Skip to content
Trace & AnchorShield for protection, interlocking link for traceability, and checkmark for verification.Trace & Anchor
Privacy Policy

Data Protection — Trace & Anchor

1. Introduction

This Privacy Policy describes how Delta Multimedia France (DMMF), a French SARL registered with the Béziers Trade Registry (SIRET 408 201 283 00053), collects, processes, and protects your personal data when you use the Trace & Anchor service — a digital proof-of-existence service based on cryptographic anchoring on the Solana blockchain. Trace & Anchor operates on the "Hash‑Only" principle: your original file never leaves your device; only its cryptographic fingerprint (TA‑SHA256) is transmitted to our servers. This architecture ensures data minimization by design (Article 5(1)(c) GDPR). By accessing traceandanchor.com or using the Service, you agree to the practices described below. For any questions, the Data Protection Officer (DPO) can be reached at dpo@traceandanchor.com.

2. Personal Data Collected
  • Identity data (KYC): name, surname, ID document — collected via our provider Sumsub in compliance with AML/CFT obligations
  • Contact details: email address, phone number (registration, support, notifications)
  • Solana wallet address: pseudonymous identifier, published on the blockchain
  • Browsing data: IP address, browser type, pages visited, session duration
  • Cryptographic fingerprints (TA‑SHA256 hash) of submitted files — irreversible, cannot be used to reconstruct the original file
  • Certificate metadata: Solana TXID, UTC timestamp, proof identifier (Record ID), verification QR code
  • Usage history: number of anchorings, MLRCOIN‑O token consumption, operation dates
  • Cookies and similar technologies (see section 4)
3. Purposes and Legal Bases for Processing
  • Contract performance (Art. 6(1)(b) GDPR): providing the anchoring service, generating proof certificates (HTML/PDF/JSON), managing your account and MLRCOIN‑O tokens
  • Legal obligation (Art. 6(1)(c) GDPR): KYC/AML identity verification in compliance with applicable regulations
  • Legitimate interest (Art. 6(1)(f) GDPR): Service security, fraud prevention, technical performance analysis, continuous improvement
  • Consent (Art. 6(1)(a) GDPR): newsletters and marketing communications (withdrawable at any time)
  • ⚠️ No original file is ever transmitted, stored, or accessible by DMMF — only the cryptographic fingerprint is processed (Hash‑Only principle)
  • DMMF never sells, rents, or shares your personal data for commercial or advertising purposes
4. Cookies & Tracking Tools
  • Strictly necessary cookies: authentication, session security, language preferences — no consent required
  • Analytics cookies: anonymized traffic measurement (page views, durations, bounce rate) — subject to your consent
  • No advertising cookies or profiling trackers are used by Trace & Anchor
  • You can manage your cookie preferences via the banner displayed on your first visit or in your browser settings. Refusing analytics cookies does not affect access to the Service.
5. Sub-processors and Data Sharing

DMMF uses the following sub-processors, each bound by a contract compliant with Article 28 of the GDPR:

  • OVH SAS (Roubaix, France): server and data hosting — located in France / European Union, with geographic replication
  • Sumsub: identity verification provider (KYC) — processing governed by a GDPR sub-processing agreement
  • Solana blockchain: cryptographic fingerprints and TXIDs are recorded on a public distributed ledger; this data is pseudonymous and contains no directly identifiable personal information
  • No sub-processor has access to users' original files. Only fingerprints and technical metadata are shared, strictly for Service execution.
6. Data Security

DMMF implements state-of-the-art technical and organizational measures: TLS encryption of communications, encryption at rest for sensitive data, application firewalls, role-based access control, security event logging, and a disaster recovery plan (DRP/BCP). Despite these measures, no internet transmission is entirely risk-free. You acknowledge the inherent risks of a distributed blockchain environment, including:

  • Loss or compromise of your Solana private keys (wallet), resulting in inability to access your MLRCOIN‑O tokens
  • Wallet address entry errors during token transfers
  • Temporary unavailability or congestion of the Solana network causing anchoring delays
  • In the event of a personal data breach, DMMF will notify the relevant supervisory authority within 72 hours (Art. 33 GDPR) and affected users without undue delay (Art. 34 GDPR)
7. Protection of Minors

The Trace & Anchor Service is strictly reserved for persons aged 18 or older. DMMF does not knowingly collect personal data from minors. If you become aware that a minor has submitted data through the Service, please contact dpo@traceandanchor.com immediately to request deletion.

8. International Data Transfers

Personal data is hosted in France / European Union (OVH servers). However, certain technical data — cryptographic fingerprints (hashes), transaction identifiers (TXIDs), and wallet addresses — are recorded on the Solana blockchain, whose validator nodes are distributed worldwide. This data is pseudonymous and contains no directly identifiable personal information. By using the Service, you consent to these technical transfers, which are necessary for blockchain anchoring. For any transfer outside the EU involving identifiable personal data, DMMF implements appropriate safeguards (European Commission standard contractual clauses or adequacy decisions).

9. Changes to the Policy

This Privacy Policy may be updated to reflect:

  • Evolution of the Trace & Anchor Service and its features
  • Regulatory changes (GDPR, MiCA, eIDAS 2.0, national laws)
  • Recommendations from the CNIL or other supervisory authorities

Changes are published on this page with the updated revision date. For material changes, DMMF will endeavor to notify users by email or in-app notification at least 15 days before they take effect. Continued use of the Service after publication constitutes acceptance of the new version.

10. Your Rights (GDPR)

Under the GDPR, you have the following rights over your personal data: right of access (Art. 15), right to rectification (Art. 16), right to erasure (Art. 17), right to restriction of processing (Art. 18), right to data portability (Art. 20), right to object (Art. 21). You may also withdraw your consent at any time for processing based on consent, without affecting the lawfulness of prior processing. To exercise these rights, contact the DPO at: dpo@traceandanchor.com. DMMF commits to responding within 30 days. In case of disagreement, you may lodge a complaint with your local supervisory authority (in France: CNIL — www.cnil.fr).

⚠️ Important note: cryptographic fingerprints and TXIDs recorded on the Solana blockchain are, by nature, immutable and cannot be modified or deleted. The right to erasure applies to data stored in DMMF's systems (database, user account), but not to on-chain records which are pseudonymous and public.

Privacy questions?
dpo@traceandanchor.com
Contact the DPO
Trace & Anchor | Blockchain Proof of Existence & Timestamping