Home / Privacy Policy

Privacy Policy

How TraceByte handles your data when you use the free KYT check tool, browse our content, or contact us for advisory engagement.

Last updated · 2026-05-24 · v1.0
Summary in one line

We don't sell your data. The KYT check is stateless — addresses you submit are forwarded to public on-chain APIs and discarded after the response. Contact-form submissions reach our inbox via your own email client.

01Who we are

TraceByte is an Australia-focused AML/CTF compliance practitioner platform. It publishes regulatory analysis, provides a free on-chain address-risk screening tool, and offers paid advisory engagements. The service is operated as a sole practitioner under the name TraceByte; entity details will be updated when incorporated. For all enquiries: marshall.vip@gmail.com.

02What we collect

Free KYT address check

When you submit a wallet address for screening, the following is processed in memory only and not stored:

  • The wallet address you submitted
  • The chain you selected (ETH / BSC / TRON)
  • Standard request metadata (IP address, request timestamp, user-agent) as part of Cloudflare's edge logs — retained for up to 30 days for abuse prevention, then auto-deleted

Addresses you submit are not written to any database or query log. They are forwarded to upstream public on-chain APIs (e.g. Etherscan, BscScan, Tronscan, OFAC SDN list), the response is composed into a risk report, and both request and response are discarded after the HTTP call closes.

Contact form

The Advisory contact form does not POST data to our server. Clicking Send opens your default email client (mailto:) with the subject and body pre-filled. The email reaches us via your own mail provider — we receive only what you choose to send.

Downloads (Data Hub)

All downloads are static files served from the same domain. No registration, no email gate, no tracking pixel.

03What we do not collect

  • No accounts, no registration, no email capture for using the tool
  • No third-party analytics scripts (Google Analytics, Mixpanel, Segment, Hotjar, etc.)
  • No third-party advertising cookies or trackers
  • No customer identity binding to your queried addresses — we don't know who you are
  • No commercial PEP database is hosted on this site (use of commercial PEP feeds in production should be licensed directly from Refinitiv, Dow Jones or similar)

04Cookies and local storage

The site uses browser localStorage for two non-essential purposes:

  • aml_lang / tracebyte_lang — your selected interface language (zh / en), so the page remembers your choice on return
  • tb_editorial — your selected layout (Editorial On/Off toggle), persisted across visits

These keys are scoped to your browser and never sent to any server. You can clear them at any time via your browser's site-data settings.

05Third parties

The site relies on the following infrastructure and data providers. Each handles a narrow function and has its own privacy policy:

  • Cloudflare Pages — static hosting and serverless functions; provides edge logs and DDoS protection. Cloudflare privacy policy
  • Etherscan / BscScan / Tronscan APIs — public on-chain data lookup for the queried address
  • OFAC SDN list (US Treasury) — public sanctions data, used to flag addresses
  • CoinGecko — public price feed for USD-equivalent calculations
  • Google Fonts / jsDelivr CDN — font and icon hosting; subject to their own privacy terms

06Regulatory basis (Australia)

For users in Australia, the site is operated with reference to the Privacy Act 1988 (Cth) and the 13 Australian Privacy Principles (APPs). On-chain wallet addresses queried via the tool are publicly available data and do not, in isolation, constitute "personal information" under APP 1.

If you bind a customer's identity to a queried wallet address as part of your internal AML/CTF program, that binding is your obligation under APP 11 (security of personal information) — TraceByte does not touch that binding. For users in the EU/UK, comparable handling applies under GDPR Article 6(1)(f) (legitimate interest in abuse prevention for the limited Cloudflare logs).

07Your rights

Because we do not maintain a user database tied to queries, most data-subject rights (access, correction, deletion) are automatically satisfied — there is no profile to correct or delete. For any of the following you can email marshall.vip@gmail.com:

  • Request deletion of any email correspondence sent through the Advisory channel
  • Lodge a privacy concern or complaint about how data was handled
  • Request a copy of any data we have on file relating to a paid advisory engagement

Australian users may also escalate complaints to the Office of the Australian Information Commissioner (OAIC).

08Changes to this policy

Material changes will be reflected in the "Last updated" date at the top of this page and noted on the homepage. The Git history of this file (when published) is publicly auditable.