Privacy Policy

Last updated: February 2025

Who We Are

Thoughtcrime is a trading name of Trend IT OÜ, a privacy and security consulting business registered in Estonia (Registry Code: 12637197, VAT: EE101824907). This policy explains how we handle your personal data.

Data Controller: Trend IT OÜ (trading as Thoughtcrime), Laki tn 32-205, 12915 Tallinn, Estonia

Contact: hello@thoughtcrime.ee

What We Collect

Information you provide directly:

• Contact information (name, email, phone) when you reach out to us
• Client intake form data when engaging our services
• Payment information processed through our payment providers
• Communications via email, Signal, or other channels

Information collected automatically:

• Basic server logs (IP address, browser type, pages visited)
• We do NOT use cookies for tracking
• We do NOT use third-party analytics services

What We Don't Collect

We never collect, store, or have access to:

• Your private keys, seed phrases, or wallet passwords
• Your encryption passphrases
• Your cryptocurrency holdings or transaction history
• Device credentials you create during our services

How We Use Your Data

We use collected information to:

• Provide and improve our services
• Communicate with you about your engagement
• Comply with legal obligations (tax, anti-money laundering)
• Protect against fraud and abuse

We do NOT use your data for marketing purposes without explicit consent.

Legal Basis (GDPR)

We process your data under these legal bases:

• Contract performance: To provide services you've requested
• Legal obligation: Tax records, AML compliance
• Legitimate interest: Business operations, security
• Consent: Marketing communications (when applicable)

Data Sharing

We do not sell your personal data. We may share data with:

• Service providers: Payment processors, email services (under strict data protection agreements)
• Legal authorities: When required by law or valid legal process
• Professional advisors: Accountants, lawyers (under confidentiality obligations)

Data Retention

• Client records: 5 years after service completion (legal/tax requirements)
• Communications: Duration of business relationship + 2 years
• Server logs: 90 days maximum
• Marketing contacts: Until you unsubscribe

Your Rights

Under GDPR, you have the right to:

• Access: Request a copy of your personal data
• Rectification: Correct inaccurate data
• Erasure: Request deletion (subject to legal retention requirements)
• Restriction: Limit how we process your data
• Portability: Receive your data in a portable format
• Object: Object to certain processing activities

To exercise these rights, contact us at hello@thoughtcrime.ee.

International Transfers

We primarily store data within the EU. If we transfer data outside the EU, we ensure appropriate safeguards are in place (Standard Contractual Clauses or adequacy decisions).

Security

We implement appropriate technical and organizational measures to protect your data, including encryption, access controls, and secure communications. However, no method of transmission or storage is 100% secure.

Changes to This Policy

We may update this policy periodically. Significant changes will be communicated via email or website notice.

Complaints

If you have concerns about how we handle your data, please contact us first. You also have the right to lodge a complaint with a supervisory authority (Estonian Data Protection Inspectorate: www.aki.ee).

Contact

For privacy-related inquiries: hello@thoughtcrime.ee