Privacy Policy
At Holonym, we believe privacy should empower—not obscure—responsible participation in the digital world. This Privacy Policy describes how we collect, use, store, and protect your personal data when you engage with Holonym’s services and applications. These services and applications include, but are not limited to, human.tech’s applications, web properties and network. We are committed to maintaining transparency, clarity, and control for all users.
1. Introduction and Scope
This Privacy Policy applies to all products, services, and technologies provided by Holonym Foundation (“Holonym,” “we,” “our,” or “us”). This includes, but is not limited to:
human.tech – A comprehensive suite of modular identity and digital rights’ solutions.
Human Passport – A privacy-first digital identity credentialing system.
Human Network – An OPRF based, decentralized and privacy preserving key derivation solution.
Human Wallet – A self-custodial wallet with integrated privacy features.
Human ID & Proof of Clean Hands – A zero-knowledge-based identity verification and accountability system designed for Web3 compliance.
If you use our services or products, interact with our websites, or participate in any Holonym-powered applications, this policy explains what data we collect, how we use it, and your rights and choices.
For purposes of this Privacy Policy, “Personal Data” is information relating to an identified or identifiable individual. For purposes of this Privacy Policy, Personal Data does not include de-identified or aggregated information and, to the extent permitted by law, does not include publicly available information that is lawfully made available to the general public or information that is lawfully made available from government records.
2. What Data We Collect
Holonym minimizes data collection and maximizes user control. Depending on the product and your choices, we may collect the following:
2.1 Identity Information (during KYC or Proof issuance):
Full name and date of birth (processed in RAM only)
Country of residence or jurisdiction (for sanctions checks)
2.2 Technical and Contact Information:
Email address (if you choose to provide it)
Device/browser metadata (e.g., IP address, operating system, browser version) for security purposes, analytics purposes and API usage tracking purposes
2.3 Zero-Knowledge Credential Data:
Encrypted identity credentials issued by Holonym
Zero-knowledge proofs and attestations linked to blockchain addresses (e.g., Stamps in Passport)
2.4 Sanctions Screening Data:
Real-time checks using sanctions.io and other public/regulatory databases
Note: We do not store biometric data, precise geolocation, or social profile information.
3. How We Use Your Data
We use your data solely to enable privacy-preserving identity and compliance tooling. Specifically:
To verify that you are not on a prohibited persons list during onboarding
To issue ZK credentials and attestations that can be used in decentralized applications
To enable access controls and transparency via smart contracts
To respond to legitimate requests under legal frameworks you have consented to
To provide a high service level and quality of experience for data and network products
Your information is never sold, never used for advertising and never stored in a format that could compromise your identity without explicit consent.
4. Data Sharing and Decryption
Holonym enables conditional transparency—users can opt into predefined scenarios where a third-party decryptor may access certain information. This includes:
4.1 Smart Contract-Governed Decryption:
Users agree to specific terms (e.g., lawful subpoena) where a designated decryptor (such as a law firm or DAO) may access their encrypted data
Only the decryptor has the ability to view decrypted content, and only when the smart contract permits
4.2 Public Blockchain Attestations:
Attestations that confirm credential validity or uniqueness may be posted on-chain, without revealing sensitive data
4.3 External Screening Providers:
Sanctions screening may temporarily process identity information via services like sanctions.io. No data is stored.
We do not share information with advertisers or data brokers.
We do share data with third parties providing services on our behalf (ie, AWS, Google web applications, and other service providers). These parties perform functions on our behalf: host or operate our Website, provide the infrastructure for us to analyze data, store data, and complete other data processing.
We do share data with our affiliates. We may share your data with other entities and our affiliates primarily for business and operational purposes, such as business partners with whom we jointly offer products or services (ie, data for verification of sanctions list compliance, etc.).
5. Legal Basis for Processing
We process personal data based on the following legal grounds:
Consent – You voluntarily agree to the terms of data use (e.g., during Clean Hands onboarding, stamp creation in Human Passport, key derivation in Human Network, etc.)
Legal obligation – Required screenings (e.g., OFAC or FATF lists) for compliance purposes
Legitimate interest – Delivering secure and compliant products while protecting user privacy
You can withdraw consent at any time. This may impact your ability to use certain Holonym products. Please see Section 9 for details on how to contact us in the event you would like to have data removed.
6. Data Retention
Zero-Knowledge Credentials – Issued for a default period of 1 year. Users may reverify at any time.
Encrypted Personal Data – Stored only with Observer nodes (in Human Network) in a format inaccessible to Holonym. Retained as long as required by the credential conditions.
No Permanent KYC Storage – Raw identity information is processed transiently and never retained.
Oauth tokens – Stored in an encrypted format for Passport Stamps, once encrypted they not accessible to Holonym / Passport
We do not want to store or retain data for any longer than we need to. In some situations, we will retain your data for periods of times required or permitted by law or subject to our retention policies as may be in place from time to time. We consider the following in determining such retention periods: the time required to retain Personal Information to fulfill business purposes; maintaining corresponding business records; improving the performance and quality of the Website and Solutions; handling your inquiries; whether we reasonably believe this data will be needed for the handling of any litigation; and whether legal and contractual obligations pose any requirements for data retention.
7. Data Security
We implement advanced cryptographic and organizational security measures:
Zero-knowledge proof protocols
Zero-knowledge nullifier creation
ElGamal encryption with ephemeral keys (client-side only)
Threshold decryption using Human Network
Smart contract-enforced access controls
No single party—including Holonym—can unilaterally access encrypted data.
8. International Data Transfers
Our systems operate globally through decentralized infrastructure and distributed networks with affiliates. Holonym adheres to principles required under GDPR, CCPA, and similar regulations by:
Minimizing data collection
Limiting storage duration
Relying on user-controlled encryption and decryption
9. Your Rights
Depending on your jurisdiction, you may:
Access personal data we process
Request corrections or deletions
Withdraw consent
Request data portability (where applicable)
Lodge a complaint with a supervisory authority
To make a request, contact us at privacy@holonym.id or visit https://human.tech.
10. Use by Minors
Our services are not designed for individuals under 18 years old. We do not knowingly collect data from minors. If this occurs, we will delete the data promptly.
11. Updates to This Policy
We may update this policy to reflect changes in legal, technical, or business developments. Material updates will be communicated via our website or email.
12. Contact Information
Holonym Foundation
251 Little Falls Drive
Wilmington, DE 19808
United States
Email: privacy@holonym.id