Data Protection

Circuit KYC implements multiple layers of data protection to ensure identity information remains secure and private.

Encryption

Data at Rest

All stored data is encrypted using AES-256-GCM:

• Identity records
• Audit logs
• API keys (hashed, not encrypted)
• Credentials

┌─────────────────────────────────────────┐
│           Application Layer             │
├─────────────────────────────────────────┤
│         Encryption Service              │
│  ┌─────────────────────────────────┐   │
│  │  AES-256-GCM + AWS KMS Keys     │   │
│  └─────────────────────────────────┘   │
├─────────────────────────────────────────┤
│         Database (Encrypted)            │
└─────────────────────────────────────────┘

Data in Transit

All data in transit uses TLS 1.3:

• API requests/responses
• Internal service communication
• Database connections
• Message queue traffic

Key Management

Keys are managed through AWS KMS:

• Automatic key rotation (annual)
• Hardware Security Modules (HSMs)
• Separate keys per environment
• Audit logging of key usage

Blind Indexing

We use blind indexing to enable searching encrypted data without exposing plaintext:

# How blind indexing works
blind_index = HMAC-SHA256(secret_key, plaintext)

# The index can be searched, but the plaintext cannot be recovered

This allows:

• ✅ Looking up identities by phone/email
• ✅ Checking for duplicates
• ❌ Cannot reverse the index to get plaintext
• ❌ Cannot search partial matches

Data Isolation

Multi-Tenancy

Each tenant's data is logically isolated:

• Separate encryption keys per tenant
• Row-level security in database
• Tenant ID required for all queries
• Cross-tenant access impossible

Network Isolation

┌─────────────────────────────────────┐
│         Public Internet             │
└──────────────┬──────────────────────┘
               │
        ┌──────┴──────┐
        │  WAF + ALB  │
        └──────┬──────┘
               │
┌──────────────┴──────────────────────┐
│          Private VPC                 │
│  ┌─────────┐  ┌─────────┐           │
│  │   API   │  │  Worker │           │
│  │  Pods   │  │  Pods   │           │
│  └────┬────┘  └────┬────┘           │
│       │            │                 │
│  ┌────┴────────────┴────┐           │
│  │   Private Subnets    │           │
│  │  (No Internet Access)│           │
│  │  ┌────────────────┐  │           │
│  │  │    Database    │  │           │
│  │  └────────────────┘  │           │
│  └──────────────────────┘           │
└─────────────────────────────────────┘

Sensitive Data Handling

PII Classification

Data Type	Classification	Protection
Full Name	PII	Encrypted
Email	PII	Encrypted + Blind Index
Phone	PII	Encrypted + Blind Index
Date of Birth	Sensitive PII	Encrypted
National ID	Highly Sensitive	Encrypted, limited access
Address	PII	Encrypted

Data Minimization

We only store data necessary for KYC operations:

• ✅ Required for verification
• ✅ Required for audit compliance
• ❌ Marketing data
• ❌ Behavioral tracking
• ❌ Third-party sharing (without consent)

Access Controls

Role-Based Access

Role	Permissions
API User	Read/write via API only
Support	Read-only, no PII access
Admin	Full access with audit log
Security	Audit logs, no data access

Audit Logging

Every data access is logged:

{
  "timestamp": "2024-01-15T10:30:00Z",
  "actor": "api_key_hash",
  "action": "read",
  "resource": "identity",
  "resource_id": "hash_only",
  "ip_address": "192.168.1.1",
  "user_agent": "CircuitKYC-Python/1.0"
}

Data Deletion

User-Initiated Deletion

Users can request deletion via:

1. API: DELETE /api/v1/identity/{id}
2. Dashboard: Settings → Delete Data
3. Email: privacy@circuitkyc.com

Deletion Process

1. Soft delete - Data marked for deletion
2. Grace period - 30 days to recover
3. Hard delete - Data permanently removed
4. Backup purge - Removed from backups within 90 days

Right to Erasure (GDPR)

We comply with GDPR Article 17:

• Process deletion requests within 30 days
• Delete from all systems including backups
• Notify third parties of deletion
• Provide deletion confirmation

Incident Response

Data Breach Protocol

1. Detection - Automated monitoring + manual review
2. Containment - Isolate affected systems
3. Assessment - Determine scope and impact
4. Notification - Within 72 hours (GDPR)
5. Remediation - Fix vulnerability
6. Post-mortem - Prevent recurrence

Breach Notification

If a breach affects your data:

• Email notification within 72 hours
• Description of data affected
• Steps we're taking
• Recommended actions for you

Data Export

Export your data anytime:

curl -X POST https://api.circuitkyc.com/api/v1/data-export \
  -H "X-API-Key: sk_live_your_key" \
  -d '{"format": "json"}'

Exports include:

• All identity records
• Audit logs
• Credentials issued
• Billing history

Questions?

• Data Protection Officer: dpo@circuitkyc.com
• Privacy Policy: circuitkyc.com/privacy
• GDPR Requests: privacy@circuitkyc.com