TL;dr – you decide what you share and the team is committed to data privacy!
The team behind SW Chain is committed to data privacy. We aim to minimize the data we collect, and will share none of it without your explicit consent, and we want the data to remain in your control.
Our data is physically located in Finland, and is as such governed by the EU Data Privacy laws (GDPR), but we want to go way beyond the official GDPR regulation.
We promise to never sell or otherwise profit from your personal data
What is the minimum data collected per user?
The minimum data you will need to provide to get a Chain Code issued is:
- Your chosen password (Will never be disclosed and is only used on our site. In addition we will only store a hash of the password, making it unreadable even to us)
- An email we can use to validate your account and provide you service information. (100% non-commercial, apart from password reset emails or critical service information we have no intention of using this for anything)
What about any other data you collect?
When you create your chaincode profile there is a lot of extra data you can CHOOSE to enter. This is stuff like:
- Display name (You can use your real name here, an alias or “Anonymous” – and you can change it anytime)
- TTT Name
- Which of the Star Wars games and gamemodes do you play
- Communities you are part of
.. and more.
For each of these datapoints you can decide whether that data is publically available to anyone that knows your chaincode, or if it’s only shared with your explicit consent. (edited)
What about the ChainCode itself: can it track me?
The ChainCode itself – your “username” if you will – is not in itself secret. We want you to be able to use your chaincode as a unique identifier for you as a player. You can freely share this with anyone. There is no data embedded into the actual Chaincode itself – it is just random letters that is unique to you.
Nobody can look up any data about you that you have not marked as publically available or otherwise explicitly consented to sharing with a specific 3rd party. (See below)
Do you share my data?
A part of the Chaincode initiative is to allow you to quickly share data with a trusted 3rd party in a way where you maintain control over who gets access to what. The exact details on how this is done is still being worked on, but we can promise you that the process will require you to explicitely allow each individual party to get your information, and you will be able to control, for each party, which specific datapoints you want to share. So if you, for example, want to sign up for a tournament you can do that by simply typing your chaincode along with a special chaintoken you have created to allow that specific 3rd party to ask for your TTT-name and your discord-handle. You can rescind the permission at any time. There will be more information on this feature coming once we have it finalized, but this will be based on Privacy by Design principles – and we promise to NEVER share your non-public information without your consent.
But what about security?
Any Privacy goal is only as good as the cybersecurity that protects it. While we are not cybersecurity experts, the Chainhub tech team does have experience working in industries with substantial cybersecurity.
Our overall approach to security can be summed up with:
- Minimizing the amount of people that have direct access to user data and to the servers in general
- Maintaining good digital security on our servers, incl. a “blocked-by-default” approach to firewall and other network confirguration
- All traffic is encrypted while in transit