Privacy Policy
https://sunbleach.com
Operated by Visor LLC
Effective Date: March 1, 2026
Last Updated: March 1, 2026
1. Introduction
This Privacy Policy describes how Visor LLC, a Virginia limited liability company ("Visor," "we," "us," or "our"), collects, uses, stores, discloses, and protects information in connection with the website located at https://sunbleach.com and all related services, tools, data displays, reports, and application programming interfaces (collectively, the "Platform").
This Privacy Policy is incorporated by reference into our Terms of Service (available at https://sunbleach.com/terms). By accessing or using the Platform, you acknowledge that you have read, understood, and agree to the practices described in this Privacy Policy. If you do not agree, you must not access or use the Platform.
We may update this Privacy Policy from time to time. Changes take effect upon posting to the Platform. We encourage you to review this Privacy Policy periodically. Your continued use of the Platform following any update constitutes acceptance of the revised Privacy Policy.
Data roles. With respect to personal information you submit through the Platform (account credentials, monitoring scope configurations, analyst notes, stakeholder contacts), Visor acts as a data controller—we determine the purposes and means of processing. With respect to publicly available blockchain transaction data, the Platform performs structural analysis of public records and does not process personal data in the controller/processor sense, except as may be required by applicable law regarding pseudonymous identifiers.
2. Information We Collect
We collect different categories of information depending on how you interact with the Platform. The following table summarizes each category, its source, and representative examples.
| Category | Source | Examples |
|---|---|---|
| Blockchain Data | Public distributed ledgers and public APIs | Wallet addresses, transaction hashes, block timestamps, smart contract interactions, token transfer amounts, gas parameters. All derived from publicly available on-chain records. |
| Platform Usage Data | Automatic collection during Platform use | IP address, browser type, operating system, device identifiers, pages viewed, features accessed, timestamps of access, referral URLs, session duration. |
| Cookies and Similar Technologies | Browser cookies and web analytics tools | Session identifiers, preference cookies, analytics cookies (see Section 7). |
| Authenticated User Data | User-submitted via Platform features | Email address, name, organizational affiliation, and role (submitted during account creation or team access grants). |
| Monitoring Scope Data | User-submitted via Platform features | Seed wallet addresses, seed contract addresses, scope parameters, engagement names, objective selections, priority settings, sensitivity configurations. |
| Analyst Operational Data | User-submitted via Platform features | Analyst notes, stakeholder names and contact information, engagement status changes, timeline annotations, report generation requests. |
| Public Reference Data | Public registries, government publications, and community-maintained databases | Smart contract protocol names (e.g., Uniswap V2 Router), known exchange deposit/withdrawal addresses, OFAC Specially Designated Nationals (SDN) list entries, and other publicly available entity labels and regulatory designations. |
| API Usage Data | Automatic collection during API use | API keys, request endpoints, request timestamps, request volumes, rate limit usage, IP addresses of API callers. |
| Communications Data | Direct communications with Visor | Email address, message content, and any attachments sent to support@sunbleach.com or other Visor contact channels. |
2.1 Information We Do Not Collect
The Platform does not collect or process the following:
- Off-chain personally identifiable information for its analytical functions. The Platform's coordination analysis operates exclusively on publicly available blockchain data.
- Financial account numbers, bank account details, credit card numbers, or payment credentials. (If paid services are introduced, payment processing will be handled by a third-party processor and governed by that processor's privacy policy.)
- Social Security numbers, government-issued identification numbers, or biometric data.
- Information from minors. The Platform is not intended for use by individuals under 18 years of age. We do not knowingly collect information from minors.
2.2 Third-Party Information Submitted by Users
Certain Platform features (including stakeholder management, engagement workflows, and access grants) allow you to submit personal information about third parties, such as names, email addresses, roles, and organizational affiliations of colleagues, compliance contacts, legal counsel, external partners, or regulatory contacts. By submitting any third-party personal information to the Platform, you represent and warrant that you have obtained all necessary consents, authorizations, or legal bases required under applicable law to provide that information to Visor and to permit Visor to process it as described in this Privacy Policy. Visor relies on this representation and is not responsible for verifying that you have obtained such consents. If a third party whose information you have submitted contacts us to exercise privacy rights, we will honor their request and may notify you.
