Privacy Policy
Last updated: 1 July 2026
This Privacy Policy explains how we collect, process and protect personal data. By publishing this Policy, we aim to make it easy for our users and the public to understand what personal data we collect and store, why we do so, how we receive and use it, and the rights individuals have with respect to their personal data in our possession.
This is a lite version of our Privacy Policy, reflecting the limited functionality of our business currently. As our products and services continue to develop, we will update and expand this Policy accordingly. Please read this Policy carefully before sharing any personal data with us in any manner.
This Policy has been drafted to comply with both:
- the EU General Data Protection Regulation (GDPR), as a company whose services are directed at individuals in the EU; and
- the UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (UAE PDPL), as a company incorporated in the UAE.
Where there is any conflict between the two regimes, we apply the higher standard of protection.
1. Who We Are
CLARENDON PAYD (DMCC-997755) is a company incorporated in the United Arab Emirates (we, us or our).
We operate the “Block Receipt” application enabling users to create human readable receipts for blockchain transactions (Application).
The Application will be hosted at https://blockreceipt.io (Site). The Site is hosted on Google Cloud Platform infrastructure, with our database located in the European Union.
We are the data controller in respect of the personal data collected through the Application or Site. If you have any questions about this Policy or how we handle your personal data, please contact us using the details in Section 10.
2. What Personal Data We Collect
At this stage, the only personal data we collect through the Application or the Site is the information you provide when connecting your wallet to the Application or interacting with the Application, which may include:
- First name;
- Last name;
- Email address;
- Business name; and
- Blockchain data, including wallet addresses, transaction hashes, transaction amounts and timestamps.
To be clear, you are not required to share the above information with us to access and use the Application and have discretion on how much information you share with us.
We do not collect any other categories of personal data through the Application or Site at this time, including special category data, financial data or identification documents, though we may do so in the future.
In circumstances where we collect other types personal data about an individual, we will process this information in accordance with this Policy.
3. How We Collect Your Personal Data
We collect your personal data directly from you when you voluntarily connect your wallet to the Application, interact with the Application, send us an enquiry about the Application or otherwise deal with us.
We may also collect certain technical data automatically when you visit the Site, including:
- IP address;
- Browser type and version;
- Device type; and
- Pages visited and time spent on the Site.
This technical data is collected via cookies and similar technologies. Please see Section 8 below for further information.
4. Why We Use Your Personal Data and Our Legal Basis
We only process your personal data where we have a lawful basis to do so under the GDPR. The table below sets out our purposes and the legal basis on which we rely upon.
| Purpose | Categories of Data | Lawful Basis (GDPR) |
|---|---|---|
| To access the Application and send you updates about our products and services | First name, last name, email address, business name | Consent (Art. 6(1)(a) GDPR; Art. 8 UAE PDPL) - you provide this information voluntarily and we will only contact you where you have agreed to receive communications from us |
| To operate and perform the functions of the Application | Blockchain data (wallet addresses, transaction hashes, transaction amounts and timestamps). | Performance of a contract (Art 6(1)(b)); Art. 9 UAE PDPL) - processing is required to deliver the core function of the Application |
| To operate, maintain and improve the Site | Technical and usage data (via cookies) | Legitimate interests (Art. 6(1)(f) GDPR; Art. 9 UAE PDPL) for strictly necessary cookies; Consent (Art. 6(1)(a) GDPR; Art. 8 UAE PDPL) for non-essential analytics cookies |
| To comply with our legal obligations | Any relevant data above | Compliance with a legal obligation (Art. 6(1)(c) GDPR; Art. 9 UAE PDPL) |
You may withdraw your consent at any time by contacting us at the details in Section 10 or by clicking the unsubscribe link in any email we send you. Withdrawal of consent does not affect the lawfulness of processing carried out before withdrawal.
5. Who We Share Your Personal Data With
We share your personal data only with the following categories of third parties, each of which is subject to appropriate contractual safeguards:
- Google Cloud Platform (GCP): cloud infrastructure and database hosting. GCP acts as our data processor, and we have a Data Processing Agreement in place with Google.
- Email and communications service providers: where we use third-party tools to send you updates or communications, those providers act as our data processors.
