WUNWEY
🔒

Privacy Policy

Your Privacy, Our Priority. Building digital trust starts with trust in us.

Effective Date: January 2025WUNWEY

🔒 Your Privacy, Our Priority

At WUNWEY, we're building the infrastructure for digital trust, and that starts with trust in us. This policy explains how we collect, use, store, and protect your information when you use our decentralized digital credentials platform.

We design every part of WUNWEY to respect your privacy, reduce central points of failure, and put control of data back in your hands.

1. Information We Collect

We only collect the data necessary to provide and improve our services, nothing more.

1.1 Personal Information

  • Account Information: Email address, username, and login details
  • Organization Info: Name, description, contact details
  • Payment Info: Securely handled via Stripe. We never store your card details
  • Decentralized Identifiers (DIDs): Tied to your account for issuing and managing credentials
  • Encrypted Keys: If you choose, you may store encrypted private keys for convenience

1.2 Credential Data

  • Verifiable Credentials: Credentials issued to you or created by your organisation
  • Metadata: Title, description, issuer, date of issuance/expiry
  • Encrypted Storage: Credentials are encrypted and stored on decentralized infrastructure (IPFS)

1.3 Technical & Usage Data

  • • API usage logs (to monitor fair use and abuse)
  • • Subscription status and usage
  • • IP addresses, device/browser info (for basic security monitoring)

2. How We Use Your Information

We only use your data to deliver the services you've signed up for and to keep things secure.

2.1 Platform Features

  • • Creating and managing your account and credentials
  • • Issuing, verifying, and sharing credentials
  • • Managing organisations, integrations, and team access
  • • Processing payments and subscriptions

2.2 Safety & Compliance

  • • Verifying user authenticity
  • • Detecting abuse, fraud, or security breaches
  • • Logging platform activity to maintain accountability
  • • Meeting our legal and regulatory obligations (e.g., GDPR)

2.3 Communication

  • • Notifications about credential updates and account activity
  • • Support and troubleshooting
  • • Billing and payment updates
  • • Service-related security alerts

3. Storage & Security

3.1 Encryption & Access

  • Private Keys: AES-256-CBC encrypted with your password
  • Seed Phrases: Optional and securely encrypted at rest
  • Credential Encryption: Encrypted for single or multiple recipients using ECDH-AES-GCM
  • Network Traffic: All communication uses TLS/SSL encryption

3.2 Decentralized Storage

  • IPFS: Credentials are stored on the InterPlanetary File System
  • Pinning Services: We use trusted services like Pinata to ensure content availability
  • Blockchain Anchoring: Optionally, credentials can be anchored to public blockchains

3.3 Cloud Infrastructure

  • Supabase: Secure, enterprise-grade PostgreSQL database with strict access controls
  • Backups: Automated, encrypted backups with disaster recovery
  • Audit Logging: All actions are logged for transparency and traceability

4. Third-Party Services

We work with trusted providers to deliver a secure and scalable experience.

4.1 Payment Provider

4.2 Infrastructure Partners

  • Supabase: Authentication and storage
  • Pinata: IPFS pinning and access
  • Ethereum Networks: Mainnet, Sepolia, and other chains for optional credential anchoring
  • IPFS Gateways: Cloudflare, ipfs.io, and others

5. Sharing & Disclosure

We do not sell or rent your personal data.

5.1 Credential Sharing

  • • Credentials are shared only when you choose to
  • • You control whether a credential is private, public, or shared
  • • Share links can be permanent or one-time use

5.2 Legal Compliance

We may disclose data if required to do so under UK law or to:

  • • Respond to lawful court orders or legal processes
  • • Protect user safety or prevent fraud
  • • Enforce our rights and policies

5.3 Business Transfers

If WUNWEY is acquired or merges with another entity, your data may be transferred but will remain protected under this same policy.

6. Your Rights & Controls

We put you in control of your data.

6.1 Access & Portability

  • • View or download all credentials
  • • Export personal data in a machine-readable format
  • • Access your stored (encrypted) keys

6.2 Update & Revoke

  • • Update your account info
  • • Revoke issued credentials
  • • Change credential visibility
  • • Manage linked APIs and integrations

6.3 Delete Your Account

You can request full account deletion by contacting us. Please note:

  • • Data on IPFS may persist (due to the decentralized nature of the network)
  • • Some metadata may be retained to meet legal/security obligations
  • • Anonymous usage logs may be retained for product analytics

7. Data Retention

We retain data only for as long as needed to provide our services.

7.1 Active Users

  • • Credentials stored indefinitely unless deleted
  • • Usage logs retained for up to 2 years

7.2 Inactive Users

  • • Inactive accounts may be deleted after 3 years
  • • We'll notify you 30 days in advance before account removal
  • • Credentials on IPFS remain accessible by design

8. International Users & Legal Compliance

8.1 Global Infrastructure

Your data may be processed in other countries where our infrastructure (or trusted providers) operate, including the United Kingdom, EU, and United States.

8.2 GDPR & UK Data Protection

For users in the UK and European Union, WUNWEY complies with the UK GDPR and EU GDPR, including:

  • • The right to access, rectify, or erase your data
  • • The right to restrict or object to processing
  • • The right to data portability
  • • Legal basis for processing: performance of a contract, legitimate interest, or user consent
  • • Our Data Protection Officer can be contacted at: team@wunwey.com

9. Children's Privacy

WUNWEY is not intended for children under 13 years of age, and we do not knowingly collect data from them. If we learn that we have, we will delete it promptly.

10. Changes to This Policy

We may update this policy from time to time. Significant changes will be announced via the platform or by email. Please check back periodically for updates.

11. Contact Us

Have questions or concerns?

📩team@wunwey.com
🏢WUNWEY

This Privacy Policy is part of our Terms of Service and governed by the laws of England and Wales.