DRAFT — internal, not yet legally reviewed. This placeholder describes our intended policy. It is not a binding legal document and will be replaced by a reviewed version before commercial launch.
What we collect
Issuer onboarding — organisation name, contact email, and stated use-case, to process an access request.
Credentials — the data an issuer chooses to put in a credential (e.g. holder name, title). Issuers are the controllers of that content.
Usage — aggregate, non-identifying counters (credentials issued, verifications, badges served). No tracking of individual verifiers.
API keys
We store only a hash of each API key, never the key itself. Request bodies are not logged.
Your rights
Under the GDPR you may request access, correction or erasure of personal data we hold about you. Revocation removes a credential's validity; tamper-evident audit entries are retained as required for integrity. Contact details and a Data Processing Agreement will be published with the reviewed version.
Legal basis & retention
Processing rests on legitimate interest (operating the verification service) and contract (issuer accounts). Retention periods will be finalised on legal review.
Validiris is the trust layer of Pulse Core — an intelligence & trust system. Trust by Validiris · Intelligence by Pulse Core. Terms · Privacy / GDPR · Trust & Verification Policy· draft, pending legal review