Storage locations

No sensitive data, including PII, will ever be stored on publicly accessible servers. We uphold this principle for both Keyring Pro and Keyring Connect solutions.

Given how crucial security is to us, we have partnered with an expert in the field to encrypt and store users’ information and documents. Basis Theory is a trusted partner of many financial institutions and fintechs, and their core mission resonates well with ours, centred around privacy and security. Basis Theory is:

• PCI Level 1 Compliant

• SOC 2 Type II Certified

• HIPAA Compliant

• ISO 27001 Certified

The high-value data in our system is stored in a vault in the form of undecipherable tokens. Basis Theory uses strong cryptography with industry-standard key-management processes (KMS) and procedures.

The data itself is stored on the cloud. Basis Theory follows cloud-native security best practices, implementing continuous code delivery, system, and network monitoring and scanning. Servers are operated by Azure, in the following regions: East US 2 - Virginia, Central US - Iowa, plus some global networking and edge resources.

Anonymised data points are stored in:

• User’s local computer (browser).

• AWS (Dynamo DB): Our servers are located in West US 2 and Oregon.

• On-chain: Ethereum, other blockchains to come.

Keyring Pro

As outlined above, sensitive user data is stored and secured by our partner Basis Theory.

In addition to that, raw compliance data and records generated by compliance checks are securely stored by the Compliance Partner used for the verification. Keyring reviews the policies of each provider to ensure they meet the required security standards.

• ComplyCube: Compliance data is securely handled and stored under ISO standards with strict information security policies (more information here).

• Shufti Pro: Compliance data is transmitted over Secure Sockets Layer (SSL) and stored in SSAE-compliant and ISO-certified data centres across the globe for our secure data backups with either AES 128-bit, AES 256-bit or 448-bit Blowfish encryption.

Keyring Connect

During a Keyring Connect session, users only reveal the minimal set of data required to verify a claim. Any additional information which may be exchanged during the verification process is only temporarily visible to the user's browser and the Keyring Connect extension.

The resulting proof is securely stored by our partner Basis Theory as outlined above.

Data retention

Given Keyring Network is used for regulatory compliance purposes, it is obligated to keep a record of all user compliance data for several years. While this requirement varies across jurisdictions, Keyring’s base policy is to store the records for 10 years.

Compliance Partners read and process the data in accordance with their privacy policies. For user safety, Keyring triggers document deletion from our compliance vendors. After deletion, minimised information without raw documentation stays with compliance vendors that conduct continuous AML screening.