Privacy Policy

1. Introduction

SmartLedger Blockchain Solutions Inc. ("Company", "we", "us", or "our") operates the E2 Identity Wallet service. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

We are committed to protecting your privacy and maintaining the security of your personal information. As a self-sovereign identity platform, we have designed our Service to minimize data collection while maximizing your control over your own identity data.

2. Our Privacy-First Approach

3. Information We Collect

3.1 Information You Provide

• Account Information: Email address and hashed password for authentication
• Profile Information: Name, country of residence (optional)
• Verification Data: Information you choose to verify for attestations (processed but not stored by us)

3.2 Information We Do NOT Collect

• Private keys or seed phrases
• Unencrypted identity documents
• Biometric data
• Financial account details
• Social security or government ID numbers (unless explicitly provided for verification)

3.3 Automatically Collected Information

• Usage Data: Pages visited, features used, time spent
• Device Information: Browser type, operating system, device type
• Log Data: IP address, access times, error logs

4. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve the Service
• Authenticate your access to your account
• Process attestation requests with third-party verifiers
• Send important service notifications and security alerts
• Respond to your inquiries and provide customer support
• Detect, prevent, and address technical issues and security threats
• Comply with legal obligations

5. Data Storage and Security

5.1 Encryption

All sensitive data is encrypted using AES-256-GCM encryption at rest and TLS 1.3 in transit. Private keys are encrypted with keys derived from your password using Argon2id, ensuring that even we cannot access them.

5.2 Post-Quantum Security

Our cryptographic systems include post-quantum algorithms (ML-DSA-44, ML-KEM-768) to protect against future quantum computing threats.

5.3 Data Retention

We retain your account information for as long as your account is active. You may request deletion of your account at any time. Blockchain-anchored data (DIDs, attestations) is immutable and cannot be deleted from the blockchain.

6. Information Sharing

We do not sell your personal information. We may share information in the following circumstances:

6.1 With Your Consent

When you authorize third-party applications via OAuth 2.0, you explicitly choose what information to share. You can review and revoke these permissions at any time.

6.2 Service Providers

We may share information with service providers who assist in operating the Service (hosting, analytics) under strict confidentiality agreements.

6.3 Legal Requirements

We may disclose information if required by law, court order, or government request, or to protect our rights, property, or safety.

6.4 Blockchain Transactions

When you anchor identity proofs or attestations to the Boundless blockchain, that data becomes publicly visible on the blockchain. Only cryptographic hashes and public identifiers are stored on-chain, not your raw personal data.

7. Your Rights and Choices

You have the right to:

• Access: Request a copy of the personal information we hold about you
• Correction: Update or correct inaccurate information
• Deletion: Request deletion of your account and associated data
• Export: Export your identity data in a portable format
• Revoke Permissions: Disconnect third-party applications at any time
• Opt-Out: Unsubscribe from marketing communications

To exercise these rights, contact us at access@e2multipass.com.

8. Cookies and Tracking

We use essential cookies to maintain your session and preferences. We do not use third-party advertising cookies or cross-site tracking. You can configure your browser to reject cookies, but this may affect Service functionality.

9. Children's Privacy

The Service is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. We ensure appropriate safeguards are in place to protect your information in compliance with applicable data protection laws.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last updated" date. We encourage you to review this Policy periodically.

12. Contact Us

If you have questions about this Privacy Policy or our privacy practices, please contact us:

13. GDPR Compliance (EU Users)

If you are located in the European Economic Area (EEA), you have additional rights under the General Data Protection Regulation (GDPR):

• Legal Basis: We process your data based on consent, contract performance, or legitimate interests
• Data Portability: Right to receive your data in a structured, machine-readable format
• Right to Object: Object to processing based on legitimate interests
• Supervisory Authority: Right to lodge a complaint with your local data protection authority

14. CCPA Compliance (California Residents)

California residents have additional rights under the California Consumer Privacy Act (CCPA):

• Right to Know: What personal information we collect and how we use it
• Right to Delete: Request deletion of your personal information
• Right to Non-Discrimination: Equal service regardless of exercising privacy rights
• Do Not Sell: We do not sell personal information