Effective Date: February 12, 2026 Last Updated: February 12, 2026
1. INTRODUCTION
This Privacy Policy ("Policy") describes how 21Chains LLC, a limited liability company organized under the laws of the Commonwealth of Puerto Rico, doing business as "AlphaCanvas" ("Company," "we," "us," or "our"), collects, uses, stores, shares, and protects information in connection with the AlphaCanvas platform, website, applications, APIs, and related services (collectively, the "Service" or "Platform").
This Policy is part of and incorporated into the Subscription Agreement. By creating an account or using the Service, you consent to the data practices described in this Policy.
2. INFORMATION WE COLLECT
2.1 Identity and Account Data
- Full name, username, display name
- Email address
- Password (stored as a cryptographic hash; we do not store plaintext passwords)
- Profile preferences and settings
- Timezone and locale preferences
- Subscription tier and billing status
2.2 Financial and Payment Data
- Payment card or billing information (processed and stored by our third-party payment processor; we do not store full payment card numbers)
- Subscription history, invoices, and transaction records
- Billing address
2.3 Research and Analysis Data
- Research queries, prompts, and inputs submitted to analytical tools
- Scenario modeling configurations and parameters
- AI-generated research output and analysis results
- Saved research briefs and analysis history
- Monitoring workspace configurations and watchlists
2.4 AI Interaction Data
- Prompts, queries, and inputs submitted to AI-powered features
- AI-generated outputs and conversation history with Harold
- Model preferences and configuration settings
- Data Injection Engine query patterns and parameters
2.5 API Keys
- API keys for LLM providers (stored encrypted at rest)
2.6 Usage and Technical Data
- IP address, browser type and version, operating system, device type
- Pages visited, features used, click patterns, session duration
- Referring URLs and exit pages
- API call logs, error logs, and performance metrics
- Timestamps of actions and activities
2.7 Communications Data
- Support tickets, feedback submissions, and in-app messages
- Email correspondence with us
- Survey responses
2.8 Cookies and Tracking Technologies
- Session cookies (for authentication and security)
- Persistent cookies (for preferences and settings)
- Analytics cookies and pixels (for usage analytics)
- Advertising cookies and tracking pixels (for marketing)
- Local storage and session storage data
See Section 10 for details.
2.9 Data from Third Parties
- Information from authentication providers (OAuth/SSO login data from Google, etc.)
- Information from payment processors (transaction confirmations, billing status)
3. HOW WE USE YOUR INFORMATION
3.1 Service Operation
- Providing, operating, maintaining, and improving the Platform
- Processing your transactions and managing your subscription
- Authenticating your identity and securing your account
- Processing your inputs through AI/LLM providers
- Delivering market data and analytical features
- Delivering research briefs and market analysis
3.2 Product Development and Improvement
- Developing new features, tools, and capabilities
- Improving existing algorithms, workflows, and analytical methods
- Analyzing usage patterns to optimize Platform performance and user experience
- Conducting internal research on Platform usage and effectiveness
3.3 AI and Machine Learning
- Training, developing, testing, and improving our proprietary AI and machine learning models, algorithms, and analytical systems using aggregated, de-identified, or anonymized data derived from your use of the Service
- Improving analytical quality and model performance
- Creating benchmarks and performance metrics
Note: We will not use your individually identifiable research queries or API keys to train AI models. AI/ML training uses only aggregated and de-identified data that cannot be traced back to individual users.
