Last updated: March 15, 2026
The data controller for personal data is SealTrust SAS, represented by its President, Badredine Bouchelia. SealTrust SAS is in the process of registration, with its registered office located in Lyon, France. As the data controller, SealTrust determines the purposes and means of personal data processing implemented in connection with the Service.
As part of providing the Service, SealTrust collects the following categories of personal data: identification data (last name, first name, email address, phone number); connection data (IP address, connection logs, browser type, operating system); transaction data (product verification history, ownership transfers, blockchain operations); location data (approximate geolocation during NFC scans, with prior consent); professional data (company name, position, industry for partner accounts). Data is collected directly from the User or generated through the use of the Service.
Personal data processing by SealTrust is based on the following legal grounds: performance of the contract (Article 6.1.b GDPR) for processing necessary for the provision of the Service, including account creation, product authentication, and ownership transfer; User consent (Article 6.1.a GDPR) for processing related to non-essential cookies, geolocation, and marketing communications; SealTrust's legitimate interest (Article 6.1.f GDPR) for processing related to Service security, fraud prevention, and Service improvement; compliance with a legal obligation (Article 6.1.c GDPR) for the retention of connection and billing data.
Personal data is retained only for as long as strictly necessary for the purposes for which it is processed. Account data is retained for the duration of the contractual relationship, then archived for 3 years from account deletion. Connection data (logs) is retained for 12 months in accordance with legal obligations. Blockchain transaction data is retained indefinitely due to the immutable nature of the blockchain, but associated personal data (off-chain) is deleted according to the stated timeframes. Billing data is retained for 10 years in accordance with accounting obligations. Cookies have a maximum lifespan of 13 months.
In accordance with the GDPR and French data protection legislation, the User has the following rights: right of access (Article 15 GDPR) — to obtain confirmation that their data is being processed and to receive a copy; right to rectification (Article 16 GDPR) — to request the correction of inaccurate or incomplete data; right to erasure (Article 17 GDPR) — to request the deletion of their data in cases provided by regulation; right to restriction of processing (Article 18 GDPR) — to request the suspension of data processing; right to data portability (Article 20 GDPR) — to receive their data in a structured, commonly used format; right to object (Article 21 GDPR) — to object to the processing of their data on legitimate grounds; right to withdraw consent at any time when processing is based on consent. To exercise these rights, the User may contact the DPO at dpo@sealtrust.io. SealTrust undertakes to respond within one month. In case of difficulty, the User may file a complaint with the CNIL (www.cnil.fr).
SealTrust implements appropriate technical and organizational measures to ensure the security and confidentiality of personal data, and in particular to protect it against unauthorized access, loss, alteration, or disclosure. These measures include: encryption of data in transit and at rest using industry-standard methods; multi-factor authentication for administrator accounts; cryptographic key management via enterprise-grade key management services; regular security audits and penetration testing; data access restriction based on the principle of least privilege; logging and monitoring of system access. SealTrust commits to notifying the CNIL and affected individuals in the event of a data breach within 72 hours of discovery, in accordance with Article 33 of the GDPR.
The SealTrust website uses cookies and similar technologies. Strictly necessary cookies (authentication, language preferences, security) are placed without prior consent as they are essential for the Service to function. Analytics cookies (audience measurement, Service improvement) are only placed with the User's prior consent via the consent banner. SealTrust does not use advertising cookies or trackers for commercial profiling purposes. The User may change their cookie preferences at any time through the website settings. Removing necessary cookies may affect the functioning of the Service.
For any questions regarding the protection of your personal data or to exercise your rights, you may contact our Data Protection Officer (DPO): by email at dpo@sealtrust.io; by post to SealTrust SAS — DPO, Lyon, France. The DPO undertakes to acknowledge receipt of your request within 48 hours and to respond within a maximum of one month. This period may be extended by two additional months for complex requests, in which case you will be informed.