Skip to content
Snippets Groups Projects
Normal view Permalink
GDPR.md 1.5 KiB
Newer Older
  • Learn to ignore specific revisions
    • Kalin Canov's avatar
    Upload New File
    Kalin Canov committed
    1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 
    # GDPR Compliance Document
The objective of this document is to detail, the data being stored and proccessed by the Trust Service API.

## What information is stored
### Source User Information
The Open Id connect claims that MAY contain all sorts of personal data (like email, name, age and others), are received from any external source.

### Technical User Information (Public)

- Schema information (public)
- Credential/credential definition ids and states
- DID of issuer
- DID of holder
- Created/updated dates
- Offered credential attributes and attachments

## How is the information stored
### Source User Information
Source User Information is encrypted using the Private Key of the Organizations SSI Agent and stored until the issuance of credential in Organization's SSI Agent's PostgreSQL database.

### Technical User Information (Public)
Technical User Information is encrypted using the Private Key of the Organizations SSI Agent and stored internally (on the agent) on PostgreSQL and externally/ metadata (shared between the OCM services) on PostgreSQL of Organization.

## Who can access the information
The Source User Information and Technical User Information both are accessible only by the Organization specific SSI agent's private key.

## How long will the information stay 
### Source User Information
The Source User Information is wiped out once the credential is issued.

### Technical User Information (Public)
The Technical User Information is wiped out according to the retention periods (not defined yet).