ChainTwin
Back to home

Privacy Policy

Last updated: February 8, 2026

1. Overview

ChainTwin ("we", "us") respects your privacy. This Privacy Policy explains what data we collect, why we collect it, how we protect it, and your rights — including under GDPR and Saudi Personal Data Protection Law (PDPL).

2. Data We Collect

Account data: Name, business email, company name, phone, country.

Shipment data: Origin/destination, product descriptions, HS codes, weights, quantities, invoice values, uploaded photos and PDFs.

Technical data: IP address, browser user-agent, device type, login timestamps. Used for security, rate-limiting, and fraud detection.

AI processing: Product photos and invoice PDFs you upload are processed by ChainTwin's AI extraction engine. Data is handled per our privacy policy and is not retained for training.

3. How We Use Your Data

  • Provide the shipping, customs, and pricing services you request.
  • Match you with appropriate freight forwarders and customs brokers.
  • Detect fraud, abuse, and security threats.
  • Send transactional emails (account verification, password reset, shipment updates).
  • Improve our service (in aggregated, anonymized form only).

4. Data Storage & Security

Data is stored in MongoDB instances within secure cloud infrastructure. We use:

  • HTTPS/TLS for all data in transit.
  • Hashed (SHA-256) passwords — we cannot recover your password, only let you reset it.
  • HttpOnly session tokens with 7-day expiration.
  • Account lockout after 5 failed login attempts.
  • Cloudflare Turnstile bot protection on auth endpoints.
  • HSTS, CSP, X-Frame-Options, and Permissions-Policy security headers on every response.

5. Data Sharing

We share data only with:

  • The freight forwarder you select (route, cargo, weight — needed to fulfill your shipment).
  • The customs broker assigned to your shipment.
  • ChainTwin's AI extraction engine (see Section 2).
  • Email delivery providers (Resend) for transactional emails.
  • Government authorities when legally required (ZATCA, customs).

We do NOT sell or rent your data to advertisers or third parties.

6. Your Rights

Under GDPR and Saudi PDPL, you have the right to:

  • Access a copy of all data we hold about you.
  • Correct any inaccurate data.
  • Delete your account and all associated data (right to erasure).
  • Export your data in a portable format.
  • Object to specific processing activities.
  • Withdraw consent at any time.

To exercise these rights, email privacy@chaintwin.com. We respond within 30 days.

7. Cookies

We use only essential cookies and `localStorage` for: session tokens, language preference, and Cloudflare Turnstile bot protection. We do not use analytics or advertising cookies.

8. Data Retention

Active accounts: data retained while account is active. Shipment records: retained for 7 years (Saudi tax/customs requirement). After account deletion: PII removed within 30 days, anonymized shipment analytics may be retained.

9. International Transfers

Data may be processed in Saudi Arabia, the EU, and the US (LLM and email providers). We use Standard Contractual Clauses where required for cross-border transfers.

10. Children

The Service is for business use only — not intended for anyone under 18.

11. Contact

Privacy questions: privacy@chaintwin.com.
Security issues: security@chaintwin.com.
Data Protection Officer: dpo@chaintwin.com.