Status Docs

Status Privacy Policy

The goal of Status is widespread adoption of the decentralized web. Our challenge is achieving mass adoption while staying true to our Principles, which include privacy and transparency.

We believe privacy is the power to selectively reveal oneself to the world. For us, it’s essential to protect privacy in both communications and transactions, as well as being a pseudo-anonymous platform.

Guided by our principles, Status is designed to protect your privacy and process as little personal data as possible for the network to thrive; Status enables pseudo anonymity, strives to provide the right of total anonymity, and offers ways to selectively reveal oneself to the world.

In this Privacy Policy, we explain how Status strives to only request data that’s useful and required, not to hold that data longer than necessary, and to give you as much control as possible over your data.

Who we are

Whenever “Status” or “we” is used in this Privacy Policy, we’re referring to Status Research & Development GmbH, a Swiss company. Our contact information can be found on our website and at the end of this Privacy Policy.

Some of our products and services include:

  • The Status Network is an open set of projects building peer-to-peer technologies for people to transact securely, communicate freely, and organize with confidence. Together, anyone participating in the Status Network helps to build financial and social technology that empowers people to advance their own sovereign communities.

  • Status provides a secure messaging app, crypto wallet, and Web3 browser, built with state of the art technology, integrated into one powerful super app. These and any other Status services available through the application are simply called the Status app. The Status app connects users to the Ethereum blockchain.

  • The Status app utilizes a peer-to-peer network that doesn’t rely on any centralized servers from which communication can be blocked. Instead, the Status app uses a distributed network of nodes connected to the Waku peer-to-peer network. Learn more about Waku here.

  • Keycard is hardware wallet that you can use with your Status app. It provides a higher level of security and ownership to Status users’ private keys.

You can find more information about Status products and services on our website.

Our role in your privacy

If you’re a user of any Status product or service, or just visiting our website, this Privacy Policy applies to you.

When Status collects and processes personal data for our own purposes(which we don’t do often), such as to support your use of the Status app and offer you rewards under our Referral Program, Status acts as the ‘data controller’ of information. This means we determine how and why your data are processed.

You can exchange messages with other users through the Status app. In these situations, Status acts as the ‘data processor’ of information provided by you. This means we process these data strictly on your behalf, as a Status app user, and we will never process the data for our own purposes.

Personal data means all information by which a person can be directly or indirectly identified, in line with the definitions of the General Data Protection Regulation (GDPR), the Swiss Federal Act on Data Protection of June 19, 1992 (DPA) and its ordinances, and other relevant legislation on the protection of personal data. When we refer to privacy legislation in this Privacy Policy, we mean GDPR and all such relevant legislation.

How and why we use your data

Under relevant privacy legislation, Status can only use your data for certain reasons and where we have a legal basis to do so. Beyond the law, it’s our policy to store and process only those data that are essential to provide you with the best possible service. Status won’t process or store any data that we don’t need, and we only store personal data for the least amount of time needed for these purposes.

Here are the reasons why we process your data:

Ethereum is a public blockchain

Ethereum is the community-run technology powering the cryptocurrency ether (ETH) and thousands of decentralized applications (DApps). The Status app provides a mobile portal and streamlined access to Ethereum’s growing ecosystem of decentralized applications.

The Ethereum public network is accessible to anyone in the world with an internet connection. Anyone can read or create transactions on a public blockchain and validate the transactions being executed. Therefore, information you share on the Ethereum blockchain is public.

Ethereum Name Service (ENS) allows Ethereum addresses to be replaced by custom text-based names. Anyone can register a stateofus.eth username by staking the required Status Network Tokens (SNT) from within the profile tab on the Status app. When you register an ENS name with a given wallet address, that address becomes associated with the username, reducing the privacy of that account.

Data processed in connection with your Ethereum account:


Personal Data Purpose(s) Legal basis Stored
Ethereum account information:

- Ethereum address, transaction history, tokens, and amounts

- Registered ENS name (if applicable) and other data stored on the blockchain via your Ethereum account
To allow you to access details of your Ethereum account using the Status app Consent and Legitimate Interest:

- Necessary to perform our contract with you; for example, this data is necessary if you use your Ethereum account on the Status app

- You give your consent by sharing information on a public blockchain
Immutable

Keeping the Status app running

Status doesn’t process much personal data because we want your data to be as private as possible. However, there are some situations when we have to process some data in order for our products and services to work properly, including the Status app.

