What does Blockpass do with your data?

March 2022

This is in response to recent commentary in social media regarding a 2018 Medium article about Blockpass data storage. The article on an old blog, which we had abandoned updating two years ago, was outdated and recently deleted to avoid further confusion. For our policy regarding data deletion, please refer to the following article "I want to delete my Blockpass Identity and data associated with it"(dated over one year ago) to learn how to delete your data. Also please have a look at our official privacy policy (dated 4 Sep 2020).

It is important to highlight Blockpass is a re-shareable or reusable identity utility and regtech service provider. When a user signs up using Blockpass, they retain their profile to share for other launchpads or IDOs. Their data is either stored in their phone using the Mobile App or on our servers with the Web App.

In both cases, the data is stored so the user can reshare their KYC’d data for further projects, and so they don’t have to go through the KYC process again. Blockpass’ servers are in Europe and subject to GDPR. For users, we delete their data upon their request from our servers as noted in our aforementioned privacy policy. To be clear, this procedure does not delete a copy of their data that they may have shared with one of our customers using Blockpass.

To meet regulatory requirements (e.g. FATF Travel Rule) for crypto, most of our customers have a regulatory obligation to retain user data as part of onboarding, so even if they request to delete their data from that business they may not be able to process that request as they have a regulatory obligation to retain the data. However, for some business customers that are not subject to this obligation, they may instruct us to delete user data from their dashboard and service after the KYC event takes place.

For businesses who don't want to handle data and want their users to remain anonymous to them, Blockpass offers On-chain KYCTM - a zero-knowledge product for Businesses that do not want to collect KYC data of users but want to understand whether a crypto user has been verified. Read more about it here.