- Professional advisors: including legal, compliance and accounting advisers, where necessary.
- Regulators and public authorities: where required by applicable law.
We do not share your personal data with any other third parties at this stage of our business. We never sell your personal data.
6. International Data Transfers
Your personal data is stored in our database, which is located in the European Union. As a UAE-based company collecting data from EU individuals and storing it in the EU, we are subject to GDPR requirements in respect of that processing.
As a UAE-incorporated entity, we are also subject to the cross-border data transfer requirements of the UAE PDPL. The UAE PDPL restricts the transfer of personal data outside the UAE to countries or organisations that do not provide an adequate level of protection, unless appropriate safeguards are in place or a permitted exception applies.
Where your personal data is transferred between the EU and the UAE (for example, when our team accesses the database), we ensure that appropriate safeguards are in place. These include:
- reliance on the European Commission’s Standard Contractual Clauses where applicable; and
- internal access controls limiting who can access personal data and from where.
You may request further information about the safeguards we apply to international transfers by contacting us using the details in Section 10.
7. How Long We Keep Your Personal Data
We retain personal data only for as long as necessary for the purposes described in this Policy. Our current retention approach is as follows:
| Category of Data | Retention Period |
|---|---|
| User-provided data (name, email, business name) | Until you withdraw consent or request deletion, or for such longer period as required by applicable law |
| Blockchain data (wallet addresses, transaction hashes, amounts, timestamps) | For the duration of your use of the Application, plus 2 years following disconnection or deletion request, or for such longer period as required by applicable law |
| Technical and usage data (cookies and analytics) | As set out in our cookie notice; generally no longer than 12 months |
| Records needed to evidence legal compliance | For as long as required by applicable law, typically up to 6 years |
When personal data is no longer required, we will delete it or irreversibly anonymise it.
8. Cookies and Similar Technologies
The Site uses cookies and similar technologies. Cookies are small text files placed on your device when you visit a website.
We may use analytics cookies (such as those provided by Google Analytics) to understand how visitors use the Site. These cookies are non-essential and are only set with your consent. You can accept or decline these via our cookie banner when you first visit the Site.
You can manage your cookie preferences at any time via the cookie settings on the Site, or by adjusting your browser settings. Please note that blocking certain cookies may affect the functionality of the Site.
9. Your Rights
Subject to applicable law, you have the following rights in relation to your personal data under both the GDPR and the UAE PDPL:
- Access: to obtain a copy of the personal data we hold about you.
- Rectification: to have inaccurate or incomplete data corrected.
- Erasure: to request deletion of your personal data where there is no overriding lawful reason for us to retain it.
- Restriction: to restrict our processing of your data in certain circumstances.
- Objection: to object to processing based on our legitimate interests.
- Portability: to receive your data in a structured, machine-readable format.
- Withdraw consent: to withdraw consent at any time where we rely on it as our lawful basis.
- Complain: to lodge a complaint with a supervisory authority.
To exercise any of these rights, please contact us using the details in Section 10. We will respond within one month of receiving your request. We may need to verify your identity before processing your request.
If you are located in the EEA and believe we have not handled your personal data in accordance with the GDPR, you have the right to lodge a complaint with your local data protection supervisory authority. A list of EEA supervisory authorities is maintained by the European Data Protection Board at edpb.europa.eu.
If you are located in the UAE, or wish to raise a concern under the UAE PDPL, you may also contact us directly using the details in Section 10. Once the UAE Data Office is fully operational and accepting complaints, you will also have the right to escalate unresolved concerns to that authority. We will update this Policy to include the relevant contact details once the UAE Data Office publishes them.
10. Contact Us and Changes to This Policy
If you have any questions about this Policy or wish to exercise your rights, please contact us at:
Email: privacy@blockreceipt.io
Postal: Unit UT-12-CO-66 DMCC Business Centre Level No 12 Uptown Tower Dubai UAE
We may update this Policy from time to time to reflect changes in our practices, the law, or the development of our Application. We will post the updated Policy on the Site and update the “Last updated” date above. Where changes are material, we will provide you with notice. All changes are effective from the date of publication unless otherwise stated.
As our products and services develop and our data processing activities expand, we will publish an updated version of this Policy at that time.