3. How We Use Information
We use the information we collect for the following purposes:
| Purpose | Categories Used | Legal Basis |
|---|---|---|
| Providing and operating the Platform, including coordination pattern analysis, pattern classification, and report generation | Blockchain Data, Monitoring Scope Data, Analyst Operational Data | Performance of contract (Terms of Service); Legitimate interest in providing the service |
| Generating analytical output, including coordination intensity scores, criticality tiers, structural role labels, and pattern archetype classifications | Blockchain Data | Legitimate interest in providing the service |
| Maintaining monitoring scopes, engagement workflows, audit trails, and operational logs | Monitoring Scope Data, Analyst Operational Data, Authenticated User Data | Performance of contract; Legitimate interest in maintaining service integrity |
| Authenticating users and managing access controls (Viewer, Analyst, Admin roles) | Authenticated User Data | Performance of contract |
| Delivering alerts and notifications (webhook, email, and Slack integrations as configured by user) | Authenticated User Data, Monitoring Scope Data | Performance of contract |
| Improving Platform performance, reliability, and security | Platform Usage Data, API Usage Data, Cookies | Legitimate interest in service improvement and security |
| Detecting and preventing unauthorized access, abuse, or violations of the Terms of Service | Platform Usage Data, API Usage Data | Legitimate interest in security and fraud prevention |
| Responding to user inquiries and support requests | Communications Data, Authenticated User Data | Performance of contract; Legitimate interest |
| Complying with applicable legal obligations | All categories as required | Legal obligation |
3.1 How We Do Not Use Information
We do not use information collected through the Platform for the following purposes:
Machine learning on identifiable User Content. We do not use individually identifiable User Content—including your specific monitoring scope configurations, analyst notes, stakeholder contact information, or engagement operational data—to train, fine-tune, or improve machine learning or artificial intelligence models in a manner that would expose or incorporate your individual data. However, we may use anonymized, aggregated, and de-identified data derived from Platform operations—including aggregate pattern classification outcomes, coordination physics telemetry, and de-identified disruption effectiveness metrics—to improve the Platform's analytical models, detection accuracy, and pattern classification systems. Such aggregated data cannot reasonably be used to identify any individual user, organization, or specific monitoring scope. This commitment is also stated in Section 3.6 of our Terms of Service.
Advertising or profiling. We do not sell, rent, or share personal information with advertisers. We do not build behavioral profiles of users for advertising purposes. We do not serve targeted advertisements on the Platform.
Proprietary identity attribution. We do not use our coordination analysis to identify, name, or attribute wallet addresses to specific real-world individuals or organizations. Blockchain data is analyzed at the structural and statistical level. We do not cross-reference blockchain data with proprietary or non-public identity databases. This commitment does not apply to the display of Public Reference Data (see Section 4.4), which includes publicly available protocol labels, known service provider identifiers, and regulatory designations sourced from official government publications.
4. Blockchain Data and Pseudonymous Identifiers
4.1 Nature of Blockchain Data
The Platform analyzes publicly available blockchain transaction records. Wallet addresses are pseudonymous identifiers recorded on public distributed ledgers. We do not treat wallet addresses as personal data in the ordinary course of our operations, except as may be required by applicable law (including, where applicable, the General Data Protection Regulation, which may classify pseudonymous identifiers as personal data in certain contexts).
4.2 No Proprietary Identity Linkage
The Platform does not use its own coordination analysis to link wallet addresses to real-world identities. Where the Platform groups wallet addresses into clusters, such grouping reflects observed structural coordination in on-chain data and does not represent a determination that the addresses are controlled by the same individual or entity. The Platform does not maintain a proprietary database that maps wallet addresses to personally identifiable information.
4.3 Public Data
All blockchain data analyzed by the Platform is publicly available on the relevant distributed ledger. The Platform does not access private or permissioned blockchain data, off-chain databases, or data behind authentication barriers for its analytical functions.
