Privacy Principles
- Data minimization over data collection
- Separation of identity and on-chain authority
- Explicit consent and purpose limitation
- Application-controlled disclosure
What the SDK Never Stores
- Government-issued identity documents
- Biometric data
- Full names, addresses, or dates of birth
- Unencrypted identity payloads
Off-Chain Identity Handling
Identity verification is performed exclusively by third-party providers outside of the Solana blockchain.
- Providers receive only the data required for verification
- SDK does not persist provider responses containing PII
- Verification outcomes are normalized into abstract states
On-Chain Privacy Guarantees
- No personally identifiable information is written on-chain
- Programs consume boolean or scoped verification signals
- Wallet addresses are not permanently linked to identities
Correlation Risk Mitigation
Repeated interactions can unintentionally create identity correlations. The SDK is designed to reduce these risks.
- Verification proofs may be time-bound or revocable
- Applications can rotate verification contexts
- Static identifiers are avoided by default
Application Responsibilities
The SDK provides privacy-preserving primitives, but final privacy outcomes depend on how applications integrate and enforce them.
- Define appropriate disclosure thresholds
- Limit reuse of verification signals
- Communicate privacy expectations to users
Privacy as a Process
Privacy requirements evolve with regulation, technology, and user expectations. This SDK treats privacy as an ongoing design constraint rather than a one-time feature.