> For the complete documentation index, see [llms.txt](https://docs.keyring.network/docs/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.keyring.network/docs/protocol-guide/data-flow/data-storage.md).

# Data Storage

## Storage locations

No sensitive data, including PII, will ever be stored on publicly accessible servers. We uphold this principle for both **Keyring Pro** and **Keyring Connect** solutions.

All datapoints and documents collected are securely encrypted and stored in AWS S3. The PII is encrypted at rest, and only accessible via the deployed server.

Note that during a Keyring Connect session, users only reveal the minimal set of data required to verify a claim. Any additional information which may be exchanged during the verification process is only temporarily visible to the user's browser and the Keyring Connect extension. The user retains full control and privacy over their data. During the generation of the proof, the user is informed of which specific data points will be revealed and securely stored in AWS S3. We do our utmost to keep this information to the strict minimum required to verify the user's claim. Only these minimal data points are ever stored and accessed by our services during the attestation generation.

## Data Transmission to Policy Owners

Raw data collected from users can also be accessed and downloaded by Policy Owners for self-storage. Records generated by compliance checks for a given Policy are also stored.

## Regulatory compliance access <a href="#regulatory-compliance-access" id="regulatory-compliance-access"></a>

Keyring’s solution fully breaks the link between real-life identity and trading wallets for best-in-class security and privacy. This means that even Keyring’s ability to reconstitute that link is mitigated. That being said, some parties such as law enforcement might need to see who’s behind a wallet, potentially with a subpoena. For that reason, we have included a break glass procedure in our architecture to enable authorised parties to unmask that link via threshold decryption. Users are required to encrypt their identity link breadcrumbs with a corresponding public key, that can only be decrypted by certain private keys, the Policy Owner’s Regime Keys.


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:

```
GET https://docs.keyring.network/docs/protocol-guide/data-flow/data-storage.md?ask=<question>&goal=<endgoal>
```

`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.

The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.