Data policy

May store

• Public trust layer Profile id, public key, handle, manifesto, signed card, QR credentials, status flags
• Vouches & revocations Signed vouches, verification summaries, revocation and suspension records
• Live control Short-lived challenge records (minutes), not long-term history

Must not store

• Private keys or recovery secrets
• Government ID or KYC artifacts
• Phone or email required for card creation
• Scan analytics or fingerprinting
• Payment or shipping PII in the resolver DB

Access logs

Default: no scan logging. Any future minimal logs require governance approval and published retention, not a silent product change.

Full spec

• REFERENCE_OPERATOR_DATA_POLICY.md Canonical policy in the repo ›
• Back to landing ›