IOST 3.0 | Documentation

Appearance

Signet Ring Privacy Policy

Introduction

IOST Foundation ("we", "us") respects your privacy and provides this Privacy Policy (the "policy") to inform you about the personal information we may collect from you or that you may provide when you visit our Websites, use the IOST Signet Ring, and our treatment of and practices related to collecting, using, and disclosing personal information.

As used in this policy, "personal information" relates to information that identifies, relates to, describes, or could reasonably be linked with an identifiable natural person. This policy applies to personal information we collect:

  • On our Websites
  • Through the IOST Signet Ring device and identity verification layer
  • In Telegram, Discord, and other electronic communications between you and us
  • Through mobile and desktop applications you download from our Websites, which provides dedicated non-browser-based interaction between you and our Websites

Please read this policy carefully to understand our policies and practices regarding your personal information and how we will treat it. By accessing or using our Websites and Signet Ring services, you consent to this policy and our Terms of Service.

Information We Collect About You and How We Collect It

We may collect the following categories of personal information from and about users of our Websites and Signet Ring:

  • Identifiers: such as wallet addresses, e-mail address, social media username, or other identifying information.
  • Biometric Information: including cardiac signatures collected through optical PPG sensors, heart rate variability (HRV) patterns, blood oxygen levels (SpO2), movement patterns via accelerometer, and sleep signatures for identity verification purposes.
  • Device Information: such as internet protocol (IP) address, web browser type, operating system version, phone carrier and manufacturer, application installations, device identifiers, mobile advertising identifiers, and Signet Ring device identifiers including firmware version and sensor calibration data.
  • Usage data: such as internet or other electronic network activity information including, but not limited to, browsing history, search history, and information regarding a consumer's interaction with an internet website, application, advertisement, and Signet Ring authentication events.
  • Profiles and inferences: inferences drawn from any of the information identified above to create a profile reflecting your preferences, behavior, attitudes, abilities, or unique biometric identity patterns.
  • Commercial information: including records of services rendered, purchased, obtained, or considered, or other purchasing or use histories or tendencies, including RWA tokenization activities.
  • Blockchain information: such as wallet information across multiple chains, account balances, on-chain transaction information, IOST Layer 2 interactions, and Decentralized Identity (D-ID) credentials. Although this information may not be considered personal information on its own, we may combine it with personal information collected from our Websites and/or services.

We collect this information:

  • Directly from you when you provide it to us
  • Automatically as you navigate through the site and use the Signet Ring
  • Automatically through the Signet Ring's continuous biometric monitoring for Proof of Heartbeat validation
  • From third parties, such as our service providers, business partners, and the StressWatch verification network

Information You Provide to Us

The information we may ask you to provide and that we will collect may include:

  • Information that you provide by filling in forms or signing up for any activity on our Websites, including biometric enrollment for the Signet Ring
  • Records and copies of your correspondence (including email addresses), if you contact us
  • Your responses to any activity that we might ask you to complete for research purposes
  • Details of transactions you carry out through our Websites and identity verification layer
  • KYC/AML verification information as required for RWA access

You also may provide information to be published or displayed (hereinafter, "posted") on public areas of the Websites, or transmitted to other users of the Websites or third parties (collectively, "User Contributions"). Your User Contributions are posted on and transmitted to others at your own risk. Although we limit access to certain pages/you may set certain privacy settings for such information by logging into your account profile, please be aware that no security measures are perfect or impenetrable. Additionally, we cannot control the actions of other users of the Websites with whom you may choose to share your User Contributions. Therefore, we cannot and do not guarantee that your User Contributions will not be viewed by unauthorized persons.

Information We Collect Through Automatic Data Collection Technologies

As you navigate through and interact with our Websites and use the Signet Ring, we may use automatic data collection technologies to collect certain information about your equipment, browsing actions, patterns, and biometric signatures, including:

  • Details of your visits to our Websites, including traffic and usage data, location data, logs, and data about the pages and areas that you access and interact with on the Websites
  • Information about your computer and internet connection, including your IP address, operating system, and browser type
  • Continuous biometric data from the Signet Ring for identity verification and authentication
  • Cross-platform D-ID authentication events and multi-chain transaction patterns

We also may use these technologies to collect information about your online activities over time and across third-party websites or other online services (behavioral tracking).

The personal information we collect automatically is aggregated statistical data and does not include personal information, but we may maintain it or associate it with personal information we collect in other ways or receive from third parties. It helps us to improve our Websites and to deliver a better and more personalized service, including by enabling us to:

  • Estimate our audience size and usage patterns
  • Store information about your preferences, allowing us to customize our Websites according to your individual interests
  • Speed up your searches
  • Remember your preferences while you use our Websites
  • Maintain secure identity verification across platforms
  • Prevent Sybil attacks and ensure one-person-one-identity

The technologies we use for this automatic data collection may include:

Cookies: A cookie is a small file placed on the hard drive of your computer. You may refuse to accept browser cookies by activating the appropriate setting on your browser. However, if you select this setting you may be unable to access certain parts of our Websites. Unless you have adjusted your browser setting so that it will refuse cookies, our system will issue cookies when you direct your browser to our Websites.

