Privacy Policy

Introduction

This Privacy Policy relates to data from your use of products and services from LivelyGig LLC ("we", "our", or "us"), including some of those branded under the Blocktrust and blocktrust.dev names. By using our products or services, you agree to the collection, use, and sharing of information in accordance with this policy.

Scope

More specifically, this policy relates to data from your use of the following products and services: Blocktrust Identity Wallet for Desktop Browsers; Blocktrust Mediator Service; and Blocktrust Website and Web Applications. The scope of this policy is limited to information collected or received by us through your use of these products and services. This policy does not apply to any third-party websites, products, or services, even if they are referenced from our products or services.

Data Collected

Your privacy is paramount. Below, we outline the specific types of data we may collect from our various products and services:

1. Blocktrust Identity Wallet for Desktop Browsers ("Extension")

Stored within the browser extension: The extension stores personal data and relationships among the following types of data:
a) a cryptographic hash of your password;
b) your application preferences, such as color theme;
c) a cryptographic seed phrase (essentially a master private key) and derived key-pairs;
d) decentralized identifiers (DIDs) and profiles;
e) contacts / connections with mediator services;
f) contacts / connections with other agents, including other wallets;
g) communications with other agents, including chat messages and credential-related exchanges;
h) verifiable credentials;
i) credential presentation requests and responses; and
j) other data related to your use of the extension.
This data is stored on your device using the chrome.storage API, and is protected by the browser and the extension to minimize its visibility beyond the extension's code. The Extension encrypts and stores data at rest with AES. We do not receive or store on our infrastructure any of this data unless you explicitly send it to us.

Stored in backup files you create: All of the extension data described above may be exported to a backup file, which can be stored on a device completely under your control, such as a removable USB drive.

Extension usage telemetry: If you permit (Opt In to) the collection of usage data, as you can indicate in the Extension during setup and adjust later via Preferences, the Extension may collect usage data until the time your Deny (Opt Out of) its collection. The usage data may include the following data from your use of user-facing features:
a) Client action telemetry, such as the time you open the extension, the time you close the extension, and the time you click on a button within the extension;
b) Client error telemetry, such as the time an error occurs within the extension, and the type of error that occurs;
c) Client performance telemetry, such as the time it takes to open the extension, the time it takes to close the extension, and the time it takes to perform certain actions within the extension;
d) Client usage telemetry, such as the time you spend on each page within the extension, the time you spend on each tab within the extension, and the time you spend on each button within the extension;
e) Client feature telemetry, such as the time you use each feature within the extension, the time you click on each button within the extension, and the time you click on each link within the extension;
f) Client environment telemetry, such as the type of browser you are using, the version of the browser, the operating system, and the version of the operating system;
g) Client extension telemetry, such as the version of the extension you are using;

Other data not collected: We do not collect, nor do we store any of the following data:
a) Browsing history;
b) Search history;
c) Information about websites you visit;
d) Information about how you use the internet;
e) Information about your interactions with websites; and
f) Information about your interactions with applications, including those on your device.

Extension permissions: The extension will prompt you to grant it permissions for a website prior to modifying any of its pages, as needed to enable integrations with it such as for authentication or signing of credentials. In addition, the extension declares and uses the following permissions listed below, for the reasons stated:
a) activeTab: to enable the extension to interact with the current web page you are viewing.
b) clipboardWrite: to enable the extension to copy data to your clipboard.
c) scripting: to enable the extension to inject content scripts into web pages. A content script is used to enable the extension's user interface to interact with the web page. Once a content script is injected into the web page's DOM, it has access to that and the JavaScript environment of the page.
d) storage: to enable the extension to store data in your browser's storage.
For more information about these permissions, please see the Chrome Extension documentation for Declare Permissions.

2. Blocktrust Mediator Service

Your use of the mediator service hosted at https://mediator.blocktrust.dev is an Opt-In choice. You may alternately specify another mediator service, including one you could host yourself.
The Blocktrust Mediator Service may collect the following data:

Agent Connections and Messages: When you connect your Extension to the Blocktrust Mediator service, the following data is stored on the mediator service:
a) A unique peer-DID your Extension provided for your connection between it and the Mediator Service;
b) A unique peer-DID the Mediator Service provided for your connection;
c) peer-encrypted messages from other agents, including other wallets, that are intended for you;
d) peer-encrypted messages from you that are intended for other agents, including other wallets.

