Privacy Policy

Last updated: April 2026

1. Controller

The controller within the meaning of the General Data Protection Regulation (GDPR) and other national data protection laws as well as other data protection regulations is:

Chainmore OÜ
Kotkapoja tn 2a-10
10615 Tallinn
Estonia

Registry code (Registrikood): 17448638
Email: support@chainmore.io
Represented by: Narcis Gecevic (Board Member)

2. General Information

This privacy policy informs you about the type, scope, and purpose of the processing of personal data within our online offering and the websites, functions, and content connected to it. Personal data is any data that can be related to you personally, e.g. name, address, email addresses, user behaviour.

3. Hosting and Server Log Files

3.1 Server log files

For technical reasons, in particular to ensure a secure and stable website, the following data is transmitted by your browser to our hosting provider when you call up our website:

• IP address (anonymised after 30 days)
• Date and time of the request
• Time-zone difference to Greenwich Mean Time (GMT)
• Content of the request (specific page)
• Access status / HTTP status code
• Volume of data transferred
• Website from which the request comes (referrer URL)
• Browser, operating system and its interface, and language and version of the browser software

The legal basis for the processing is Article 6 (1) lit. f GDPR. Our legitimate interest follows from the purpose of ensuring smooth and secure operation of the website. Under no circumstances do we use the data collected to draw conclusions about your person.

4. Cookies

We use technically necessary cookies on our site that are required for the functionality of our website. These cookies are stored without consent (legal basis: Article 6 (1) lit. f GDPR).

If analysis or marketing cookies are used on our site, this is done exclusively after your consent via our cookie banner (legal basis: Article 6 (1) lit. a GDPR and § 25 (1) TTDSG). You can revoke this consent at any time with effect for the future.

5. Third-Party Services in Use

Status of the list below: May 2026. Only the third-party services listed here are integrated. Analytics tools, advertising trackers, social-media plugins, live chat, external CRM forms, and demo-booking widgets are not in use. Should additional tools be added in the future, this policy will be updated accordingly.

The complete and continuously maintained list of sub-processors (GDPR Article 28(2)) is published separately at /legal/sub-processors.html, including the categories of data each one may process and the change-notification mechanism.

5.1 Website hosting and waitlist form handling (Netlify)

Our website is hosted by Netlify Inc. (44 Montgomery Street, Suite 300, San Francisco, CA 94104, USA). When the website is accessed, technical log data (see section 3.1) is transmitted to Netlify and stored for 30 days. When you submit the waitlist form, Netlify processes the submitted work email address and technical form metadata so that the submission can be received and routed to ChainMore. Data transfer to the USA is safeguarded by the EU-US Data Privacy Framework (Netlify is certified). More information: netlify.com/privacy.

5.2 Fonts and CSS

We do not embed any fonts or CSS files from third-party CDNs. The website uses only the system fonts available on the user's device (system-font stack) and a CSS file (Tailwind CSS, locally compiled) served from our own web server. No data is transmitted to external font or CSS providers (e.g. Google Fonts, Cloudflare CDN).

6. Recipients of Data

We only pass on your personal data to third parties if this is necessary for the performance of the contract (e.g. to the hosting and infrastructure providers named in section 5), if we are legally obliged to do so, or if you have given your consent.

7. Transfers to Third Countries

Insofar as data is transferred to recipients outside the European Economic Area (EEA), in particular to the USA, this is done on the basis of:

• the EU-US Data Privacy Framework (for recipients certified under this framework), or
• the standard contractual clauses of the EU Commission pursuant to Article 46 (2) lit. c GDPR, or
• your express consent pursuant to Article 49 (1) lit. a GDPR.

8. Retention Periods

We process and store your personal data only for as long as is necessary to fulfil contractual or statutory obligations. If the data is no longer required to fulfil contractual or statutory obligations, it is regularly deleted, unless its further processing, for a limited period, is necessary to fulfil retention obligations under commercial or tax law (typically 6 to 10 years).

9. Your Rights as a Data Subject

You have the following rights with regard to the personal data concerning you:

• Right of access (Article 15 GDPR)
• Right to rectification or erasure (Articles 16, 17 GDPR)
• Right to restriction of processing (Article 18 GDPR)
• Right to object to processing (Article 21 GDPR)
• Right to data portability (Article 20 GDPR)

You also have the right to lodge a complaint with a data protection supervisory authority about the processing of your personal data by us.

10. Right to Object

If your personal data is processed on the basis of legitimate interests pursuant to Article 6 (1) lit. f GDPR, you have the right to object to the processing of your personal data pursuant to Article 21 GDPR, provided that there are grounds to do so arising from your particular situation.

11. Updates to This Privacy Policy

We reserve the right to update this privacy policy from time to time so that it always complies with current legal requirements or to reflect changes to our services in the privacy policy, e.g. when introducing new services. The new privacy policy will then apply to your next visit.

12. Contact for Data Protection Matters

If you have questions about data protection at ChainMore, please contact us at: support@chainmore.io.

Last updated: May 2026