Data processed for the technical functioning of the Status app:


Personal Data Purpose(s) Legal basis Stored
Peer ID To prevent excessive data traffic from the same IP-address through rate limiting,
in order to ensure the network
isn’t overloaded and remains operational
Legitimate Interest:
Necessary to prevent the network
from being overloaded
30 days

Offering secure, private messaging

When you generate an account, your private keys are generated (public and private keys) and stored locally on your own device. This means that Status doesn’t know which keys belong to you and doesn’t process any personal data in this respect. You’ll then be given display name options to choose from (derived from this key pair). Your display name will only be shared if you choose to share your display name by chatting with Status or other users.

Within the Status app, you can create a list of trusted contacts based on the chat keys you choose to trust. Your trusted contacts are stored locally on your own device. This means Status has no access to your contact list and doesn’t process any personal data in this respect.

With regard to messages on the Status app, Status acts as a data processor. On the Status app, you can exchange messages with other users, including photos and audio messages. Only the recipient of a message can decrypt the message by opening it on their own device. This means that Status can never access any user messages in private chats.

These messages aren’t stored on a central server, but are only temporarily stored in history nodes within the Status Network. The history nodes are maintained by Status for your convenience. You can choose not to use these history nodes and run your own node instead, or only collect messages directly on your device.

Status stores encrypted messages in temporary history nodes for 30 days. If the message hasn’t been retrieved by the recipient within 30 days, the message will be deleted.

Paying you referral rewards

Status offers a Referral Program that allows you (the Referrer) and the person you (the Recipient) invite to earn Status Network Tokens (SNT), and potentially other partner tokens, for installing and onboarding to the Status app. (The Referral Program isn’t offered in the USA or any Singapore Embargoed Country.)

Data processed through the Status Referral Program:


Personal Data Purpose(s) Legal basis Stored
Information about Referrer:

- Referral code connected to Referrer’s Ethereum address

Information about Recipient:

- IP-address (hashed)

- Ethereum address
We use these data to:

- Grant tokens to the Ethereum address (connected to the referral code)

- Prevent fraud, such as rejecting duplicate referral codes from the same Recipient IP-address

- Check if the IP-address is sourced from a restricted country, and if so, block the release of tokens.
Consent and Legitimate Interest:

- Necessary to execute our Referral Program and grant rewards, prevent fraud, and prevent registration by IP-addresses sourced from a restricted country

- By participating in the Referral Program, you consent to the program terms and conditions
7 days

Marketing purposes

Advertisers may sometimes market the Status app online and offline. For example, affiliate marketers, influencers, and participants in the Referral Program might track interest of potential new users. In these cases, advertisers may process personal data. Status doesn’t receive any of these personal data.

Status only receives and processes the following from advertisers:


Personal Data Purpose(s) Legal basis Stored
Data collected on referral URLs created by Status:
ClickIDs

- Attribution of ClickID to referral code

- IP address (hashed, in case of attribution)
We use these data to:

- Establish rewards

- Review effectiveness of advertisers

- Track advertisement conversions
Legitimate Interest:

- Necessary to perform our contract with you, such as execute our Referral Program and grant tokens

- To review the effectiveness of advertisers
30 days

Data processed through external (social media) pages:


Personal Data Purpose(s) Legal basis Stored
- Information you make public
when you leave a comment or
otherwise post something on
our external (social media) pages

- For example, Status has pages on
the following (social media) platforms:
Facebook, Twitter, Instagram, YouTube,
Reddit, GitHub, Discuss and Discord
We use these data to:

- Contact you via our (social media) pages

- Process your input and/or feedback
left on our (social media) pages

We will explicitly not gather
any more information about you
or link your social media account
to your chat name, ENS name, or IP-address.
Legitimate Interest:

- Necessary to get in touch with you regarding your message

- Process your input, respond to feedback

Our external (social media) pages are also controlled by
the platform itself.
Please check the social media privacy policies,
to see how each platform handles your personal data.
As long as your message
is available on the pages concerned,
in accordance with the page’s privacy policy,
or until you delete the message

Community support

Status is an open source project made by people all over the world. We have many ways to stay in touch, including via email and through the Status app itself.

