• Home
  • Privacy Policy

Privacy Policy

Compliant with the UK GDPR and the Data Protection Act 2018

1. Who we are

This Privacy Policy explains how Soken Ltd (“Soken”, “we”, “us” or “our”) collects and uses personal data in connection with our website https://soken.io (the “Site”), our free online tools (Crypto Legal Map, Wallet Wrapped, Contract X-Ray) and our paid professional services.

Soken Ltd is a company registered in England and Wales under company number 15253906, with its registered office at 86-90 Paul Street, London, EC2A 4NE, United Kingdom. Soken is the data controller for the personal data described in this policy.

For any privacy-related question, including the exercise of your data-protection rights, please contact: info@soken.io or write to Soken Ltd, 86-90 Paul Street, London, EC2A 4NE, United Kingdom. Our ICO registration number is [ICO registration pending] — we will update this policy once registration is confirmed.

2. What personal data we collect

We collect the following categories of personal data, and only to the extent it is necessary:

(a) Contact and enquiry data. When you contact us through the Site, by email or through Telegram, we collect your name, email address, organisation (if provided), the content of your message and any attachments you choose to share.

(b) Engagement data. When we enter into a paid engagement, we collect the information required to deliver the service and to comply with our legal and accounting obligations: billing contact, company details, signed SoW, invoices, and records of communication relating to the engagement.

(c) Wallet addresses and on-chain inputs. When you voluntarily submit a wallet address or a contract address to Wallet Wrapped or Contract X-Ray, we process that address and the corresponding public on-chain data solely to return the requested analysis. Wallet addresses and contract addresses are generally pseudonymous but may constitute personal data under the UK GDPR when combined with other information; we handle them accordingly.

(d) Technical and analytics data. If you consent to analytics via our cookie banner, we process standard analytics data such as IP address (truncated where the provider supports it), device type, browser, operating system, referrer, pages visited, interaction events and session recordings (Microsoft Clarity). Analytics are strictly consent-gated through Google Consent Mode v2, which defaults to denied.

(e) Marketing data. Where you expressly opt in to a newsletter or mailing list, we collect the email address you provide and keep a record of your opt-in.

We do not intentionally collect special-category personal data (for example, health, political opinions, or biometric data). Please do not submit such data to us unless you have specifically agreed with us that we need it for a defined purpose.

3. Purposes and legal bases for processing

We process personal data only where we have a lawful basis to do so under Article 6 of the UK GDPR. The table below summarises how each purpose maps to a legal basis.

Performance of a contract (Art. 6(1)(b)): entering into and delivering paid services under a Statement of Work; invoicing and payment; providing and supporting the deliverables.

Legitimate interests (Art. 6(1)(f)): operating and securing the Site and the free tools; responding to business enquiries; preventing fraud and abuse; defending legal claims; internal administration and portfolio management. Where we rely on legitimate interests, we have balanced those interests against your rights and freedoms; you may object to this processing at any time (see section 7).

Consent (Art. 6(1)(a)): analytics (Google Analytics, Microsoft Clarity), session replay, non-essential cookies, and newsletter subscriptions. You can withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.

Legal obligation (Art. 6(1)(c)): complying with tax, accounting, sanctions and anti-money-laundering law, and responding to lawful requests from UK authorities.

4. Retention schedule

We do not keep personal data for longer than we need it. Our standard retention periods are as follows, subject to any overriding legal obligation:

Enquiries and contact-form submissions: up to 2 years from last contact, then deleted or anonymised.
Contracts, SoWs and invoices: 7 years, in line with UK record-keeping obligations under HMRC and Companies Act rules.
Audit-engagement working papers: 7 years from completion of the engagement.
Analytics data: Google Analytics is configured with a 14-month user-data retention window; Microsoft Clarity sessions expire in line with Clarity’s standard 1-year cookie policy.
Wallet Wrapped / Contract X-Ray inputs: wallet and contract addresses submitted to these tools are processed in real time and are not stored on our servers after the analysis has been returned. We may retain aggregated, non-identifying usage statistics.
Newsletter list: until you unsubscribe, plus a short suppression record to honour opt-outs.