Network telemetry: The Mediator Service may collect the following data for diagnostic purposes:
a) The IP address of the network you are using;
b) The location of the network you are using;
c) The times you send and retrieve messages via the Mediator Service;
d) The size of messages you send and retrieve via the Mediator Service;
This log data is stored in a database on the mediator service, and is protected by the service to minimize its visibility beyond the service's code.

3. Blocktrust.dev Website and Web Applications

Cookies: We may use cookies and other tracking technologies to collect and store your information. You can control the use of cookies through your browser settings.
Server and HTTP logs: These logs may include the following data:
a) The IP address of the network you are using; and
b) The location of the network you are using.
This log data is stored in databases or log files for the web application or hosting infrastructure. It is protected by the hosting services to minimize its visibility beyond the web application or hosting infrastructure.

4. For all Services

Azure Application Insights: This is a monitoring and diagnostics tool provided by Microsoft's Azure platform. It helps developers gain insights into their applications' operations and diagnose issues in live applications. While the specifics of what data gets collected depend on how Application Insights is configured and integrated, some commonly collected types of data include:
Request Data; Dependency Data; Exception Data; Page Views and Load Performance; Ajax Call Records; User and Session Counts and Metrics; Performance Counters; Custom Events and Metrics; Client and Device Data; Diagnostic Trace Logs; and IP Addresses.

Support Interactions: If you contact our support team, we may collect and store any information you provide, such as your name, email address, Discord handle, and the contents of your support request, including troubleshooting data and feedback.

Transmission of data: Any transmission of data occurs over a secure connection (e.g., HTTPS, WSS).

Use of Data

We may use the information we collect for the following purposes:
To provide and improve our extension: We use the information to provide the features and functionality of our extension, to troubleshoot and resolve issues, and to improve the overall user experience.
To respond to user requests: We use the information to respond to your inquiries, requests, and comments.
To protect our rights and interests: We use the information to protect our rights and interests, as well as the rights and interests of our users and any other person, as well as to enforce this Privacy Policy and our Terms of Use agreements.

Information Sharing

We may share your information with third parties in the following circumstances:
Service Providers: We may share your information with service providers who help with the operation of our extension, such as hosting providers and analytics providers.
Law Enforcement: We may share your information with law enforcement agencies if required by law or in response to a legal request.

We will not sell or publicly disclose your personal and private information, including authentication, payment, or financial information.

Limited Use Disclosure for Extension

1) We use your data exclusively to provide and improve the core functionalities.
2) We do not sell your data to third parties.
3) We do not use your data to display third-party advertisements.
4) We will not transfer your data to unrelated services or third parties, unless to comply with legal obligations or in case of a change of ownership where the successor adheres to the same commitments.
The use of information received from Google APIs will adhere to the Chrome Web Store User Data Policy, including the Limited Use requirements. For details, see Chrome's Limited Use Policy policy published on November 1, 2022.

Data Retention Statement

At LivelyGig LLC, we value the trust you place in us by sharing your personal data. We are committed to minimizing our data footprint and storing your data only as long as necessary to fulfill the purposes for which it was collected. While we work towards establishing a detailed data retention policy, please know that:
1) We will review and evaluate the necessity of data we store, ensuring it's kept only for the periods required to serve its intended purpose or to meet our legal, regulatory, and contractual obligations.
2) We are dedicated to implementing industry best practices regarding data retention and deletion.
3) As a principle, once the purpose for which the data was collected has been fulfilled, and there's no compelling reason to keep it, we take steps to securely remove or anonymize it from our systems.
4) We are in the process of setting specific retention periods for different data types, and once finalized, we will update this policy to reflect those details.

Should you have any concerns or queries about how we handle your data, please do not hesitate to contact us at support@livelygig.com.

User Rights

You have the following rights with respect to your information:
Opt-out: You have the right to opt-out of collection of usage data.
Access: You have the right to access the information we hold about you.
Update: You have the right to update your information if it is inaccurate or incomplete.
Delete: You have the right to request the deletion of your information.

To exercise these rights, please contact us at support@livelygig.com.

Security Practices

We take reasonable measures to protect your information from unauthorized access, disclosure, or alteration. However, no method of transmission over the internet or electronic storage is 100% secure, so we cannot guarantee its absolute security.

Changes to the Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the updated Privacy Policy in our products and services. The latest version of the Privacy Policy is also available at https://identitywallet.blocktrust.dev/about/privacy. Your continued use of our products or services after the posting of the updated Privacy Policy will constitute your acceptance of the changes.

Contact Information

If you have any questions or concerns about this Privacy Policy, please contact us at support@livelygig.com.

This Privacy Policy is effective as of 2023-09-20.