4.4 Public Reference Data Enrichment
To improve the legibility and analytical utility of its displays, the Platform may enrich on-chain data with labels, designations, and metadata drawn from publicly available reference sources. This enrichment is distinct from the Platform's own coordination analysis and does not constitute proprietary identity attribution by Visor. Public Reference Data includes the following categories:
Protocol and contract labels. Smart contracts may be labeled with their publicly known protocol names (e.g., "Uniswap V2 Router," "SushiSwap MasterChef," "Aave V3 Pool"). These labels are sourced from verified contract registries, protocol documentation, and community-maintained databases. They identify software deployments, not individuals.
Known service provider addresses. Wallet addresses publicly associated with centralized exchanges, custodians, bridges, and other virtual asset service providers (VASPs) may be labeled with the service provider's name (e.g., "Binance Hot Wallet," "Coinbase Deposit"). These labels reflect widely published and industry-recognized address attributions that are available on public block explorers and in standard compliance tooling.
Regulatory designations. Wallet addresses that appear on published government sanctions lists—including the U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) Specially Designated Nationals (SDN) list—may be displayed with the applicable regulatory designation (e.g., "OFAC Designated"). These designations reflect published regulatory actions by government authorities and are displayed as factual references to those official publications. The display of an OFAC or other regulatory designation does not constitute an independent determination by Visor that the address is controlled by a sanctioned person or entity.
Incident and exploit labels. Addresses publicly documented in connection with specific on-chain security incidents (e.g., "Euler Finance Exploit — March 2023") may be labeled with the incident name and date. These labels reference publicly reported events and do not constitute an independent allegation by Visor.
Public Reference Data sources are selected for reliability and are periodically reviewed for accuracy. However, Visor does not guarantee the accuracy, completeness, or timeliness of any Public Reference Data label. Users should independently verify reference data labels before relying on them for compliance, enforcement, or any other purpose.
4.5 Automated Analytical Methods
The Platform uses automated computational methods—including spectral graph analysis, statistical classification, and machine learning—to produce pattern classifications, coordination intensity scores, criticality tiers, structural role labels, pattern archetype descriptions, and other analytical output. These automated methods operate on publicly available blockchain data and produce structural characterizations of on-chain activity patterns.
No legal or similarly significant effects. The Platform's automated analytical output describes statistical and topological properties of on-chain coordination. It does not produce legal effects, deny or grant access to services, determine eligibility for credit, employment, housing, insurance, or education, or produce other decisions with legal or similarly significant effects on any individual. The Platform does not make automated decisions about individuals; it classifies patterns in pseudonymous on-chain data.
Human review. All automated analytical output is subject to the disclaimers in our Terms of Service (Section 3) and is intended for review and interpretation by qualified professionals. The Platform does not take autonomous action (such as freezing assets or filing reports) based on its automated classifications. Any action taken in response to the Platform's output is initiated by a human user exercising independent professional judgment.
Opt-out. If you believe that the Platform's automated analytical methods produce outputs that affect you in a legally significant manner, you may contact support@sunbleach.com to request review, explanation, or exclusion of specific wallet addresses from the Platform's public display. We will review such requests in good faith and respond within thirty (30) days.
5. How We Share Information
We do not sell personal information. We may share information in the following limited circumstances:
5.1 Service Providers
We may share information with third-party service providers who perform services on our behalf, including cloud hosting, web analytics, email delivery, and infrastructure monitoring. These providers are contractually obligated to use information only for the purposes of providing services to Visor and are subject to confidentiality obligations. A list of current sub-processors is available upon request by contacting support@sunbleach.com.
5.2 Legal Requirements
We may disclose information if required to do so by law, regulation, legal process, or governmental request, including to comply with a subpoena, court order, or other legal obligation. We may also disclose information if we believe in good faith that disclosure is necessary to protect the rights, property, or safety of Visor, our users, or the public.
5.3 Business Transfers
In the event of a merger, acquisition, reorganization, asset sale, or similar transaction involving Visor LLC, information collected through the Platform may be transferred to the acquiring entity. We will provide notice of any such transfer and any resulting changes to this Privacy Policy.
5.4 With Your Consent
We may share information with third parties when you have given us explicit consent to do so.
