Copyright 2025 © Chain Income Group
Your privacy and data protection are fundamental to our mission. Learn how Chain Income Group collects, uses, and protects your personal information with institutional-grade security standards.
Chain Income Group is the data controller responsible for your personal information collected through our platform and services.
Email: [email protected]
Data Protection Officer: [email protected]
Address: 32 Threadneedle Street, London, England, EC2R 8AY
We collect different types of personal data depending on your interactions with our platform. Transparency is fundamental to our data practices.
Basic information required to create and maintain your investor account.
Information about your investor profile, preferences, and account settings.
Documents required for KYC/AML compliance and regulatory obligations.
Payment details and transaction records for processing investments and payouts.
Information about how you interact with our platform and services.
Records of your interactions with our support and services teams.
We process personal data only for specific, legitimate purposes required to operate our platform and comply with legal obligations.
To provide, operate, and maintain our investment platform and related services.
Contractual NecessityTo verify identity, assess eligibility, and complete account registration processes.
Legal ObligationTo process deposits, investments, withdrawals, and monthly distribution payments.
Contractual NecessityTo comply with AML, CTF, tax reporting, and other regulatory requirements.
Legal ObligationTo detect, prevent, and investigate fraud, security incidents, and unauthorized access.
Legitimate InterestTo provide assistance, respond to inquiries, and resolve account issues.
Contractual NecessityTo analyze usage, improve features, and optimize user experience through analytics.
Legitimate InterestTo send account notifications, statements, updates, and administrative messages.
Contractual NecessityWe use cookies and similar tracking technologies to enhance platform functionality, analyze performance, and improve your experience.
What are cookies? Cookies are small text files stored on your device when you visit our website. They help us recognize you, remember your preferences, and provide essential platform functionality.
You can manage cookie preferences through our cookie consent manager or your browser settings. Note that disabling certain cookies may affect platform functionality.
You have full control over non-essential cookies. Visit our Cookie Policy for detailed information about the cookies we use and how to manage your preferences.
We share personal data only when necessary to provide services, comply with legal obligations, or with your explicit consent.
We do not sell your personal data. Your information is shared only with trusted partners under strict contractual agreements and appropriate safeguards.
Your data may be processed in countries outside your residence, including regions outside the EEA, with appropriate safeguards in place.
As a global infrastructure investment platform, we work with partners and service providers in multiple jurisdictions. When personal data is transferred internationally, we implement appropriate safeguards:
All international data transfers are governed by contracts ensuring your data receives equivalent protection regardless of processing location. Contact our Data Protection Officer for specific transfer mechanism details.
We retain personal data only as long as necessary to fulfill stated purposes, comply with legal obligations, and resolve disputes.
Retained for statutory periods required by applicable law, typically 5-10 years after account closure.
5-10 YearsRetained as required by anti-money laundering regulations, commonly 5-10 years after last transaction.
5-10 YearsRetained until you opt out or withdraw consent, then deleted within 30 days.
Until Opt-OutAggregated, anonymized usage data may be retained indefinitely for platform improvement.
AnonymizedYou have significant control over your personal data. Depending on your jurisdiction, you may exercise the following rights.
Request a copy of the personal data we hold about you, including details about how it's processed.
Correct inaccurate or incomplete personal data we maintain in your account or records.
Request deletion of your personal data where legal requirements are met (right to be forgotten).
Limit how we process your data in certain circumstances, such as during dispute resolution.
Object to processing based on legitimate interests, including marketing and profiling activities.
Receive your data in a structured, machine-readable format for transfer to another service.
Revoke consent for processing based on your approval, without affecting prior lawful processing.
Lodge a complaint with your local data protection supervisory authority if you believe we've violated your rights.
To exercise any of these rights, contact us at [email protected] or [email protected]. We may require identity verification before fulfilling requests. We will respond within the timeframe required by applicable law, typically 30 days.
We implement institutional-grade security measures to protect your personal data from unauthorized access, loss, or misuse.
AES-256 encryption for data at rest, TLS 1.3 for data in transit, end-to-end protection across all systems.
Role-based permissions, principle of least privilege, multi-factor authentication for all accounts.
24/7 intrusion detection, real-time threat monitoring, automated security alerts and incident response.
Quarterly penetration testing, annual SOC 2 Type II audits, continuous vulnerability assessments.
Isolated databases, strict access logging, segregated environments for production and testing.
Automated encrypted backups, disaster recovery procedures, 99.99% uptime SLA commitment.
Important Notice: While we implement industry-leading security measures, no system is completely impervious to threats. We continuously update our security protocols to address emerging risks and maintain the highest standards of data protection.
If you suspect unauthorized access to your account or a security breach, contact us immediately at [email protected]. We maintain cyber insurance coverage and incident response procedures to address security events promptly.
Our services are intended for qualified investors and professionals. We do not knowingly collect data from minors.
Minimum Age Requirement: You must be at least 18 years old (or the age of majority in your jurisdiction) to use our platform. Infrastructure investment services require legal capacity to enter into binding contracts.
Our platform may contain links to external websites and integrate with third-party services not operated by us.
When you access third-party websites or services through our platform, you leave our controlled environment and are subject to the privacy policies and terms of those external services.
We carefully vet partners for security and compliance standards, but cannot guarantee their practices. Key partners include payment processors, custodians, KYC providers, and infrastructure operators. Contact us for specific partner privacy policy links.
We may update this Privacy Policy to reflect changes in our practices, legal requirements, or service offerings.
Last Updated: December 23, 2025
We recommend reviewing this Privacy Policy periodically. The "Last Updated" date at the top of this page indicates when changes were last made. Subscribe to platform notifications to receive alerts about policy updates.
Questions, concerns, or requests regarding this Privacy Policy or your personal data? We're here to help.
For account questions, service inquiries, and general privacy concerns.
[email protected]For data rights requests, privacy policy questions, and compliance matters.
[email protected]For regulatory inquiries, subpoenas, and formal legal correspondence.
[email protected]Lodge formal complaints with supervisory authorities or directly through our platform.
Contact Form →Response Time: We aim to respond to all privacy inquiries within 30 days, as required by applicable data protection laws. Complex requests may require additional time, in which case we will notify you of the extension and reasons.
Supervisory Authority: If you believe we have not adequately addressed your privacy concerns, you have the right to lodge a complaint with your local data protection supervisory authority. For EU residents, find your authority at EDPB Member List.
Your trust is paramount. We've built our platform with institutional-grade privacy and security at the core. Experience transparent, compliant infrastructure investing.