1.3 KiB
Privacy Controls Specification
Overview
Privacy controls for PII protection and data residency.
PII Separation Strategy
Data Segregation
Public Data: Blockchain data (no PII) Private Data: User accounts, KYC data (PII) Storage: Separate databases/partitions
Access Control
Public Data: Open access Private Data: Strict access control, encryption
Tokenization/Encryption
Identity Artifacts
Encryption: Encrypt sensitive identity documents Storage: Encrypted at rest Access: Decrypt only when needed, audit logged
Tokenization
Use Case: Reference PII without exposing it Implementation: Store tokens, map to PII securely
Regional Data Residency Controls
Data Residency
Requirement: Store data in specific regions per regulations Implementation: Regional databases/partitions Routing: Route user data to appropriate region
Compliance
- GDPR (EU)
- CCPA (California)
- Others as needed
Data Retention Policies
Retention Periods
User Data: Per regulatory requirements Transaction Data: Per regulatory requirements Logs: Per security requirements
Deletion
Right to Deletion: Support user data deletion requests Process: Secure deletion, audit logged
References
- Security Architecture: See
security-architecture.md