5.5 Aggregated and De-Identified Data
We may share aggregated, anonymized, or de-identified data that cannot reasonably be used to identify any individual. This includes aggregate Platform usage statistics, coordination pattern trend data, and general analytical metrics. Such data is not subject to the restrictions of this Privacy Policy.
6. Data Retention
6.1 Retention Periods
We retain information for as long as necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law. The following table summarizes our standard retention periods.
| Data Category | Retention Period | Rationale |
|---|---|---|
| Blockchain Data (analytical cache) | Duration of pattern relevance; purged when no longer needed for active analysis | Derived from public data; retained for analytical continuity |
| Public Reference Data | Continuously refreshed; stale labels removed within 30 days of source update | Must reflect current state of public registries and regulatory lists |
| Authenticated User Data | Duration of account plus 90 days after account closure or deletion request | Operational necessity; post-closure buffer for audit and legal compliance |
| Monitoring Scope Data | Duration of engagement plus 90 days after closure or deletion request | Required for audit trail integrity and report reproducibility |
| Analyst Operational Data | Duration of engagement plus 90 days after closure or deletion request | Required for audit trail integrity |
| Platform Usage Data | 12 months from collection | Security and service improvement |
| API Usage Data | 12 months from collection | Rate limit enforcement, security, and abuse prevention |
| Communications Data | 24 months from last communication | Support continuity and legal compliance |
| Cookies | See Section 7 | Varies by cookie type |
6.2 Deletion Requests
You may request deletion of your information by contacting support@sunbleach.com. Upon receipt of a verified deletion request, Visor will delete or de-identify the requested information within thirty (30) days, except where retention is required by applicable law or necessary to maintain the integrity of immutable audit records. Where an audit trail contains references to your information that cannot be deleted without compromising the trail's integrity, we will de-identify the relevant entries rather than delete them.
6.3 Audit Trail Preservation
The Platform maintains immutable audit trails for monitoring scopes and engagements, including records of status changes, regime transitions, campaign linkages, and report generation events. These audit trails serve a compliance and forensic integrity function and may be retained beyond standard retention periods where necessary to preserve analytical provenance. Personally identifiable elements within audit trails (e.g., analyst names, stakeholder contacts) will be de-identified upon deletion request, but the structural audit record will be preserved.
7. Cookies and Tracking Technologies
7.1 Types of Cookies
The Platform uses the following categories of cookies:
| Cookie Type | Purpose | Duration |
|---|---|---|
| Strictly Necessary | Required for Platform operation, including session management and authentication | Session or up to 24 hours |
| Functional | Remember user preferences such as display settings and scope configurations | Up to 12 months |
| Analytics | Measure Platform usage patterns, feature adoption, and performance metrics to improve the service | Up to 12 months |
7.2 No Advertising Cookies
The Platform does not use advertising cookies, retargeting pixels, or cross-site tracking technologies. We do not share cookie data with advertising networks.
7.3 Managing Cookies
You can control or delete cookies through your browser settings. Disabling strictly necessary cookies may impair Platform functionality, including authentication and session management. Disabling analytics cookies will not affect your ability to use the Platform.
8. Data Security
We implement reasonable administrative, technical, and physical safeguards designed to protect information against unauthorized access, alteration, disclosure, or destruction. These measures include:
- Encryption of data in transit using TLS/SSL.
- Encryption of sensitive data at rest.
- Role-based access controls for authenticated Platform features.
- Regular security assessments and monitoring of Platform infrastructure.
- Access logging and audit trails for administrative operations.
No method of electronic transmission or storage is completely secure. While we strive to use commercially reasonable means to protect your information, we cannot guarantee absolute security. You are responsible for maintaining the confidentiality of your account credentials and for any activity under your account.
8.1 Breach Notification
In the event of a data breach involving your personal information, Visor will make reasonable efforts to notify affected users without undue delay and in accordance with applicable law. Notification may be provided via the email address associated with your account, through a prominent notice on the Platform, or by other reasonable means. Notification will include, to the extent known, the nature of the breach, the categories of information affected, and the steps Visor is taking in response.
