What is ChainAnalyzer?

ChainAnalyzer (chain-analyzer.com, by refinancier, inc.) is a multi-chain blockchain AML and security intelligence platform. It covers 9 chains (Bitcoin, Ethereum, Polygon, Arbitrum, Optimism, Base, Avalanche, Solana; BNB Smart Chain coming soon), runs 76+ detection rules, and exposes the engine through a web app, a REST API, an MCP server for AI agents, and an x402 pay-per-call API listed on Coinbase Bazaar.

Is ChainAnalyzer the same as Chainalysis?

No. ChainAnalyzer (chain-analyzer.com, by refinancier, inc.) and Chainalysis Inc. are different companies and different products. ChainAnalyzer is an independent multi-chain AML platform built and operated in Japan with native Japanese support and FISC compliance. The naming similarity is incidental.

Which blockchains does ChainAnalyzer support?

Live: Bitcoin, Ethereum, Polygon, Arbitrum, Optimism, Base, Avalanche, and Solana. BNB Smart Chain is marked Coming Soon while a viable free-tier data source is finalized. Coverage is unusual in this space because most competitors omit Bitcoin.

How does ChainAnalyzer detect wallet drainers and address-poisoning attacks?

ChainAnalyzer combines 76+ heuristic detection rules (E-series for EVM, S-series for Solana, B-series for Bitcoin) with a 3-model machine-learning ensemble (Isolation Forest + AutoEncoder + GraphSAGE) and Neo4j graph traversal. Drainer detection includes signature-spoofing, fake-token URL phishing, dust-poisoning, peel chains, sybil aggregation, and token-relay laundering.

Can I use ChainAnalyzer in an AI agent?

Yes. ChainAnalyzer exposes an MCP (Model Context Protocol) server compatible with Claude, ChatGPT, and Gemini agents, plus an x402-native pay-per-call REST API at $0.008 USDC per address risk-score (and other priced endpoints), listed on Coinbase Bazaar / agentic.market. Agents can call the API directly with x402-fetch — no API key, no account, settled in USDC on Base or Solana mainnet.

What is the difference between ChainAnalyzer and competitors like Chainalysis Reactor, TRM Labs, or RugCheck?

ChainAnalyzer occupies a different price point (subscription tiers from $4.99/mo and pay-per-call from $0.008/USDC), supports more chains than RugCheck (which is Solana-only) and Birdeye, and offers Japanese-language UI plus FISC-compliant Japan East hosting that Chainalysis and TRM do not. Compared with ChainAware it adds Bitcoin coverage and a 76+ rule detection set.

How do I integrate ChainAnalyzer into my application?

Three integration paths: (1) REST API with a tfk_ Bearer key on Pro / Enterprise plans, (2) x402 pay-per-call without any account (USDC settles per request via the Coinbase CDP facilitator), or (3) MCP server connection from Claude / ChatGPT / Gemini agents. Documentation is at chain-analyzer.com and a live x402 demo is at chain-analyzer.com/x402-demo.html.

ChainAnalyzer Privacy Policy

Last updated: April 23, 2026

Governing language. This Privacy Policy is issued in Japanese and English. In the event of any discrepancy between the two versions, the Japanese version prevails. The English translation below is provided for convenience only.

refinancier, inc. ("Company") recognizes the protection of users' personal information as a social responsibility when providing its blockchain and anti-money-laundering (AML) analysis service, ChainAnalyzer ("Service"). We comply with the Act on the Protection of Personal Information of Japan ("APPI") and other applicable laws. This Privacy Policy ("Policy") describes the information we collect, our purposes, third-party disclosures, retention periods, and user rights.

Article 1 (Operator and Data Protection Lead)

Operator: refinancier, inc.
Service: ChainAnalyzer (https://chain-analyzer.com)
Data Protection Lead: Representative Director
Contact: Contact form

Article 2 (Information We Collect)

We collect the following information to the extent necessary for the Service.

(1) Account information

Email address (upon registration)
Display name and profile information (optional)
OAuth provider identifier (if signing in via Google, Apple, etc.)
Solana wallet address (when Phantom is connected; used only for authentication and portfolio scan within the Service)

(2) Payment information

Subscription plan, payment history, invoice information (processing via Stripe)
We do not store credit card numbers or CVV directly; Stripe processes them in PCI-DSS-compliant infrastructure.

