ChinaCheckChinaCheck

Privacy Policy

Effective Date: 1 January 2026

Galaxy Digital Technology Limited (“Company”, “we”, “us”, or “our”), a company incorporated in Hong Kong SAR, operates the ChinaCheck platform at www.china-check.com (the “Platform”). This Privacy Policy explains how we collect, use, store, and protect your personal data when you use the Platform.

1. Information We Collect

1.1 Information You Provide

  • Account Information: When you register, we collect your email address and a password (stored in hashed form). We do not collect your real name, phone number, or physical address at registration.
  • Order Information: When you purchase a Report, we record the company searched, report type, language preference, and order number.
  • Communications: If you contact us by email, we retain the correspondence and any information you voluntarily provide.

1.2 Information Collected Automatically

  • Usage Data: We may collect your IP address, browser type, operating system, referring URL, pages visited, and timestamps. This data is used for security, analytics, and service improvement.
  • Cookies: We use a session cookie (cc_session) to maintain your authenticated session. This is an essential, first-party, HttpOnly cookie and does not track you across other websites. We do not use advertising or third-party tracking cookies.

1.3 Payment Information

Payments are processed by Stripe, Inc. We do not receive or store your full credit card number, CVV, or other sensitive payment details on our servers. Stripe’s collection and use of your payment data is governed by Stripe’s Privacy Policy.

2. How We Use Your Information

We use your personal data for the following purposes:

  • Service Delivery: To create and manage your account, process orders, generate Reports, and deliver them to you by email.
  • Authentication & Security: To verify your identity, prevent fraud, and protect the Platform from abuse.
  • Communication: To send order confirmations, report delivery emails, email verification codes, and respond to your enquiries.
  • Service Improvement: To analyse aggregated, anonymised usage patterns to improve the Platform’s functionality and user experience.
  • Legal Compliance: To comply with applicable laws, regulations, or legal processes.

3. Legal Basis for Processing

We process your personal data on the following legal grounds:

  • Contractual Necessity: Processing required to perform our contract with you (e.g., account management, report delivery).
  • Legitimate Interest: Processing for security, fraud prevention, and service improvement, where our interests do not override your rights.
  • Legal Obligation: Processing required to comply with applicable legal requirements.
  • Consent: Where you have provided explicit consent (e.g., optional marketing communications, if offered in the future).

4. Data Sharing

We do not sell your personal data. We may share your information only with:

  • Payment Processor (Stripe): To process your payments securely.
  • Email Service Provider (Resend): To deliver transactional emails (verification codes, order confirmations, report delivery). Only your email address is shared for this purpose.
  • Translation Services (DeepL, Google Translate): Company data (not your personal data) is sent to translation APIs to generate multilingual reports.
  • Hosting Provider (Vercel): The Platform is hosted on Vercel’s infrastructure. Server logs may contain IP addresses and request metadata.
  • Database Provider (Supabase): Your account and order data is stored in a Supabase-hosted PostgreSQL database with row-level security policies.
  • Legal Requirements: We may disclose information if required by law, court order, or governmental regulation, or if necessary to protect our legal rights or the safety of others.

5. Data Retention

  • Account Data: Retained for as long as your account is active. If you request account deletion, we will delete or anonymise your data within 30 days, except where retention is required by law.
  • Order & Report Data: Retained for a period of 3 years from the date of purchase for audit, legal compliance, and customer support purposes.
  • Server Logs: Automatically purged after 90 days.

6. Data Security

We implement appropriate technical and organisational measures to protect your personal data, including:

  • Passwords are hashed using bcrypt before storage.
  • Session tokens are stored in HttpOnly, Secure cookies to prevent XSS attacks.
  • Email verification codes are SHA-256 hashed with a 10-minute expiry.
  • Database access is secured with row-level security (RLS) policies.
  • All data in transit is encrypted via HTTPS/TLS.

While we take reasonable steps to protect your data, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security.

7. International Data Transfers

Your data may be processed and stored in servers located outside your country of residence, including the United States (Vercel, Stripe, Supabase) and the European Union (DeepL). Where your data is transferred to a jurisdiction that does not provide an equivalent level of data protection, we rely on the data protection measures implemented by our service providers, including standard contractual clauses where applicable.

8. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you.
  • Rectification: Request correction of inaccurate or incomplete data.
  • Erasure: Request deletion of your personal data, subject to legal retention requirements.
  • Restriction: Request that we limit the processing of your data in certain circumstances.
  • Portability: Request a copy of your data in a structured, commonly used format.
  • Objection: Object to processing based on legitimate interest.

To exercise any of these rights, please contact us at support@china-check.com. We will respond to your request within 30 days.

9. Children’s Privacy

The Platform is not intended for use by individuals under 18 years of age. We do not knowingly collect personal data from minors. If we learn that we have collected data from a child under 18, we will delete it promptly.

10. Third-Party Links

The Platform may contain links to third-party websites or services. We are not responsible for the privacy practices of those third parties. We encourage you to read their privacy policies before providing any personal data.

11. Changes to This Policy

We may update this Privacy Policy from time to time. The revised version will be posted on this page with an updated effective date. For material changes, we will make reasonable efforts to notify registered Users by email. Continued use of the Platform after changes constitutes acceptance of the revised Privacy Policy.

12. Governing Law

This Privacy Policy shall be governed by and construed in accordance with the laws of the Hong Kong Special Administrative Region, including the Personal Data (Privacy) Ordinance (Cap. 486).

13. Contact

If you have any questions or concerns about this Privacy Policy or our data practices, please contact:
Galaxy Digital Technology Limited
Email: support@china-check.com

ChinaCheck - Chinese Company Due Diligence Reports