search

Privacy and Data Governance

YAP’s credentialing system is built around one principle: make learning verifiable without exposing personal data. The system separates what must be public for trust from what must remain private for safety and compliance. This architecture is reinforced by strict contractual, technical, and legal controls defined in YAP’s Privacy Policy and Terms of Use.

hashtag
1. Architectural Separation of Public vs. Private Data

YAP uses a dual-layer model:

hashtag
On-Chain (Public, Pseudonymous, Minimal)

Only trust-critical, non-sensitive data is written to the Sei blockchain:

  • Pseudonymous wallet/address

  • Lesson or milestone identifiers (curriculum position, not content)

  • Timestamps

  • High-level performance percentages

  • Token transactions (burn, treasury routing, rewards)

Crucially, none of this data can reveal identity, learning difficulties, or exact content of learner responses.

hashtag
Off-Chain (Private, Encrypted, Access-Controlled)

Personally identifiable information — names, emails, birthdates, consent documents, audio recordings, detailed performance logs — stays in encrypted databases behind strict access control. This matches YAP’s described practices for privacy-sensitive data and secure storage.

This separation ensures that on-chain data remains functionally meaningless to unauthorized observers.

hashtag
2. Identity Linking and Consent-Controlled Access

The identity layer maintains the mapping between a user’s real identity and their blockchain address. This layer:

  • Stores PII in encrypted, access-restricted systems

  • Separates identity from blockchain activity

  • Requires verification for minors, parents, and KYC contexts

  • Supports regulator-required logging and auditability

hashtag
Progressive Disclosure Model

Learners decide who sees what. They can share:

  • Limited certification summaries (employers)

  • Detailed learning histories (institutions)

  • Single-use verification tokens

  • Time-limited read permissions

  • Standing permissions for trusted institutions

All permissions can be revoked instantly with global effect.

hashtag
3. Data Minimization & Differential Privacy

YAP follows a strict data minimization stance — collecting only what is needed for learning, rewards, personalization, and compliance.

For aggregate analytics and research:

  • Only anonymized or pseudonymized data is used

  • Differential privacy techniques introduce noise into population-level statistics

  • No individual learner’s performance, mistakes, or audio can be reconstructed from aggregate datasets

This allows scientific insight without compromising individual privacy.

hashtag
4. Regulatory Compliance Across Jurisdictions

YAP’s data governance framework is designed to comply with:

  • GDPR / UK GDPR

  • CCPA / CPRA

  • COPPA for minors

  • International transfer rules (SCCs, adequacy mechanisms)

hashtag
Blockchain “Erasure” Compliance

While blockchain records cannot be deleted, YAP satisfies “right to be forgotten” requirements by:

  • Destroying identity-linking cryptographic keys

  • Severing the association between on-chain records and the individual

This renders the blockchain entries permanently anonymous, matching your legal description of practical erasure.

hashtag
5. Security Practices

Your infrastructure applies enterprise-grade security:

  • Encryption at rest and in transit (TLS)

  • MFA and strict access controls

  • Regular vulnerability assessments

  • Wallet security via Privy.io (YAP never touches private keys)

  • 72-hour breach notification where legally required

Monitoring systems detect abnormal activity, bot behavior, suspicious token flows, or unauthorized access attempts.

hashtag
6. Data Retention & Permanence

hashtag
Off-Chain Data

  • Retained only as long as necessary for operations or legal obligations

  • Deleted/anonymized within defined windows after account termination

  • Exceptions apply for fraud prevention, auditing, and required record retention

hashtag
On-Chain Data

  • Permanent and immutable

  • Minimal by design

  • Pseudonymized to prevent personal identification

  • De-linkable via key destruction

  • hashtag
    7. User Rights & Control

    Users can:

    • Access, correct, and export their personal data

    • Request deletion (subject to blockchain constraints and lawful retention)

    • Opt out of AI training, marketing, analytics, and leaderboards

    • Manage consent for minors via parental dashboards

    • Revoke data access permissions instantly

    All rights are honored per jurisdictional guidelines (GDPR, CCPA, COPPA).

hashtag
Summary

YAP’s privacy model is built on:

  • Separation of public trust data vs. private learning data

  • Granular, revocable user control

  • Differential privacy for research safety

  • Regulatory compliance with global data laws

  • On-chain minimalism and pseudonymization

  • Security guarantees across identity, storage, and wallet layers

The result is a credentialing system that is publicly verifiable and cryptographically trustworthy without exposing the highly personal nature of individual learning journeys.

PreviousLegal & ComplianceNextGlossary

Last updated