Data Storage

Storage locations

No sensitive data, including PII, will ever be stored on publicly accessible servers. We uphold this principle for both Keyring Pro and Keyring Connect solutions.

All datapoints and documents collected are securely encrypted and stored in AWS S3. The PII is encrypted at rest, and only accessible via the deployed server.

Note that during a Keyring Connect session, users only reveal the minimal set of data required to verify a claim. Any additional information which may be exchanged during the verification process is only temporarily visible to the user's browser and the Keyring Connect extension. The user retains full control and privacy over their data. During the generation of the proof, the user is informed of which specific data points will be revealed and securely stored in AWS S3. We do our utmost to keep this information to the strict minimum required to verify the user's claim. Only these minimal data points are ever stored and accessed by our services during the attestation generation.

Data Transmission to Policy Owners

Raw data collected from users can also be accessed and downloaded by Policy Owners for self-storage. Records generated by compliance checks for a given Policy are also stored.

Regulatory compliance access

Keyring’s solution fully breaks the link between real-life identity and trading wallets for best-in-class security and privacy. This means that even Keyring’s ability to reconstitute that link is mitigated. That being said, some parties such as law enforcement might need to see who’s behind a wallet, potentially with a subpoena. For that reason, we have included a Regulatory Backdoor in our architecture to enable authorised parties to unmask that link via threshold decryption. Users are required to encrypt their identity link breadcrumbs with a corresponding public key, that can only be decrypted by certain private keys, the Policy Owner’s Regime Keys.