3.4 Communications
- Sending account notifications and security alerts
- Delivering research briefs and market analysis based on your subscription tier
- Responding to your inquiries, support requests, and feedback
- Sending marketing and promotional communications (subject to your opt-out preferences)
3.5 Analytics and Research
- Conducting research, analysis, and statistical studies on Platform usage
- Generating aggregated reports, insights, and benchmarks
- Analyzing trends among user groups for product and business decisions
3.6 Marketing and Advertising
- Delivering targeted advertisements and promotional content
- Measuring the effectiveness of marketing campaigns
- Retargeting and remarketing across advertising platforms
3.7 Legal and Security
- Complying with applicable laws, regulations, and legal processes
- Enforcing our Terms of Service, Subscription Agreement, and other policies
- Detecting, preventing, and addressing fraud, abuse, and security incidents
- Protecting the rights, property, and safety of the Company, our users, and the public
3.8 Business Operations
- Supporting mergers, acquisitions, corporate reorganizations, and asset sales
- Financial reporting, auditing, and corporate governance
4. HOW WE SHARE YOUR INFORMATION
4.1 LLM and AI Providers
When you use AI-powered features, your inputs (including text prompts and contextual market data) are transmitted to third-party LLM providers for processing. Current providers include:
- Anthropic (Claude models) -- Privacy Policy
- OpenAI (GPT models) -- Privacy Policy
- xAI (Grok models) -- Privacy Policy
We contractually require API-tier providers to not use your data for their own model training. However, providers may retain data temporarily for abuse monitoring and safety purposes.
4.2 Service Providers
We share information with third-party service providers who perform services on our behalf, including cloud hosting, payment processing, customer support, email delivery, and error tracking. Service providers are contractually required to use your information only for providing services to us.
4.3 Analytics Providers
We share usage and technical data with analytics providers to understand Platform usage and improve our services.
4.4 Advertising and Marketing Partners
We may share information with advertising and marketing partners to deliver targeted advertisements, measure campaign effectiveness, and conduct retargeting.
4.5 Research Partners
We may share aggregated, de-identified, or anonymized data with research partners for academic, commercial, statistical, and market research purposes. Such data cannot be used to identify individual users.
4.6 Affiliated Companies
We may share information with our subsidiaries, parent companies, and affiliated entities for purposes consistent with this Policy.
4.7 Business Transfers
In the event of a merger, acquisition, reorganization, bankruptcy, asset sale, or similar corporate transaction, your information may be transferred as a business asset.
4.8 Legal and Government Requests
We may disclose your information:
- In response to lawful requests by public authorities;
- To comply with applicable laws, regulations, or legal processes;
- To enforce our Terms of Service and other policies;
- To protect the rights, property, or safety of the Company, our users, or the public;
- Where we have a good faith belief that disclosure is necessary to prevent fraud or violations of our Terms.
4.9 With Your Consent
We may share your information with third parties when you explicitly consent.
5. DERIVED AND AGGREGATED DATA
5.1 Creation of Derived Data
We may create aggregated, de-identified, anonymized, or pseudonymized data from your data (collectively, "Derived Data"). Once created, Derived Data is not considered Personal Data.
5.2 Use of Derived Data
Derived Data may be used by us for any lawful purpose, including product development, research, analytics, benchmarking, creating data products and statistical analyses, and sharing with third parties for commercial and research purposes, without restriction, obligation, or compensation to you.
5.3 Ownership
The Company owns all Derived Data and all intellectual property rights therein.
6. DATA RETENTION
| Data Category | Retention Period |
|---|---|
| Account and identity data | Duration of your account + 7 years after closure |
| Financial and payment data | 7 years after the relevant transaction |
| Research and analysis data | Duration of your account + 2 years after closure |
| AI interaction data | 2 years, or until anonymized |
| Usage and technical data | 3 years, or until anonymized |
| Communications data | 3 years after resolution |
| Log and security data | 1 year |
| Cookies | As specified in Section 10 |
| Aggregated/anonymized data | Indefinitely (no longer Personal Data) |
Upon account deletion, we will delete or anonymize your Personal Data within a reasonable time, except where retention is required by law or legitimate business purposes.
7. DATA SECURITY
We implement commercially reasonable technical and organizational measures to protect your information, including:
- Encryption at rest: API keys and sensitive data are encrypted using industry-standard algorithms
- Encryption in transit: All data transmitted between your browser and our servers is encrypted using TLS 1.2 or higher
- Authentication: JWT-based authentication with short-lived tokens and secure refresh mechanisms
- Access controls: Role-based access controls limiting employee access to user data
- Infrastructure: Hosted on industry-standard cloud infrastructure
No system is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.
8. YOUR RIGHTS AND CHOICES
8.1 Account Settings
You may update your account information, preferences, and communication settings through your account dashboard at any time.
