Data Processing, Privacy and Security

We don’t store your personal information. Ever.
Our privacy policy is simple: we don’t collect or share any of your personal information.

The ZADA Network enables the exchange of credentials between Issuers/Verifiers (Tenants) and Wallets (Credential Holders).

ZADA acts as a data processing ecosystem utilising W3C standards such as Verifiable Credentials (VC) to ensure digital credentials can be exchanged in a decentralised way and be interoperable.

There are three actors involved in the ZADA ecosystem:

  • Holder
  • Issuer
  • Verifier

Issuer and Verifiers can run their custom applications on their servers, attach databases as data controllers, and have full autonomy over their data and its processing.

 ZADA Core API enables issuer and verifiers to run applications independently on their servers and still be able to issue credentials and verify them via our restful API services.

Holders in ZADA ecosystem use ZADA Wallet to accept/store/manage their digital credentials. The ZADA Wallet is an open-source app that ensures transparency. Developed with a privacy-first principle, it ensures the data is encrypted both at rest and transit, and the holder is in full control.

How the data is handled

ZADA is the Data Processor while the the issuer is the Data Controller.

The data is sent from the Issuer to the Holder over a p2p connection using a DIDComm channel that ensures secure and private communication.

No personal data is stored anywhere except in the verifiable credential stored in the holder’s wallet

The data is encrypted in both transit and rest and sent over secure P2P connections (DIDComm).

A Digital Ledger is part of ZADA’s infrastructure to store credential’s decentralized identifiers (DID) so they can be verified in a decentralized way.

What goes on the public ledger:

  • Decentralised identifiers and associated DDOs with verification keys and endpoints.
  • Schemas and claim definitions
  • Proof of consent for data sharing
  • Public claims
  • Revocation registries

What does not go on the public ledger:

  • Private data of any kind (including hashed personal data)
  • Private proof of the existence

Do you still have questions?
Just chat with us in the bottom right corner or email [email protected]