Last updated: May 17, 2026
This Privacy Policy explains how Decentralized Intelligence AG handles personal data in connection with RiskRay, including the website, sample-report requests, and business compliance workflows.
Decentralized Intelligence AG, Switzerland, operates RiskRay and is the controller for website, sales, account, and operational data we collect directly. For customer evidence uploaded into RiskRay by an organization, that organization is generally the controller and Decentralized Intelligence AG acts as a processor or service provider under the applicable agreement.
We may process contact details, corporate email addresses, telephone numbers, account and authentication data, organization details, usage logs, device and browser data, support communications, billing or commercial records, and sample-report requests. Customers may also upload KYB/KYC materials, wallet addresses, transaction evidence, notes, customer explanations, relationship data, and other compliance evidence.
RiskRay is designed for business compliance workflows, but customer evidence may contain personal data or sensitive information. Do not upload special-category, criminal-offence, financial, sanctions, biometric, government-ID, or other regulated data unless your organization has confirmed that the upload is lawful, necessary, proportionate, and covered by appropriate safeguards.
We process data to provide and secure RiskRay, generate evidence reports, respond to sample-report and sales requests, authenticate users, operate support, maintain auditability, detect abuse, comply with law, improve reliability and product quality, and communicate with business contacts.
Where the GDPR applies, we rely on performance of a contract, steps prior to entering into a contract, legitimate interests in operating and securing a B2B service, compliance with legal obligations, and consent where required. You may withdraw consent at any time where processing is based on consent.
RiskRay may use automated systems to classify, summarize, intersect, and explain evidence. RiskRay does not make final onboarding or compliance decisions. Unless separately agreed, we do not use identifiable customer evidence to train public foundation models. We may use aggregated, de-identified, or telemetry-derived data to maintain, secure, and improve the service.
We may share data with hosting providers, infrastructure vendors, analytics and security tools, professional advisers, payment or commercial operations providers, corporate transaction counterparties, authorities where legally required, and other processors or sub-processors used to operate RiskRay. We do not sell personal data.
We may process data in Switzerland, the EEA, the United Kingdom, the United States, and other locations where we or our providers operate. Where required, we use appropriate transfer safeguards such as adequacy decisions, standard contractual clauses, contractual protections, and security measures.
We retain data only as long as reasonably necessary for the purposes described in this policy, including service operation, contractual records, security, audit, dispute, and legal obligations. Customer evidence is retained according to the relevant customer agreement, product settings, or lawful deletion request.
We use administrative, technical, and organizational measures intended to protect data, including access controls and operational security practices. No system is perfectly secure. Customers are responsible for user permissions, endpoint security, lawful uploads, and internal review controls.
Depending on your location and the applicable law, you may have rights to access, correct, delete, restrict, object to processing, receive a copy of data, request portability, withdraw consent, or lodge a complaint with a data protection authority, including the Swiss FDPIC where applicable. Some requests may need to be directed to the customer organization that controls the relevant evidence.
We may use cookies, local storage, and similar technologies to operate the website, remember preferences, protect sessions, understand usage, and improve RiskRay. Where required, we request consent for non-essential technologies.
RiskRay is not intended for children or personal consumer use. Do not submit data about minors unless your organization has confirmed a lawful basis and appropriate safeguards.
We may update this Privacy Policy from time to time. Material changes will be posted on this page or otherwise communicated where appropriate.
Privacy contact: contact@d23e.ch