has been designed for privacy. 

We only collect data that is necessary to deliver services and we don't store any of your personal data on the blockchain. The information we do store on the blockchain consists only of record hashes. 

Record hashes are like verifiable signatures assigned to records which can only be used to verify those records to which you already have access. There is no way that anyone can revert a hash back to a record (with or without a key). Therefore record hashes do not fall under the definition of "personal data" in the GDPR sense and are not subject to "the right to be forgotten".

Furthermore, record hashes on the blockchain are related to natural persons only via an ethereum address. These addresses are pseudonymous. The key to matching a pseudonymous address to a natural person is stored privately and securely on our proprietary centralized servers which are protected by firewalls and are inaccessible to the outside world. 

As such, the risks of someone gaining access to these keys is extremely low and by consequence any level of protection required by the GDPR is also much lower.

For more information, please see the supporting definitions from the GDPR:

Key Definitions: Unlocking the EU General Data Protection Regulation

Did this answer your question?