NFT-Compass Logo
NFT-Compass Logo. Shield with compass on it
Legal
Available Tools

Imprint, ToS, Disclaimer, GDPR

Imprint, ToS, Disclaimer. Please read carefully.

Disclaimer:

The Report is a snapshot at the Time the Audit is executed.

The Report covers not future progress nor developments in the past.

The analysis Report and information provided from the automation by NFT-Compass and Dezentrale Ltd. are intended for informational purposes only and do not constitute financial advice, investment advice, or any form of recommendation to buy or sell any securities or assets. 

Users should conduct their own research and consult a professional financial advisor before making any investment decisions.  The service does not guarantee the accuracy, completeness, or reliability of any information provided. 

Use this Audit at your own risk.

Imprint:

The Web3 Analyzer, is provided by NFT-Compass, a branch of Dezentrale Ltd.

Archiepiskopou Makaraiou III 59

Mouyias Tower Floor 3, Office 301

6017 Larnaca/ Cyprus

Mail: d.mueller@nftcompass.io

Mobile: +357 974 39 649

Company Reg Number: HE 450418

Tax ID: 60038544E

Registration
Certificate of Incorporation Dezentrale Ltd. Imprint, ToS, Disclaimer
Certification on Business Address Imprint, ToS, Disclaimer

Terms of Service

These Terms of Service (“Terms”) govern the setup and delivery of the white-label automation service (“Service”) provided by Dezentrale Ltd. (“Provider”) to the undersigned customer (“Customer”).

Provider Details: Dezentrale Ltd.
Archiepiskopou Makaraiou III 59, Mouyias Tower, 3rd Floor, Office 301, 6017 Larnaca, Cyprus
Jurisdiction: Cyprus

Scope of Service

  1. Initial Consultation:
    • Provider offers one (1) free Zoom call to discuss Customer’s needs and outline the setup process.
  2. Subscription and Setup:
    • Upon receiving 50% of the agreed fee (€____________, exclusive of VAT), a second call will be scheduled to initiate subscriptions to required third-party applications, including but not limited to Apify, pdf.co, and Google Workbench. Additional applications may be included as necessary.
    • Customer shall grant Provider temporary access to necessary subscriptions and accounts solely for the purpose of setup and automation configuration.
  3. Automation Setup and Delivery:
    • Provider will complete the automation setup within ten (10) working days following the second call, contingent upon timely provision of necessary account access and required information from Customer.
    • Provider will never directly access or alter Customer’s website or systems beyond automation setup.
    • Provider will provide a webhook URL necessary for triggering the automation. Implementation on Customer’s website is Customer’s responsibility.
  4. Final Review and Delivery:
    • A third Zoom call will be conducted to demonstrate the completed automation, discuss operation details, and outline possible adjustments Customer may perform independently.
    • Remaining payment of 50% (€____________, exclusive VAT) is due within two (2) days following this demonstration.
  5. Documentation and Intellectual Property:
    • Upon full payment, Provider shall deliver comprehensive written documentation/manual and a detailed video explaining the automation’s functionality.
    • All intellectual property rights related to the provided white-label automation setup transfer to Customer upon receipt of full payment.
  6. Confidentiality and Data Protection:
    • Customer credentials provided to Provider during setup are securely stored in Keeper and permanently deleted upon full payment receipt.
    • Provider complies with applicable GDPR regulations, maintaining strict confidentiality and data protection measures during and after the setup.
  7. Warranty and Liability:
    • Provider guarantees the delivered automation will function as demonstrated during the final review.
    • Provider offers no guarantees regarding continuous uptime, functionality under altered third-party application conditions, or any issues arising post-delivery. Customer acknowledges the automation runs on Customer’s own environment.
    • Provider bears no liability for issues resulting from third-party platform changes or failures.
  8. Refund Policy:
    • Should Customer express dissatisfaction upon completion, Provider agrees to remove the automation and refund the total amount received.
  9. Support and Additional Adjustments:
    • Email support is available at d.mueller@nftcompass.io with a maximum response time of 24 hours.
    • Support covers basic operational inquiries and explicitly does not include corrections or adjustments post-delivery.
    • Any additional adjustments or customizations requested post-delivery will be charged at an hourly rate of €145.00 (exclusive VAT).

Acceptance and Signatures

By signing below, Customer acknowledges and agrees to these Terms of Service.

