Compliance

GDPR Compliance

How PROOF Protocol balances blockchain immutability with European data protection rights.

Legal Entity & Data Controller

Company Name: Yet Another Artificial Intelligence Company (SARL-S)

Legal Structure: SARL-S (Société à Responsabilité Limitée Simplifiée)

Registered Address: 15 Avenue Dr Klein, 5630 Mondorf-les-Bains, Luxembourg

Website: yet.lu

GDPR Contact: gdpr@yet.lu

General Email: ask@yet.lu

Phone: +352 621 436 580

The Blockchain vs. GDPR Challenge

GDPR gives EU citizens the "right to be forgotten" (right to erasure), but blockchain records are intentionally immutable. This creates a challenge: how can financial institutions use blockchain for MiFID II compliance while respecting GDPR?

PROOF Protocol solves this through a hybrid approach: immutable hashes on-chain, erasable data off-chain.

How PROOF Protocol Complies with GDPR

1. Privacy by Design

Three privacy levels allow you to choose appropriate data protection:

  • PUBLIC: No personal data, only business metadata
  • PRIVATE: Personal data encrypted before storage
  • SHARED: Granular access controls for multi-party data

2. Right to Erasure

When a user requests data deletion:

  • IPFS data (containing personal information) is removed
  • Encryption keys are destroyed, making encrypted data unreadable
  • Only the cryptographic hash remains on-chain (no personal data)

This satisfies GDPR because the hash alone cannot identify an individual and serves only as a compliance audit trail.

3. Right to Access

Users can request a complete export of all their personal data stored through PROOF Protocol. We provide structured data exports in common formats (JSON, CSV, PDF).

4. Data Portability

All compliance records can be exported in machine-readable formats. Users own their encryption keys and can decrypt their data at any time.

Legal Basis for Processing

MiFID II Records

Legal basis: Compliance with legal obligation (GDPR Art. 6(1)(c)) - MiFID II requires 7-year record retention.

Beta Signup Data

Legal basis: Consent (GDPR Art. 6(1)(a)) - You voluntarily provide information to join our beta program.

Analytics Data

Legal basis: Legitimate interests (GDPR Art. 6(1)(f)) - We use analytics to improve our services. You can opt-out via browser settings.

Data Processing

Data Controller

Your organization (the financial institution) is the data controller for compliance records. PROOF Protocol acts as a data processor.

Data Processors

We use the following EU-compliant processors:

  • AWS SES (eu-central-1): Email delivery
  • IPFS: Decentralized file storage (encrypted)
  • Polygon: Blockchain network (hashes only, no personal data)

Data Transfers

All personal data is processed within the EU. Blockchain networks are decentralized globally, but only contain cryptographic hashes, not personal data.

Your GDPR Rights

Right to Access

Request a copy of your personal data

Right to Rectification

Correct inaccurate personal data

Right to Erasure

Request deletion of your data

Right to Restriction

Limit how we use your data

Right to Portability

Receive your data in a portable format

Right to Object

Object to certain types of processing

To exercise any of these rights, contact:

Data Protection Officer: gdpr@yet.lu

General inquiries: proof@yet.lu

Phone: +352 621 436 580

Postal Address:
Yet Another Artificial Intelligence Company (SARL-S)
15 Avenue Dr Klein
5630 Mondorf-les-Bains
Luxembourg

Questions About GDPR Compliance?

Our team can help you understand how PROOF Protocol ensures both MiFID II and GDPR compliance.

Contact UsView Privacy Policy