Access Control

General policy

Keyring Services have access to storage locations at Basis Theory and Compliance Partners but do not read raw user data. Instead, they enable users to securely upload their data to Basis Theory's encrypted servers for ingestion by Compliance Partners. Raw user data does not touch Keyring’s backend services as the exchange is triggered by a proxy forwarding request. To get more information on Basis Theory’s architecture and processes, here is a link to their documentation.

Regulatory compliance access

Keyring’s solution fully breaks the link between real-life identity and trading wallets for best-in-class security and privacy. This means that even Keyring’s ability to reconstitute that link is mitigated. That being said, some parties such as law enforcement might need to see who’s behind a wallet, potentially with a subpoena. For that reason, we have included a Regulatory Backdoor in our architecture to enable certain whitelisted parties to come together to unmask that link via threshold decryption. This feature is in beta mode at the moment, with Keyring Governance holding the only private key. Keyring Governance will be responsible for accepting new key holders in the system.

Policy Owners can opt in and out of this feature when creating an Admission Policy. If toggled on, Users are required to encrypt their identity link breadcrumbs with a corresponding public key, that can only be decrypted by certain private keys, the Policy’s Regime Keys.

Last updated