# Privacy Controls Specification

## Overview

Privacy controls for PII protection and data residency.

## PII Separation Strategy

### Data Segregation

**Public Data**: Blockchain data (no PII)
**Private Data**: User accounts, KYC data (PII)
**Storage**: Separate databases/partitions

### Access Control

**Public Data**: Open access
**Private Data**: Strict access control, encryption

## Tokenization/Encryption

### Identity Artifacts

**Encryption**: Encrypt sensitive identity documents
**Storage**: Encrypted at rest
**Access**: Decrypt only when needed, audit logged

### Tokenization

**Use Case**: Reference PII without exposing it
**Implementation**: Store tokens, map to PII securely

## Regional Data Residency Controls

### Data Residency

**Requirement**: Store data in specific regions per regulations
**Implementation**: Regional databases/partitions
**Routing**: Route user data to appropriate region

### Compliance

- GDPR (EU)
- CCPA (California)
- Others as needed

## Data Retention Policies

### Retention Periods

**User Data**: Per regulatory requirements
**Transaction Data**: Per regulatory requirements
**Logs**: Per security requirements

### Deletion

**Right to Deletion**: Support user data deletion requests
**Process**: Secure deletion, audit logged

## References

- Security Architecture: See `security-architecture.md`