9. Your Rights
Depending on your jurisdiction, you may have the following rights with respect to your personal information. To exercise any of these rights, contact support@sunbleach.com.
| Right | Description |
|---|---|
| Access | Request a copy of the personal information we hold about you. |
| Correction | Request correction of inaccurate or incomplete personal information. |
| Deletion | Request deletion of your personal information, subject to legal retention obligations and audit trail integrity (see Section 6.2). |
| Data Portability | Request a machine-readable copy of your personal information where technically feasible. |
| Restriction of Processing | Request that we limit the processing of your personal information in certain circumstances. |
| Objection | Object to our processing of your personal information based on legitimate interests. |
| Withdrawal of Consent | Where processing is based on your consent, withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing conducted prior to withdrawal. |
9.1 Verification
We may need to verify your identity before processing a rights request. Verification methods may include confirming your email address, account credentials, or other information sufficient to confirm that you are the individual whose data is the subject of the request.
9.2 Response Timeline
We will respond to verified rights requests within thirty (30) days of receipt. If we require additional time due to the complexity or volume of requests, we will notify you of the extension and the reason within the initial 30-day period. Extensions will not exceed an additional sixty (60) days.
9.3 Non-Discrimination
We will not discriminate against you for exercising any of your privacy rights. Exercising your rights will not result in denial of service, degraded service quality, or any other adverse treatment.
10. U.S. State Privacy Rights
10.1 California (CCPA/CPRA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act, as amended by the California Privacy Rights Act (collectively, "CCPA"). These include the right to know what personal information we collect and how we use it, the right to delete personal information, and the right to opt out of the sale or sharing of personal information. We do not sell or share personal information as defined by the CCPA. To exercise your California rights, contact support@sunbleach.com.
10.2 Virginia (VCDPA)
If you are a Virginia resident, you have rights under the Virginia Consumer Data Protection Act ("VCDPA"), including the right to access, correct, delete, and obtain a portable copy of your personal data, and the right to opt out of the processing of personal data for targeted advertising, sale, or profiling in furtherance of decisions that produce legal or similarly significant effects. We do not process personal data for targeted advertising or sale. To exercise your Virginia rights, contact support@sunbleach.com. If we decline your request, you may appeal by contacting us at the same address, and we will respond to your appeal within sixty (60) days.
10.3 Other U.S. States
Residents of other U.S. states with applicable consumer privacy laws (including Colorado, Connecticut, Utah, Texas, Oregon, Montana, and others as enacted) may have similar rights. We will honor verified rights requests consistent with applicable state law. Contact support@sunbleach.com to exercise your rights.
11. International Users
The Platform is operated from the United States. If you access the Platform from outside the United States, you understand and agree that your information may be transferred to, stored in, and processed in the United States, where data protection laws may differ from those in your jurisdiction. By using the Platform, you consent to such transfer.
If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, we process personal data on the legal bases identified in Section 3 (performance of contract, legitimate interest, or legal obligation). If you believe our processing of your personal data infringes applicable data protection law, you have the right to lodge a complaint with your local supervisory authority.
12. Children's Privacy
The Platform is not directed to, and we do not knowingly collect personal information from, individuals under 18 years of age. If we become aware that we have collected personal information from a minor, we will take steps to delete such information promptly. If you believe we have inadvertently collected information from a minor, please contact support@sunbleach.com.
13. Third-Party Links and Services
The Platform may contain links to third-party websites, blockchain explorers, or external services. This Privacy Policy applies only to the Platform. We do not control and are not responsible for the privacy practices of third-party sites. We encourage you to review the privacy policies of any third-party site you visit.
14. Do Not Track Signals
The Platform does not currently respond to "Do Not Track" (DNT) browser signals. There is no industry-wide standard for DNT compliance. If a standard is adopted in the future, we will update this Privacy Policy to describe our response.
15. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, the Platform's features, or applicable law. When we make material changes, we will update the "Last Updated" date at the top of this page and, where practicable, provide notice through the Platform. Your continued use of the Platform after any change constitutes acceptance of the revised Privacy Policy.
16. Contact Information
For questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact:
Visor LLC
Email: support@sunbleach.com
If you are not satisfied with our response to a privacy concern, you may contact your local data protection authority.
End of Privacy Policy