8.2 Marketing Opt-Out
You may opt out of marketing communications by clicking the "unsubscribe" link in any marketing email, updating your preferences in account settings, or contacting privacy@alphacanvas.ai.
8.3 API Key Management
You may add, update, or delete your stored API keys at any time through your account settings.
8.4 Account Deletion
You may request deletion of your account by contacting privacy@alphacanvas.ai. Certain data may be retained as required by law or legitimate business interests. Aggregated and anonymized data will be retained indefinitely.
8.5 Data Export
You may request an export of your Personal Data by contacting privacy@alphacanvas.ai.
9. JURISDICTION-SPECIFIC RIGHTS
9.1 California Residents (CCPA / CPRA)
If you are a California resident, you have the following rights:
Right to Know: Request disclosure of the categories and specific pieces of Personal Information collected, sources, purposes, and recipients.
Right to Delete: Request deletion of your Personal Information, subject to exceptions.
Right to Correct: Request correction of inaccurate Personal Information.
Right to Opt-Out of Sale/Sharing: We may share Personal Information with advertising partners in ways that may constitute a "sale" or "sharing" under the CCPA. You may opt out by clicking the "Do Not Sell or Share My Personal Information" link on our website, contacting privacy@alphacanvas.ai, or enabling Global Privacy Control (GPC) in your browser.
Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.
Categories of Personal Information Collected:
| CCPA Category | Sold/Shared? |
|---|---|
| Identifiers (name, email, IP, account ID) | Yes (advertising) |
| Commercial Information (subscription history) | No |
| Internet Activity (usage data, browsing on Platform) | Yes (analytics, advertising) |
| Geolocation Data (IP-derived approximate location) | Yes (analytics) |
| Inferences (preferences derived from usage) | Yes (advertising) |
To exercise your rights: Contact privacy@alphacanvas.ai. We will verify your identity before processing requests.
9.2 European Economic Area, United Kingdom, and Switzerland (GDPR)
If you are located in the EEA, UK, or Switzerland:
Data Controller: 21Chains LLC, legal@alphacanvas.ai
Lawful Bases:
| Purpose | Lawful Basis |
|---|---|
| Service operation, billing | Performance of contract |
| Security, fraud prevention | Legitimate interest |
| Analytics, product improvement | Legitimate interest |
| AI/ML training (aggregated data) | Legitimate interest |
| Marketing to existing customers | Legitimate interest |
| Marketing (new customers, advertising) | Consent |
| Legal compliance | Legal obligation |
Your Rights: Access, rectification, erasure, restriction, portability, object, withdraw consent, and automated decision-making.
International Transfers: Your data may be transferred outside the EEA/UK. We rely on Standard Contractual Clauses (SCCs) to legitimize such transfers.
Data Protection Contact: dpo@alphacanvas.ai
Supervisory Authority: You have the right to lodge a complaint with your local data protection authority.
10. COOKIES AND TRACKING TECHNOLOGIES
| Cookie Type | Purpose | Duration |
|---|---|---|
| Essential | Authentication, security, session management | Session or up to 24 hours |
| Functional | User preferences, theme, settings | Up to 1 year |
| Analytics | Usage patterns, performance monitoring | Up to 2 years |
| Advertising | Targeted advertising, conversion tracking | Up to 2 years |
You can manage cookies through your browser settings. We honor the Global Privacy Control (GPC) signal as an opt-out of the sale/sharing of Personal Information under the CCPA.
11. CHILDREN'S PRIVACY
The Service is not directed to individuals under 18. We do not knowingly collect Personal Information from children under 18.
12. DATA BREACH NOTIFICATION
In the event of a data breach affecting your Personal Data, we will notify affected users and relevant regulatory authorities as required by applicable law.
13. CHANGES TO THIS POLICY
We may update this Policy from time to time. Material changes will be communicated at least thirty (30) days before they take effect.
14. CONTACT US
- General Privacy: privacy@alphacanvas.ai
- CCPA Requests: privacy@alphacanvas.ai
- GDPR / Data Protection: dpo@alphacanvas.ai
- Legal: legal@alphacanvas.ai
21Chains LLC (d/b/a "AlphaCanvas") Organized under the laws of the Commonwealth of Puerto Rico Website: https://alphacanvas.ai