Privacy Policy
Last updated: March 6, 2026
This Privacy Policy describes how Stablerail, Inc. ("Stablerail," "we," "us," or "our") collects, uses, and protects information when you use the Stablerail platform, website (stablerail.com), and all related services (the "Service").
By using the Service, you agree to the practices described in this Privacy Policy.
1. Information We Collect
1.1 Information You Provide
When you create an account or use the Service, you may provide:
Account information: name, email address, company name, country, business address, phone number, VAT number
Team member information: names, email addresses, and roles of individuals you invite to your organization
Counterparty information: names, email addresses, wallet addresses, and payment details of counterparties you add to the platform
Transaction metadata: payment amounts, descriptions, memos, invoice details, and approval records
Support communications: messages you send to us via email or other channels
1.2 Information Collected Automatically
When you access the Service, we automatically collect:
Device and browser information: browser type, operating system, device identifiers
Usage data: pages visited, features used, timestamps, and interaction patterns
IP address and approximate location (country-level)
Analytics data collected through Google Analytics
1.3 Wallet and Blockchain Information
When you use the Service, we process:
Public wallet addresses associated with your vaults and counterparties
On-chain transaction data (which is publicly available on the applicable blockchain)
Risk intelligence data obtained from third-party providers (AML Bot) based on public wallet addresses
We do not collect, store, or have access to private keys, seed phrases, recovery phrases, or MPC key shards. All key management is handled by third-party infrastructure (Privy).
1.4 Shadow Audit
When you use the Shadow Audit feature, you submit public wallet addresses for analysis. These addresses are used to generate a control gap report. Shadow Audit does not require account creation or wallet connection. Wallet addresses submitted for Shadow Audit are not stored beyond the analysis session unless you create an account and choose to save the report.
1.5 Lead Intelligence
We may use third-party services (such as RB2B) to identify companies visiting our website based on IP address resolution. This information is used for sales and marketing purposes and is limited to company-level identification, not individual identification.
2. How We Use Your Information
We use the information we collect to:
Provide, operate, and maintain the Service
Process and display transaction data, policy evaluations, risk dossiers, and audit trails
Perform counterparty risk assessments and sanctions screening using third-party data providers
Generate Proof-of-Control records and audit documentation
Send account-related communications (security alerts, policy change notifications, signing requests)
Respond to support requests
Analyze usage patterns to improve the Service
Comply with legal obligations, including anti-money laundering and sanctions requirements
Detect and prevent fraud, unauthorized access, or other prohibited activities
We do not sell your personal information to third parties.
3. How We Share Your Information
We share information only in the following circumstances:
3.1 Third-Party Service Providers
We share information with service providers that help us operate the Service, including:
Privy: wallet addresses and transaction signing requests (for MPC-based key management)
AML Bot: wallet addresses (for on-chain risk intelligence and sanctions screening)
NEAR Protocol: transaction data (for swap execution)
Google Analytics: anonymized usage data (for website analytics)
RB2B: IP-based company identification (for lead intelligence)
These providers process data on our behalf and are contractually obligated to protect your information.
3.2 Blockchain Networks
When transactions are executed through the Service, transaction data (including wallet addresses and amounts) is recorded on the applicable public blockchain. This data is publicly accessible and cannot be deleted or modified by Stablerail.
3.3 Your Organization
If you use the Service as part of an organization, other members of your organization with appropriate permissions may access your activity, including transaction records, approvals, and audit logs, in accordance with the role-based access controls configured for your organization.
3.4 Legal Requirements
We may disclose your information if required by law, regulation, legal process, or governmental request, or if we believe disclosure is necessary to protect the rights, property, or safety of Stablerail, our users, or others.
3.5 Business Transfers
In connection with any merger, acquisition, reorganization, or sale of assets, your information may be transferred as part of the transaction. We will notify you of any such transfer and any choices you may have regarding your information.
4. Data Retention
We retain your information for as long as your account is active or as needed to provide the Service. Audit trail data and Proof-of-Control records are retained for a minimum of seven (7) years to support compliance and audit requirements.
If you close your account, we will delete or anonymize your personal information within 90 days, except where retention is required by law or for legitimate business purposes (such as audit trail preservation).
Shadow Audit data for users without accounts is deleted at the end of the analysis session.
5. Data Security
We implement appropriate technical and organizational measures to protect your information, including encryption in transit (TLS) and at rest, role-based access controls, and audit logging of all system access.
However, no method of transmission or storage is completely secure. We cannot guarantee absolute security of your information.
6. Your Rights
Depending on your location, you may have the following rights regarding your personal information:
6.1 For All Users
Access: request a copy of the personal information we hold about you
Correction: request correction of inaccurate or incomplete information
Deletion: request deletion of your personal information, subject to legal retention requirements
Data Portability: request a copy of your data in a structured, machine-readable format
To exercise these rights, contact us at compliance@stablerail.com. We will respond within 30 days.
6.2 For Users in the European Economic Area (EEA), United Kingdom, and Switzerland
Under the General Data Protection Regulation (GDPR), you have additional rights:
Legal basis: we process your personal data based on contractual necessity (to provide the Service), legitimate interest (to improve the Service and prevent fraud), and consent (for marketing communications)
Right to object: you may object to processing based on legitimate interest
Right to restrict processing: you may request that we limit how we use your data
Right to withdraw consent: where processing is based on consent, you may withdraw consent at any time
Right to lodge a complaint: you may file a complaint with your local data protection authority
Our EU representative contact for GDPR inquiries: compliance@stablerail.com
6.3 For Users in California
Under the California Consumer Privacy Act (CCPA), California residents have the right to know what personal information we collect, request deletion, and opt out of the sale of personal information. We do not sell personal information.
7. International Data Transfers
Your information may be transferred to and processed in countries other than your own, including the United States. Where required by applicable law, we ensure appropriate safeguards are in place for international data transfers, such as standard contractual clauses approved by the European Commission.
8. Cookies and Tracking
We use cookies and similar technologies for:
Essential functionality: session management and authentication
Analytics: Google Analytics to understand usage patterns
You can control cookie preferences through your browser settings. Disabling certain cookies may affect the functionality of the Service.
9. Children
The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected information from a child, we will delete it promptly.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on our website with a revised "Last updated" date. For significant changes, we may also notify you by email.
11. Contact
For questions about this Privacy Policy or to exercise your data rights, contact us at:
Stablerail, Inc. compliance@stablerail.com