TH TokenHub
Book a call
DRAFT — this document requires review by qualified counsel before it becomes binding. The legal entity, jurisdiction, and contact details still need to be confirmed.
Last updated: 2026-04-24

Privacy Policy

How TokenHub collects, uses, stores and protects your personal data — in line with the EU GDPR and Ukrainian data-protection law.

1. Introduction

This Privacy Policy explains how TokenHub ("we", "us", "our") collects, uses, stores, shares and protects personal data when you use the website tokenhub.com.ua (the "Site"), contact us, subscribe to our analytics or engage us as a Client. We comply with the General Data Protection Regulation (Regulation (EU) 2016/679, "GDPR") and the Law of Ukraine "On the Protection of Personal Data". If there is any conflict between the two regimes, we apply the higher standard of protection.

2. Data Controller

TokenHub is the controller of your personal data. You may contact us at privacy@tokenhub.com.ua for any matter relating to the processing of your personal data. If you are in the European Economic Area and wish to contact a data-protection representative, please use the same address and mark your message "Attn: DPO".

3. Data We Collect

3.1 Information you provide to us

  • Contact and identification details — name, email address, Telegram handle, phone number.
  • Project information — details you submit about your token, company or idea.
  • Billing details — invoicing information, wallet addresses used for payment, company registration details.
  • Correspondence — the content of messages you send us by email, Telegram, or through forms on the Site.
  • KYC/AML information (RWA and enterprise engagements only) — identity documents, proof of address, beneficial-ownership declarations.

3.2 Information collected automatically

  • Device and log data — IP address, user-agent string, referring URL, pages visited, timestamps.
  • Cookies and similar technologies — see Section 7.

3.3 Information from third parties

We may receive information about you from third-party data providers (for example, sanctions-screening vendors or KYC providers) strictly for the purpose of compliance.

4. Legal Bases for Processing

Under GDPR, we rely on the following legal bases:

  • Contract (Art. 6(1)(b)) — to provide the Services you have requested.
  • Legitimate interests (Art. 6(1)(f)) — to secure the Site, prevent fraud, improve our Services, and market our Services to existing Clients.
  • Consent (Art. 6(1)(a)) — for marketing to new prospects, non-essential cookies and analytics.
  • Legal obligation (Art. 6(1)(c)) — for AML/CTF compliance, tax record-keeping and other statutory duties.

Where we rely on consent, you can withdraw it at any time without affecting the lawfulness of prior processing.

5. Purposes of Processing

  • to respond to your inquiries and provide the Services;
  • to operate, secure and improve the Site;
  • to send you service messages (onboarding, billing, status updates);
  • to send you marketing communications you have opted in to (e.g., the analytics waitlist);
  • to comply with legal, regulatory and tax obligations;
  • to establish, exercise and defend legal claims.

6. Wallet Addresses and On-Chain Data

Our Services process publicly available blockchain data, including wallet addresses, balances and transaction history. Although such data is pseudonymous, European regulators and courts have held that, under certain circumstances, wallet addresses may qualify as personal data under the GDPR. We treat wallet addresses you share with us as personal data and apply the same protections as to other categories.

We do not publish, sell or share wallet addresses you provide to us. Analytics produced for you are delivered privately and not made public without your consent.

7. Cookies and Similar Technologies

The Site uses strictly necessary cookies for navigation and security. We do not use advertising cookies and we do not sell your data to advertisers. Where we add analytics cookies in the future (for example, self-hosted Plausible), we will update this Policy and, where required, request your consent.

You can disable cookies in your browser settings. Disabling strictly necessary cookies may affect the functionality of the Site.

8. Sharing with Third Parties

We share personal data only with:

  • Service providers that operate our infrastructure (hosting, email, messaging), under written data-processing agreements;
  • Professional advisors (lawyers, accountants, auditors) bound by professional duties of confidentiality;
  • Regulators and law-enforcement authorities, where required by law or a valid legal process;
  • Successors in interest in the event of a merger, acquisition or asset sale, subject to appropriate confidentiality protections.

We do not sell personal data.

9. International Transfers

We are based in Ukraine and may transfer personal data to service providers located in the European Economic Area, the United Kingdom, the United States and other jurisdictions. Where personal data leaves the European Economic Area or Ukraine, we rely on adequacy decisions, Standard Contractual Clauses and supplementary measures as required by applicable law.

10. Data Retention

We keep personal data only for as long as necessary for the purposes described in this Policy. Typical retention periods are:

  • contact-form submissions — 24 months from the last communication;
  • Client engagement records — seven (7) years from the end of the engagement (for tax and AML reasons);
  • marketing opt-in records — until you unsubscribe and for up to 12 months thereafter for audit purposes;
  • server and security logs — 180 days.

11. Your Rights

Subject to conditions set by applicable law, you have the right to:

  • access the personal data we hold about you;
  • request rectification of inaccurate or incomplete data;
  • request erasure of your data ("right to be forgotten");
  • restrict or object to certain processing;
  • request portability of data you have provided to us;
  • withdraw consent where processing is based on consent;
  • lodge a complaint with a supervisory authority.

In Ukraine the competent authority is the Ukrainian Parliament Commissioner for Human Rights (Ombudsman). In the European Economic Area it is the supervisory authority of your country of residence. We ordinarily respond to requests within one month.

12. Security

We apply technical and organizational measures appropriate to the risk, including HTTPS encryption in transit, access controls, logging, and regular security patching of our infrastructure. No system is completely secure; we cannot guarantee that our measures will never be defeated. Please notify us immediately at security@tokenhub.com.ua if you suspect unauthorized access to your account or the Site.

13. Children

The Services are not directed to children under 18, and we do not knowingly collect personal data from them. If you believe we have collected such data, contact us and we will promptly delete it.

14. Changes to this Policy

We may update this Policy from time to time. Material changes will be notified through the Site or by email. The version in force is always marked with the "Last updated" date above.

15. Contact

Data-protection inquiries: privacy@tokenhub.com.ua.

Security incidents: security@tokenhub.com.ua.