Customer Signature

Name:
Title/Position:
Date:

Dezentrale Ltd. Representative Signature

Name:
Title/Position:
Date:

End of Imprint, ToS, Disclaimer

Home

GDPR Compliance

EU Compliance Statement – Web3 Analyzer (Self‑Hosted Version)

Last updated: 2 May 2025

1  Scope

This statement explains how a self‑hosted deployment of Web3 Analyzer—installed inside the customer’s own Make.com and Apify workspaces, using PDF.co for white‑paper parsing, OpenAI GPT models for text evaluation, and optionally storing reports in Google Workspace—complies with the EU General Data Protection Regulation (GDPR) and related data‑sovereignty expectations.

2  Why GDPR Applies

The analyzer processes publicly available content (project websites, white‑papers, social links). Names of founders or team members can be personal data, so GDPR applies, albeit with a low‑risk profile.

3  Lawful Basis

Legitimate Interest under Art. 6 (1)(f) GDPR.
Purpose – accelerate first‑pass due‑diligence and cut fraud risk.
Necessity – replaces a manual activity already performed.
Balance – data subjects publish the information themselves; impact is minimal.
→ See dedicated Legitimate‑Interest Assessment.

4  Data Flow & Residency

User Browser
   └► Make.com (EU region – controller’s account)
         ├► Apify Actor (EU store – controller’s account)
         ├► PDF.co API  (US – SCCs, ≤60 min file retention)
         ├► OpenAI GPT API  (US – SCCs, ≤30 days log retention, no training)
         └► Google Drive* (EU data region – optional report storage)

Google Drive is optional; any S3, SharePoint or on‑prem storage may be configured.

4.1  Make.com

  • EU data region enabled at organisation level.
  • Logs & transient files stay in EU data centres.
  • One‑click Data‑Processing Agreement (DPA) available in console.

4.2  Apify

  • “EU Storage” option enforced on each Actor run.
  • DPA + Standard Contractual Clauses (SCCs) downloadable from dashboard.

4.3  PDF.co

  • Processes PDFs on AWS infrastructure (us‑west‑2).
  • Files encrypted at rest (AES‑256) and auto‑deleted ≤60 min.
  • DPA + SCCs legitimise EU→US transfer.

4.4  OpenAI GPT (ChatGPT)

  • Text fragments (website & white‑paper chunks) are sent to the OpenAI API endpoint in the US.
  • OpenAI’s enterprise privacy terms:
      • No data used for model training or service improvement.
      • Retention ≤30 days for abuse monitoring, then permanent deletion.
  • Transfers rely on SCCs appended to the OpenAI DPA.
  • Mitigations:
      1. Input is strictly public data; no special‑category or KYC documents.
      2. Personal names can be masked (regex pseudonymisation) before sending, if required.
      3. Optional: use Azure OpenAI “France Central” region for full EEA residency (requires customer Azure subscription).

4.5  Google Workspace (optional report storage)

  • Enterprise tiers allow EU Data Regions for Drive.
  • Google provides GDPR‑compliant DPA + updated SCCs.

5  Security Controls (cross‑platform)

MeasureImplementation
AccessSSO/SAML + role‑based rights in Make, Apify, Google Workspace
EncryptionTLS 1.2+ in transit; AES‑256 at rest across all services
RetentionMake & Apify logs auto‑purged ≤48 h; PDF.co ≤60 min; OpenAI ≤30 days (or 0 with Azure‑EU option); report storage per customer policy
Audit TrailMake execution history, Apify log stream, Google Drive file versioning

6  Data‑Subject Rights

Unlikely to be triggered; if they are:

  1. Locate record via project URL.
  2. Delete Drive files / internal DB entry.
  3. Purge Make & Apify logs.
  4. Ensure OpenAI logs older than 30 days are auto‑expired (or request early deletion via OpenAI support).
    Deadline: 30 days (Art. 12 GDPR).

7  Customer Responsibilities

  1. Record the processing activity in the Art. 30 register.
  2. Keep LIA on file; review annually.
  3. Ensure EU data region + DPA/SCC acceptance in all third‑party consoles (Make, Apify, PDF.co, OpenAI).
  4. Provide privacy‑notice clause (e.g., “We screen publicly available Web3 materials using automated tools hosted in the EU; limited data may be processed in the US under SCCs.”).

8  Conclusion

With EU‑region settings enabled in Make & Apify, SCC‑based transfers for PDF.co and OpenAI steps, and EU‑region or on‑prem storage for reports, the self‑hosted Web3 Analyzer operates within EU data‑protection law. No special‑category data are processed, transfers are legitimised, and the customer remains full controller of the data.

Home