Data Storage

Storage locations

No sensitive data, including PII, will ever be stored on publicly accessible servers. We uphold this principle for both Keyring Pro and Keyring Connect solutions.

Given how crucial security is to us, we have partnered with an expert in the field to encrypt and store users’ information and documents. Basis Theory is a trusted partner of many financial institutions and fintechs, and their core mission resonates well with ours, centred around privacy and security. Basis Theory is:

• PCI Level 1 Compliant

• SOC 2 Type II Certified

• HIPAA Compliant

• ISO 27001 Certified

The high-value data in our system is stored in a vault in the form of undecipherable tokens. Basis Theory uses strong cryptography with industry-standard key-management processes (KMS) and procedures.

The data itself is stored on the cloud. Basis Theory follows cloud-native security best practices, implementing continuous code delivery, system, and network monitoring and scanning. Servers are operated by Azure, in the following regions: East US 2 - Virginia, Central US - Iowa, plus some global networking and edge resources.

Anonymised data points are stored in:

• User’s local computer (browser).

• AWS (Dynamo DB): Our servers are located in West US 2 and Oregon.

• On-chain: Ethereum, other blockchains to come.

Note that during a Keyring Connect session, users only reveal the minimal set of data required to verify a claim. Any additional information which may be exchanged during the verification process is only temporarily visible to the user's browser and the Keyring Connect extension. The resulting proof is securely stored in Basis Theory.

Data Transmission to Policy Owners

Raw data collected from users can also be accessed and downloaded by Policy Owners for self-storage. Records generated by compliance checks for a given Policy are also stored.

Data retention

Given Keyring Network is used for regulatory compliance purposes, it is obligated to keep a record of all user compliance data for several years. While this requirement varies across jurisdictions, Keyring’s base policy is to store the records for 10 years.