Privacy Policy

1. Information We Collect

1.1 Location Data

When you use our Service, we collect GPS coordinates from your mobile device, including:

• Latitude and longitude coordinates
• Timestamp of location recording
• Location accuracy measurements
• Optional: city, state, and country information (if enhanced with oracle attestation)

1.2 Cryptographic Data

Our Service collects and processes:

• Public blockchain addresses (anchor addresses and master addresses)
• Cryptographic signatures for ownership verification
• Derived keys for data retrieval
• IPFS content identifiers (CIDs) for encrypted manifests

1.3 Device Information (Optional)

If you opt in to device attestation, we may collect:

• Device attestation tokens (iOS App Attest or Android Play Integrity)
• Cryptographic device identifiers
• Trust level assessments

1.4 Account Information

For authentication purposes, we may collect:

• Hashed phone numbers (SHA256, never stored in plaintext)
• JSON Web Tokens (JWT) for session management
• Optional: Clerk authentication data if using mobile app authentication

2. How We Use Your Information

2.1 Primary Purposes

We use collected information to:

• Anchor your data on the Arbitrum blockchain
• Generate cryptographic proofs of ownership
• Enable selective disclosure through derived keys
• Verify device authenticity (if opted in)
• Authenticate user sessions

2.2 Privacy-Preserving Architecture

• Unlinkability: Daily anchor addresses are cryptographically unlinkable to your master wallet address.
• Client-side encryption: Data is encrypted on your device before being stored on IPFS.
• No server timestamps: We do not add server-generated timestamps to your anchors.
• Hash-only storage: Phone numbers are hashed using SHA256 and never stored in plaintext.
• Selective disclosure: You control when and how to prove ownership.

3. Data Storage and Security

3.1 Blockchain Storage

Anchors are stored permanently on the Arbitrum blockchain. This data is:

• Publicly visible on the blockchain but anonymously anchored
• Immutable and cannot be deleted or modified
• Retrievable only through cryptographic derived keys

3.2 IPFS Storage

Encrypted manifests are stored on IPFS through Pinata:

• Content is encrypted using AES-256-GCM before storage
• Accessible via content identifiers (CIDs) stored on blockchain
• Decryption requires the anchor's private key

3.3 Database Storage

Our PostgreSQL database stores:

• User account records (hashed phone numbers, master addresses)
• Ownership proof metadata
• Proof request information
• Public proof display data
• Device attestation records (if opted in)

Important: Anchor addresses are not stored in our database. They are only retrievable from the blockchain.

3.4 Security Measures

• SHA256 hashing for sensitive identifiers
• AES-256-GCM encryption for data
• JWT-based authentication with secure session management
• Rate limiting and DDoS protection
• Regular security reviews and updates

4. Data Sharing and Disclosure

4.1 No Sale of Personal Data

We do not sell, rent, or trade your personal information or location data to third parties.

4.2 Blockchain Transparency

Anchor transactions are publicly visible on Arbitrum. The cryptographic design ensures:

• Master addresses remain unlinkable from anchor addresses
• Data is encrypted and not readable on-chain
• Ownership can only be proven through voluntary cryptographic disclosure

4.3 Service Providers

• Pinata: IPFS pinning service for encrypted manifests
• The Graph: Blockchain indexing for efficient data retrieval
• Arbitrum Network: Blockchain infrastructure for transaction finality
• Clerk (Optional): Authentication service for mobile apps

4.4 Legal Requirements

We may disclose information if required by law, court order, or government regulation, to the extent legally permissible.

5. User Rights and Control

5.1 Data Access

You can access your data at any time using your cryptographic keys and blockchain addresses.

5.2 Selective Disclosure

You have full control over when and how to disclose ownership through cryptographic proofs.

5.3 Data Deletion Limitations

• On-chain anchor data cannot be deleted
• IPFS-stored encrypted manifests persist across the network
• Database records can be deleted upon request (except where required by law)

5.4 Opt-Out Rights

• Device attestation features
• Oracle-enhanced location data
• Photo evidence uploads

6. Children's Privacy

Our Service is not intended for users under the age of 18. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

7. International Data Transfers

Your information may be transferred to and processed in countries other than your own. The Arbitrum blockchain and IPFS network are globally distributed systems. By using our Service, you consent to such transfers.

8. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify users of material changes by posting the updated policy with a new effective date.

9. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact:

Alibi Ledger, LLC
Email: support@trustonion.io