Data processed when you contact us:


Personal Data Purpose(s) Legal basis Stored
- Your chat name or ENS name and
all (personal) data you share with us
in your message on the Status app

- Your email address when you send us an email

Please note: as a rule, your chat name
is generated on your own devices.
Your chat name will only be
shared with Status or other users if you chat.
We use these data to:
Contact you about your message
Provide you information and/or support.
Consent and Legitimate Interest :

- Necessary to contact you about
your message to provide you
the support you requested

- You give your consent
to being contacted by reaching out to us
As long as needed to resolve your concern

Our Core Contributor Privacy Policy can be found here.

How we work with third party processors

Status won’t share your personal data with third parties.

However, Status may engage (sub) processors that we trust to carry out the processing of personal data on our behalf. We only provide personal data to (sub) processors when necessary for them to execute the services they provide to us. We’ve established contractual agreements with all our (sub) processors ensuring that they may only process the personal data collected and processed by us within the scope of the contractual agreement and under no circumstances for other purposes.

As Data Controller: Status may use (sub) processors to assist us in our services provided as data controller. Our use of processors is under contractual agreement and in accordance with privacy legislation.

As Data Processor: Status may also use sub-processors to assist us in our services. Sub-processors receive personal data from us which they process by our order, in accordance with your instruction, as laid out in the contractual agreement between you and Status. Our use of sub-processors is under contractual agreement and in accordance with privacy legislation.

We use the following external services and tools: Infura, Inc. (to collect and send your Ethereum data), Etherscan (to allow users to search the Ethereum blockchain for transactions, addresses, tokens, prices, and other activities), CryptoCompare (to obtain current fiat value), and services others use to host ERC721 content (including collectibles such as Cryptokitties).

Exporting data outside the European Union

Status may transmit personal data to parties outside the European Union, if one of our (sub) processors is established outside the European Union. Personal data will only be processed in countries or by parties that provide an adequate level of protection in accordance with European standards. The transmission of data outside the European Union will always happen in conformity with privacy legislation.

We’re serious about data security

Status protects the personal data we process from unauthorized and unlawful access, change, disclosure, use, and destruction. For example, we take the following technical and organizational security:

  • We encrypt many of our services using SSL and other security measures.

  • We review our information collection, storage, and processing practices, from time to time, to guard our systems against unauthorized access.

  • We restrict access to personal data to our contributors and all other parties we work with on a need-to-know basis, subject to strict contractual confidentiality obligations.

  • We perform periodic internal security audits.


Learn more about how seriously we protect your data by reading our Security Protocol.

A quick bite on cookies

No cookies are needed to use the Status app secure messaging feature and crypto wallet. So we don’t use them for those services. However, cookies are necessary for the technical operation of our website and Web3 browser (for DApps). When we have to use cookies, we choose cookies that don’t hold any user-specific information and are essential for the operation of the product or service.

This Privacy Policy might change

We might modify or replace any part of this Privacy Policy. Please check our website periodically for any changes. The new Privacy Policy will be effective immediately upon posting to our website, but if we change our Privacy Policy significantly, we will inform you through the Status app.

Your choices and rights

As explained throughout this Privacy Policy, Status collects very little information about our users. As a result, it might be difficult to verify whether a request regarding privacy rights has actually been submitted by the person concerned. We therefore encourage you to delete your personal data by uninstalling the Status app. Note that this doesn’t remove Ethereum account information, which has a history on the Ethereum blockchain.

  • As laid out in relevant privacy legislation, you have the right to:

  • Ask us to correct or update your personal data (where possible);

  • Ask us to remove your personal data from our systems;

  • Ask us for a copy of your Data processed, which may also be transferred to another data controller at your request;
    Withdraw your consent to process your personal data (only if consent was asked for a processing activity), which only affects processing activities that are based on your consent and doesn’t affect the validity of such processing activities before you have withdrawn your consent;

  • Object to the processing of your personal data;

  • File a complaint with the Federal Data Protection and Information Commissioner (FDPIC), if you believe that your personal data has been processed unlawfully.

Status Research & Development GmbH
Baarerstrasse 10
6302 Zug
Switzerland

You can message us directly in the Status app using the public chat channel #support. Keep in mind, any information shared in the public chat won’t be private. To contact us privately, please email us at support@status.im.

This document is CC-BY-SA.

Last update: 2021-05-13