Performance and Analytics Cookies: These cookies allow us to count visits and traffic sources, through various third parties, so we can measure and improve the performance of our Websites. These enable us to collect information about how you use our Websites or read our publications, for instance which pages are viewed by visitors most frequently and how users interact with each of our Websites. This information is used to compile reports to improve the respective site, including reports on the number of visitors to the Websites, where the visitors are located, marketing and referrals, and what pages the users visit on our Websites. All information these cookies collect is aggregated and is not associated with an identifiable individual. If you do not allow these cookies, we will not know when you have visited our Websites and will not be able to monitor site performance.

Web Beacons: Pages of our Websites and our e-mails may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit us, for example, to count users who have visited those pages or opened an email and for other related website statistics (for example, recording the popularity of certain website content and verifying system and server integrity).

Pixel Tags: Pixel tags are tiny graphic images with a unique identifier, similar in function to cookies, that are used to track online movements of web users. In contrast to cookies, which are stored on a computer's hard drive or web browser, pixel tags are embedded invisibly in web pages. Pixel tags are often used in combination with cookies, to trigger the placing of cookies, and/or to transmit information to us or our vendors or partners. This enables two websites to share information. The resulting connection can include information such as a device's IP address, the time a person viewed the pixel, an identifier associated with a browser or device, the type of browser being used, and the URL of the web page from which the pixel was viewed. Pixel tags also allow us to send email messages in a format that users can read, tell us whether emails have been opened, and help to ensure we are sending only messages that may be of interest to our consumers.

Biometric Sensors: The Signet Ring uses medical-grade optical PPG sensors and precision accelerometers to collect biometric data. This data is processed using proprietary algorithms with military-grade encryption to generate tamper-proof digital credentials.

Most browsers automatically accept cookies, but you may be able to control the way in which your devices permit the use of cookies, web beacons/clear gifs, and other automatic data collection technologies. If you so choose, you may block or delete our cookies from your browser; however, blocking or deleting cookies may cause some Website features and general functionality to work incorrectly.

How We Use Your Information

We use personal information that we collect about you or that you provide to us, including any personal information:

  • To provide our Websites and its contents to you
  • To provide you with information, products, or services that you request from us
  • To fulfill any other purpose for which you provide it
  • To provide you with notices about your account
  • To carry out our obligations and enforce our rights arising from any contracts entered into between you and us
  • To notify you about changes to our Websites or any products or services we offer or provide though it
  • For other purpose we may disclose when you provide the personal information
  • To analyze user's blockchain activity and transaction information to improve our services and Websites
  • To generate and maintain your unique Proof of Heartbeat identity
  • To authenticate transactions across our multi-chain RWA infrastructure
  • To prevent manipulation and ensure accountability through identity verification
  • To meet regulatory KYC/AML requirements while maintaining privacy
  • To enable secure access to tokenized real-world assets
  • To distinguish genuine human participation from automated activities
  • For any other purpose with your consent

We may use the information we have collected from you to enable us to display advertisements to our advertisers' target audiences. Even though we do not disclose your personal information for these purposes without your consent, if you click on or otherwise interact with an advertisement, the advertiser may assume that you meet its target criteria.

Disclosure of Your Information

We may disclose aggregated information about our users, and information that does not identify any individual, without restriction.

We may disclose personal information that we collect or you provide as described in this policy:

  • To our subsidiaries and affiliates
  • To contractors, service providers, and other third parties we use to support our business and who are bound by contractual obligations to keep personal information confidential and use it only for the purposes for which we disclose it to them, including the StressWatch verification network for HRV analysis
  • To a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by us about our Websites users is among the assets transferred
  • To fulfill the purpose for which you provide it. For example, if you give us an email address to sign up for our newsletter, we may transmit your email address to our third-party service provider that sends the newsletter on our behalf
  • For any other purpose disclosed by us when you provide the personal information
  • With your consent

We may also disclose your personal information:

  • To comply with any court order, law, or legal process, including responding to any government or regulatory request
  • To enforce or apply our Terms of Service and other agreements, including for billing and collection purposes
  • If we believe disclosure is necessary or appropriate to protect the rights, property, or safety of us, our customers, or others. This includes exchanging information with other companies and organizations for the purposes of conducting background checks, complying with Know Your Customer and anti-money laundering laws, fraud protection, and credit risk reduction

Important Note: We will never share your raw biometric data with third parties. Only processed cryptographic credentials and proofs necessary for identity verification are shared.

Data Security

We have implemented measures designed to secure your personal information from accidental loss and from unauthorized access, use, alteration, and disclosure.

For biometric data specifically, we employ:

  • Military-grade encryption for all biometric data storage and transmission
  • Local processing of raw biometric data on the Signet Ring device
  • Tamper-proof credential generation using proprietary algorithms
  • Secure element storage within the Signet Ring
  • Zero-knowledge proof implementations where applicable

Unfortunately, the transmission of personal information via the internet is not completely secure. Although we do our best to protect your personal information, we cannot guarantee the security of your personal information transmitted to our Websites. Any transmission of personal information is at your own risk.

Special Provisions for Biometric Data

  • Biometric data collection requires your explicit opt-in consent
  • You may withdraw consent for biometric processing at any time
  • You have the right to request deletion of your biometric templates
  • You can export your D-ID credentials for use on other platforms

Data Retention

  • Biometric templates are retained only while your account remains active
  • