Skip to main content

Privacy Policy

Last updated: February 26, 2026

1. Introduction

CrowdProof Protocol ("CrowdProof," "we," "us," or "our") operates the website at crowdproof.id and the CrowdProof API. This Privacy Policy explains how we collect, use, and protect information when you use our services.

2. Information We Collect

2.1 On-Chain Data

CrowdProof indexes publicly available blockchain data including wallet addresses, transaction histories, and smart contract interactions across supported EVM chains (Ethereum, Polygon, Arbitrum, Base, Optimism). This data is already public on the blockchain. We do not create this data — we aggregate and analyze it.

2.2 API Usage Data

When you use our API, we collect request metadata (timestamps, endpoints accessed, API key identifiers) for rate limiting, billing, and service improvement. We do not log request bodies containing wallet addresses beyond what is necessary for service operation.

2.3 Account Information

If you create an API account, we collect your wallet address (used as your identifier via Sign-In with Ethereum), email address (optional, for notifications), and billing information (processed by Stripe — we do not store payment card details).

2.4 Zero-Knowledge Proofs

CrowdProof generates zero-knowledge proofs that allow you to prove properties about your reputation score without revealing the score itself. The proof generation process uses your data transiently — we do not store the private inputs used to generate proofs.

3. How We Use Information

  • Generate reputation scores from publicly available on-chain data
  • Provide API responses to authorized queries
  • Generate zero-knowledge proofs on your behalf
  • Process billing and enforce rate limits
  • Improve our scoring models and service reliability
  • Comply with legal obligations (e.g., OFAC sanctions screening)

4. Data We Do NOT Collect

  • Personally identifiable information (PII) such as names, phone numbers, or physical addresses
  • Private keys or seed phrases
  • Off-chain financial data (bank accounts, credit card numbers)
  • Browsing activity or cookies for advertising purposes

5. Data Sharing

We do not sell your data. We may share information with: (a) service providers who help operate our infrastructure (Azure, Stripe); (b) law enforcement when required by valid legal process; (c) the public blockchain when you anchor a reputation commitment on-chain (this is initiated by you).

6. Your Rights

Under GDPR (EU) and CCPA (California), you have the right to: access the data we hold about your wallet address; request deletion of your API account and associated metadata; opt out of score computation for your wallet (via the dispute process); and export your data in a machine-readable format.

Note: We cannot delete on-chain data as it is immutable and publicly available. Deletion requests apply to our off-chain databases and API records only.

7. Data Retention

API usage logs are retained for 90 days. Account data is retained for the duration of your account plus 30 days after deletion. Reputation scores are recomputed continuously from on-chain data and are not stored permanently in their computed form.

8. Security

We use industry-standard security measures including TLS encryption, Azure Key Vault for secret management, and role-based access controls. Smart contracts are audited before mainnet deployment. See our Security page for more details.

9. Cannabis Compliance Module

Our cannabis compliance module performs age verification using zero-knowledge proofs. We verify that a user meets the minimum age requirement without learning or storing their actual date of birth. No PII is collected, transmitted, or stored during this process.

10. Changes to This Policy

We may update this policy from time to time. Material changes will be announced on our website and, where applicable, via email to registered API users.

11. Contact

For privacy-related inquiries, contact us at privacy@crowdproof.id.