5. Recipients and sub-processors

We share personal data only with trusted service providers who help us run the Site and deliver our services. Our current sub-processors include:

Vercel Inc. (United States) — hosting of the Site and preview environments.
Google LLC (United States) — Google Analytics (consent-gated via Google Consent Mode v2).
Microsoft Corporation (United States) — Microsoft Clarity session replay and product analytics (consent-gated).
GitHub, Inc. (United States) — publication of public audit reports at github.com/sokenteam, where the relevant client has not requested private delivery.
Telegram FZ-LLC — messaging channel with UK representation, used for client support and enquiries.
Email delivery provider (for example SendGrid / Amazon SES or equivalent) — transactional and newsletter email delivery, where applicable.
Payment processors, banks and accountants — handling invoice payments and fulfilling tax obligations.

We will never sell your personal data. We may disclose personal data to competent authorities where we are legally required to do so.

6. International transfers

Several of our sub-processors are established outside the United Kingdom, principally in the United States. Where personal data is transferred outside the UK, we rely on the UK International Data Transfer Agreement (IDTA) or the UK Addendum to the EU Standard Contractual Clauses, combined with a Transfer Impact Assessment, as our Article 46 UK GDPR safeguards. A copy of the relevant transfer mechanism is available on request from info@soken.io.

7. Your rights

Under the UK GDPR and the Data Protection Act 2018, you have the following rights in relation to your personal data:

Right of access — to obtain confirmation of whether we process your data and a copy of it.
Right to rectification — to have inaccurate or incomplete data corrected.
Right to erasure (‘right to be forgotten’) — to have your data deleted in defined circumstances.
Right to restrict processing — to limit how we use your data in defined circumstances.
Right to data portability — to receive certain data in a structured, machine-readable format.
Right to object — to object to processing based on legitimate interests, including direct marketing.
Rights in relation to automated decision-making — not to be subject to a decision based solely on automated processing that produces legal or similarly significant effects on you (see section 8).
Right to withdraw consent — where processing is based on consent, you may withdraw it at any time via the cookie banner or by contacting us.
Right to lodge a complaint — with the Information Commissioner’s Office (ICO), the UK data-protection regulator, at https://ico.org.uk/make-a-complaint/. We would appreciate the chance to address your concerns first, but you do not have to contact us before complaining to the ICO.

To exercise any right, please email info@soken.io. We will respond within one month, as required by UK GDPR.

8. Automated decision-making and profiling

The Wallet Wrapped tool generates a “personality archetype” summary based on on-chain activity associated with the wallet address you submit. This involves profiling within the meaning of Article 4(4) of the UK GDPR. However, the output is informational and entertainment-oriented only: it does not produce any legal effect, credit decision, access-control outcome or similarly significant effect on you, and it is not used by Soken to make decisions about you. You can avoid this profiling entirely by not submitting a wallet address to Wallet Wrapped.

We do not carry out solely automated decision-making with legal or similarly significant effects under Article 22 UK GDPR in any other part of our services.

9. Cookies and tracking

The Site uses a small number of cookies and similar technologies. A consent banner is displayed on first visit, and all non-essential tracking is default-denied under Google Consent Mode v2 until you grant consent.

Essential (always active)

soken_consent_v1 — localStorage entry storing your consent preference. Duration: 12 months. Purpose: remembering your cookie-banner choice so we do not show it on every visit.

Analytics (consent-gated)

_ga, _ga_* — Google Analytics 4. Duration: up to 14 months. Purpose: aggregated site-usage analytics.
_clck, _clsk — Microsoft Clarity. Duration: up to 1 year. Purpose: session replay and heatmaps to improve Site usability.
— Google Consent Mode v2 signals (ads_storage, analytics_storage, etc.) — default to denied until consent is given.

You can change your consent at any time by clearing your browser storage for the Site or by using the “manage cookies” control exposed by the consent banner.

10. Children

The Site, the free tools and our services are intended for adult professionals aged 18 or over. We do not knowingly collect personal data from children. If you believe that a child has provided personal data to us, please contact info@soken.io and we will delete it promptly.

11. Changes to this policy

We may update this Privacy Policy from time to time to reflect changes to our services, to the law, or to our sub-processors. The current version is always published at https://soken.io/privacy-policy.html. Material changes will be highlighted in the banner on the Site and, where you have an active engagement with us, notified to you by email.

12. Complaints to the ICO

If you are not satisfied with how we have handled your personal data, you have the right to complain to the UK Information Commissioner’s Office:

Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF.
Helpline: 0303 123 1113.
Online: https://ico.org.uk/make-a-complaint/

Chat