(3) Service usage data

Blockchain addresses, transaction hashes, and token contract addresses submitted for scanning
Scan results (risk scores, detection alerts, analysis reports)
Watchlists, batch scan jobs, case management data (Pro / Enterprise)
API usage records (timestamps, endpoints, response statuses, rate-limit counters)

(4) Access logs and technical information

IP address, User-Agent, access timestamps, referrer URL
Cookies (see Article 8)
Browser settings, screen resolution, language preferences

(5) Support information

Name, email address, and content provided via the contact form

Article 3 (Treatment of Blockchain Addresses)

Blockchain addresses in isolation are treated as not constituting "personal information" under APPI. Unless linked to identifying information such as real name, address, or phone number, a blockchain address is not considered to identify a specific individual.
However, if a User intentionally links their blockchain address to their personal information (for example, by stating in a support request "this address is mine", or by recording the real name of an investigation subject in case management), such linked data is treated as personal information under this Policy.
We collect and analyze information recorded on public blockchains (transfer history, balances, smart contract code, etc.), which is public information available to anyone.
When submitting a third party's blockchain address to the Service, the User is responsible for confirming that doing so does not violate any applicable law or any contract with the third party.

Article 4 (Purposes of Use)

We use collected information for the following purposes:

Providing, operating, and improving the Service
Authentication and account management
Risk analysis and report generation for blockchain addresses and transactions
Billing and payment processing
Inquiries, technical support, and notifications
Accuracy improvement of machine learning models and R&D of new features (in principle, in anonymized and aggregated form)
Detection and prevention of abuse and maintenance of Service security
Responding to laws, governmental requests, and court orders
Other purposes for which the User has provided specific consent

Article 5 (Third-Party Disclosures and External Services)

We do not disclose personal information to third parties except where required by law or with User consent. However, we entrust or transmit certain data to the following external services to operate the Service.

(1) Infrastructure and operational services

Service	Purpose	Data transmitted	Region
Microsoft Azure	Service hosting (Container Apps, Container Registry)	All service data	Japan East (Tokyo)
Azure OpenAI Service	AI analysis summary generation (GPT-5.4, o3)	Blockchain addresses, scan results, Japanese / English prompts	Japan East
Azure Communication Services	Transactional email (notifications, alerts)	Email address, message content	Japan East
Supabase	Authentication (Auth), database (PostgreSQL)	Account info, scan history, case management data	AWS ap-northeast-1 (Tokyo)
Neo4j AuraDB	Graph database (transaction relationship visualization)	Blockchain addresses, transaction relationship data	Azure Japan East
Stripe	Credit card payment processing	Email, billing info, payment tokens	United States
Google Analytics (GA4)	Usage analytics, service improvement	Anonymized usage logs, cookie IDs, partially masked IP addresses	United States
Coinbase x402 Facilitator	USDC micropayment settlement (when using x402 API)	Wallet address, payment signature, amount	United States

(2) External blockchain / OSINT APIs

For public blockchain data and fraud detection, the Service queries the following external APIs. Only on-chain information such as blockchain addresses and transaction hashes is transmitted to these; User personal information (such as email) is not transmitted.

Etherscan / PolygonScan (Etherscan V2 API) — EVM chain transaction history
Routescan — Avalanche C-Chain transaction history
Blockstream Esplora — Bitcoin transaction history
Helius DAS — Solana token metadata
Birdeye — Solana token prices and liquidity
GoPlus Security — Token security assessment
RugCheck — Solana token risk assessment
KYT (AnChain.AI, etc.) — Clustering and risk scores
CoinGecko — Cryptoasset prices
Reddit JSON API — OSINT web mention detection

(3) ScamDB API publication

We publish a portion of our known-fraud address registry (ScamDB) as a public API (/scamdb). Only blockchain addresses and the classification labels / evidence we have added are published; reporter personal information is not included.

Article 6 (International Data Transfers)

Service data is primarily processed and stored in Japan (Azure Japan East region). However, certain external services listed in Article 5 (Stripe, Google Analytics, Coinbase x402 Facilitator, and some OSINT APIs) process data in the United States or elsewhere.

For cross-border transfers of personal information, we implement one or more of the following measures pursuant to APPI Article 28:

Ongoing review of the data protection level of the destination country / provider
Standard contractual clauses (SCC) or other contractual safeguards
Confirmation of participation in international certification frameworks (APEC CBPR, etc.)

Article 7 (Retention)

Account information: retained while the account is active.
Scan history, batch jobs, and watchlist discoveries: the following retention periods apply per plan, and data older than the period is automatically deleted by a daily batch job.
- Free: 7 days
- Starter: 30 days
- Pro: 180 days
- Enterprise: unlimited (subject to any individual contract provisions)
Payment information and billing records: retained for 7 years under the Corporate Tax Act and Electronic Book Preservation Act.
Support records: retained for 3 years after resolution.
Access logs: retained for up to 1 year for abuse investigation and security maintenance.
Upon request for account deletion, we will delete account information and scan history within 30 days, except where retention is required by law (billing information, tax records, etc.).
Anonymized and aggregated data (statistics, model training data) may be retained and used beyond the retention periods above.

