interest |
| Detect, investigate, and prevent fraudulent, unauthorized, or illegal activity | Legitimate interest |
| Enforce our Terms of Service and protect our rights | Legitimate interest |
| Send Service-related notifications (security alerts, maintenance, account changes) | Performance of contract |
| Send product updates and feature announcements (where opted in) | Consent |
| Comply with legal obligations, regulatory requirements, and lawful requests | Legal obligation |
| Aggregate and anonymize data for research and statistical analysis | Legitimate interest |
Where we rely on legitimate interest, we have conducted balancing assessments to ensure our interests do not override your fundamental rights and freedoms. You may contact us to request details of these assessments.
6. Data Sharing and Disclosure
We do not sell your personal data. We may share personal data in the following limited circumstances:
6.1 Service Providers and Sub-Processors
We engage third-party service providers to assist in operating the Service. These providers process personal data only on our behalf and under contractual obligations to protect your data. Categories of sub-processors include:
- Cloud Infrastructure: Hosting and compute services for running the platform.
- Authentication: Identity providers for secure sign-in.
- Payment Processing: Secure handling of billing and subscriptions.
- Analytics: Aggregated usage analysis to improve the Service.
- Blockchain RPC Providers: On-chain data retrieval for contract analysis (contract addresses and network identifiers may be transmitted).
- Communication: Email delivery for transactional and support messages.
6.2 Legal and Regulatory
- When required by applicable law, regulation, legal process, or enforceable governmental request.
- To protect the rights, property, or safety of Sigvex, our users, or the public.
- To detect or prevent fraud, security incidents, or technical issues.
6.3 Business Transfers
In connection with a merger, acquisition, reorganization, or sale of assets, your personal data may be transferred to the acquiring entity. We will provide notice to affected users before personal data becomes subject to a different privacy policy.
6.4 With Your Consent
We may share your data with third parties when you have given explicit consent, such as enabling integrations with external tools.
7. International Data Transfers
Your personal data may be transferred to, stored, and processed in countries other than your country of residence, including countries that may not provide the same level of data protection. When we transfer personal data internationally, we implement appropriate safeguards, including:
- Standard Contractual Clauses (SCCs) approved by the European Commission.
- Adequacy decisions where applicable.
- Other legally recognized transfer mechanisms.
You may contact us for more information about the specific safeguards applied to transfers of your data.
8. Data Retention
We retain personal data only as long as necessary for the purposes described in this policy:
- Account Data: Retained for the duration of your account. Upon account deletion, personal data is removed within 30 days, except where retention is required by law.
- Analysis Results: Retained according to your account settings. You may delete analysis results at any time through the Service.
- Usage and Log Data: Retained for up to 12 months for security monitoring and Service improvement, then anonymized or deleted.
- Payment Records: Retained as required by applicable tax and financial regulations.
- Support Communications: Retained for up to 24 months after resolution for quality assurance and to assist with follow-up inquiries.
When personal data is no longer needed, we securely delete or anonymize it. Anonymized data that cannot be used to identify you may be retained indefinitely for statistical and research purposes.
9. Data Security
We implement technical and organizational measures designed to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:
- Encryption: Data encrypted in transit using TLS 1.2+ and at rest using AES-256 or equivalent.
- Access Controls: Role-based access controls, multi-factor authentication for internal systems, and principle of least privilege.
- Infrastructure Security: Network segmentation, intrusion detection, and regular vulnerability assessments.
- Monitoring: Continuous logging and alerting for anomalous access patterns.
- Incident Response: Documented procedures for identifying, containing, and reporting security incidents.
While we strive to protect your data, no method of transmission over the Internet or electronic storage is completely secure. We cannot guarantee absolute security.
10. Cookies and Similar Technologies
We use cookies and similar technologies to operate the Service, remember your preferences, and understand how you use the platform. The categories of cookies we use are:
| Category | Purpose | Duration | Can Be Disabled |
|---|---|---|---|
| Strictly Necessary | Authentication, session management, CSRF protection, and core functionality | Session / up to 30 days | No |
| Functional | User preferences (theme, language, display settings) | Up to 12 months | Yes |
| Analytics | Aggregate usage patterns, page performance, and feature adoption to improve the Service | Up to 12 months | Yes |
We do not use advertising or tracking cookies. We do not participate in cross-site tracking networks.
For a detailed inventory of the cookies we use, including specific cookie names, purposes, and durations, please see our Cookie Policy.
You can manage cookie preferences through your browser settings. Disabling strictly necessary cookies may affect Service functionality. Most browsers allow you to block or delete cookies; consult your browser's help documentation for instructions.
11. Your Rights
Depending on your jurisdiction, you may have the following rights regarding your personal data:
11.1 Rights Under GDPR (EEA/UK)
- Access: Request a copy of the personal data we hold about you.
- Rectification: Request correction of inaccurate or incomplete data.
- Erasure: Request deletion of your personal data ("right to be forgotten"), subject to legal retention requirements.
- Restriction: Request that we restrict processing of your data under certain circumstances.
- Portability: Receive your personal data in a structured, commonly used, machine-readable format.
- Objection: Object to processing based on legitimate interest, including profiling.
- Withdraw Consent: Where processing is based on consent, withdraw your consent at any time without affecting the lawfulness of prior processing.
- Lodge a Complaint: You have the right to lodge a complaint with your local data protection supervisory authority.
11.2 Rights Under CCPA (California)
If you are a California resident, you have the following rights:
- Right to Know: Request details about the categories and specific pieces of personal information we collect, use, and disclose about you, including data disclosed for business purposes and the recipients of such data.
- Right to Deletion: Request deletion of personal information collected from you, subject to certain exceptions.
- Right to Correction: Request correction of inaccurate personal information.
- Right to Opt Out of Sale or Sharing: Opt out of the sale or sharing of personal information for cross-context behavioral advertising. We do not sell or share personal information for advertising purposes.
- Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.
In the past 12 months, the categories of personal information we have collected include: identifiers and contact details (name, email), account information, internet or electronic network activity (usage data, device information), and geolocation data (general location inferred from IP address). We do not sell personal information as defined by the CCPA. We do not knowingly collect or sell personal information of minors under 16 years of age.
11.3 Exercising Your Rights
To exercise any of these rights, contact us via our contact form. We will verify your identity and respond within 30 days (or within the timeframe required by applicable law). We do not charge a fee for processing reasonable requests.
12. Automated Decision-Making
The Service uses automated processing to analyze smart contract bytecode and detect potential vulnerabilities. This analysis is performed on blockchain data (contract bytecode), not on your personal data, and does not produce legal or similarly significant effects concerning you as an individual.
We do not use automated decision-making or profiling based on your personal data to make decisions that produce legal or similarly significant effects on you.
13. Children's Privacy
The Service is not directed to individuals under 16 years of age. We do not knowingly collect personal data from children under 16. If we become aware that we have collected personal data from a child under 16, we will take steps to delete that data promptly. If you believe a child has provided us with personal data, please contact us via our contact form.
14. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:
- Post the updated policy on the Service with a revised "Last Updated" date.
- Provide prominent notice through the Service (such as a banner notification).
- Where required by law, seek your consent to material changes.
We encourage you to review this policy periodically. Your continued use of the Service after changes are posted constitutes acceptance of the revised policy.
15. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
We aim to resolve all privacy-related inquiries promptly. If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection supervisory authority.