LEGAL · PRIVACY CH · STIFTUNG · ZUG

Privacy
Policy

VERSION 4.26.0

LAST UPDATED: APRIL 2026

01

Introduction

The DeliveryTag Protocol Foundation ("we", "us", "Foundation"), a Swiss non-profit entity based in Zug, operates as the primary maintainer of the DeliveryTag decentralized logistics verification protocol. We are committed to maintaining the highest standards of data protection in alignment with the Swiss Federal Act on Data Protection (FADP) and, where applicable, the EU General Data Protection Regulation (GDPR).

This protocol document outlines how we process data across our ecosystem, including the DeliveryTag core network, our hardware PIN integration, and the Hedera public ledger interface.

02

Data We Collect

TYPE_A

Protocol Data

  • • Wallet Addresses
  • • Hashgraph TX IDs
  • • Hardware Serial IDs
  • • Epoch Timestamps
TYPE_B

Operational Data

  • • Node Operator Email
  • • Server Telemetry
  • • API Access Logs
  • • Uptime Heartbeats
TYPE_C

Website Data

  • • Browser Agent
  • • Referrer Strings
  • • Locale Prefs
  • • Cookie Identifiers
03

Legal Basis

Our processing of your personal data is based on the following legal pillars:

  • contract
    Contractual Necessity To facilitate node operations and ensure protocol integrity as per the Node Operator Agreement.
  • verified_user
    Legal Obligation Compliance with Swiss financial and non-profit regulatory requirements (AML/KYC where applicable).
04

Data Processing

Processing occurs via the Hedera Hashgraph consensus service. While metadata is encrypted on-chain using Post-Quantum Cryptography (PQC), certain immutable identifiers may persist on the ledger. This processing is surgical: only the minimum data required for consensus is hashed and transmitted.

05

Data Retention

On-Chain State

IMMUTABLE / PERPETUAL

Operational Logs

90 DAYS (ROLLING)

06

International Transfers

As a decentralized protocol, data submitted to the network is distributed across global validator nodes. For our foundation-managed infrastructure, data is strictly stored in Switzerland and the European Economic Area (EEA). Transfers to third countries only occur where adequate protection levels are guaranteed by the FADP.

07

Your Rights

R.01 Right to Access (Art. 25 FADP)
R.02 Right to Rectification
R.03 Right to Data Portability
R.04 Right to Erasure (Off-chain only)
08

Security Infrastructure

Foundation security stack
PQC · Hedera · ZK

The Foundation employs industry-leading security protocols:

  • Post-Quantum Cryptography (PQC): All foundation-managed database layers are protected against future quantum computing threats.
  • PIN Hardware Isolation: Interaction with DeliveryTag hardware uses physical Secure Elements (SE) to prevent key leakage.
  • Zero-Knowledge Evidence: Where possible, we utilize ZK-proofs to verify state without exposing underlying sensitive data.
09

Third Parties

Entity Role Jurisdiction
Hedera Hashgraph Public Ledger Layer Global/Decentralized
Infomaniak Cloud Hosting Switzerland
GitHub Inc. Code Repository USA (SCCs applied)
10

Protocol Changes

We reserve the right to modify this "Surgical Policy" at any time. Major revisions will be broadcasted via the DeliveryTag Governance portal and recorded as an on-chain event. Continued use of the protocol after modifications constitutes acceptance of the updated terms.

11

Contact & Registry

For Data Protection Officer (DPO) inquiries or to exercise your rights:

mail legal@deliverytag.org
corporate_fare CHE-284.103.491 (Commercial Registry of Zug)
security OpenPGP Key: 0x92AF3... (Available on Keybase)