Article 8 (Cookies and Similar Technologies)

The Service uses cookies to maintain authentication sessions, save preferences, and improve the Service.
Main cookie categories:
- Essential cookies: Supabase authentication session cookie
- Functional cookies: language and theme preferences (stored in browser localStorage)
- Analytics cookies: Google Analytics usage measurement (_ga, etc.)
Users can disable cookies via their browser settings, but disabling the authentication session cookie will prevent staying signed in.
Users can opt out of Google Analytics via the Google Analytics Opt-out Browser Add-on.

Article 9 (Machine Learning and AI Use)

For quality improvement, we use collected data in principle in anonymized and aggregated form for training and evaluation of machine learning models (Isolation Forest, AutoEncoder, GraphSAGE, etc.).
When generating AI analysis summaries via generative AI (Azure OpenAI Service's GPT-5.4, o3, etc.), blockchain addresses, scan results, and analysis prompts are transmitted to Azure OpenAI. Under Microsoft's enterprise agreement, our transmitted data is not used to train OpenAI's models (Azure OpenAI Data Privacy policy).
Users may disable AI analysis features (available on Pro plans and above, via settings).

Article 10 (User Rights)

Under APPI, Users may exercise the following rights regarding their personal information:

Disclosure: request disclosure of personal information held by the Company.
Correction, addition, or deletion: request correction, addition, or deletion if the content is inaccurate.
Suspension of use or deletion: request suspension or deletion where information is processed beyond the scope necessary for the purposes of use.
Suspension of third-party disclosures: request suspension of third-party disclosures.
Complaints: file complaints regarding the handling of personal information.
To exercise these rights, please contact us via the contact form. We will verify that the requester is the User and respond within a reasonable period.

Article 11 (Security Measures)

We implement the following measures to prevent leakage, loss, alteration, and unauthorized access to personal information:

Organizational: designation of Data Protection Lead, internal policies, regular audits
Human: employee training and confidentiality obligations
Physical: Azure Japan East data center physical security (24/7 monitoring, biometric access, redundancy)
Technical: TLS encryption in transit, encryption at rest (Azure Storage Service Encryption, etc.), Row-Level Security (RLS) access control, API key authentication, rate limiting, Web Application Firewall

Article 12 (Minors)

The Service is not intended for users under 18 years of age. Due to the financial / compliance nature of the Service, minors should not use the Service.
Users aged 18 or over but under 20 should use the Service with the consent of a legal guardian.
If we become aware that we have inadvertently collected personal information from a person under 18, we will promptly delete it.

Article 13 (Additional Provisions for EU/EEA and UK Users)

Users residing in the EU/EEA or the United Kingdom are additionally guaranteed the following rights under the GDPR and UK GDPR:

Right to data portability
Right to restriction of processing
Right not to be subject to automated decision-making (including profiling)
Right to lodge a complaint with a supervisory authority

Legal bases: performance of a contract necessary to provide the Service (GDPR Art. 6(1)(b)), legitimate interests (Art. 6(1)(f) — fraud prevention, security), and consent (Art. 6(1)(a) — marketing, etc.).

Article 14 (Enterprise DPA)

Enterprise plan customers wishing to execute a Data Processing Agreement (DPA) should contact us via the contact form. We will provide a DPA template aligned with GDPR Art. 28 and APPI entrustment requirements on a per-case basis.

Article 15 (Incident Response)

In the unlikely event of leakage, loss, or corruption of personal information, we will promptly respond in compliance with the reporting obligation to the Personal Information Protection Commission (APPI Art. 26) and the notification obligation to affected Users. Affected Users will be notified by email or via in-Service announcement.

Article 16 (Amendments to this Policy)

We may amend this Policy due to changes in law, additions to Service features, or other reasonable causes.
For material changes (expanded purposes of use, expanded third-party disclosures, etc.), we will provide prior notice by email or in-Service announcement.
The amended Policy takes effect upon publication on the Service.

Article 17 (Contact)

Please direct questions, disclosure requests, and complaints regarding this Policy to:

refinancier, inc.
ChainAnalyzer Personal Information Desk
Website: https://chain-analyzer.com
Contact form: https://chain-analyzer.com/contact_us

Supplementary Provisions

This Policy takes effect on April 23, 2026.
In the event of any discrepancy between the Japanese version of this Policy and any other language version, the Japanese version prevails.