From d8d928f5af2e6181d876e2981fd2833d2f6da48c Mon Sep 17 00:00:00 2001
From: Kalin Canov <kalin.canov@vereign.com>
Date: Fri, 1 Jul 2022 15:32:30 +0000
Subject: [PATCH] Upload New File

---
 GDPR.md | 32 ++++++++++++++++++++++++++++++++
 1 file changed, 32 insertions(+)
 create mode 100644 GDPR.md

diff --git a/GDPR.md b/GDPR.md
new file mode 100644
index 00000000..37d2aa80
--- /dev/null
+++ b/GDPR.md
@@ -0,0 +1,32 @@
+# GDPR Compliance Document
+The objective of this document is to detail, the data being stored and proccessed by the Trust Service API.
+
+## What information is stored
+### Source User Information
+The Open Id connect claims that MAY contain all sorts of personal data (like email, name, age and others), are received from any external source.
+
+### Technical User Information (Public)
+
+- Schema information (public)
+- Credential/credential definition ids and states
+- DID of issuer
+- DID of holder
+- Created/updated dates
+- Offered credential attributes and attachments
+
+## How is the information stored
+### Source User Information
+Source User Information is encrypted using the Private Key of the Organizations SSI Agent and stored until the issuance of credential in Organization's SSI Agent's PostgreSQL database.
+
+### Technical User Information (Public)
+Technical User Information is encrypted using the Private Key of the Organizations SSI Agent and stored internally (on the agent) on PostgreSQL and externally/ metadata (shared between the OCM services) on PostgreSQL of Organization.
+
+## Who can access the information
+The Source User Information and Technical User Information both are accessible only by the Organization specific SSI agent's private key.
+
+## How long will the information stay 
+### Source User Information
+The Source User Information is wiped out once the credential is issued.
+
+### Technical User Information (Public)
+The Technical User Information is wiped out according to the retention periods (not defined yet).
-- 
GitLab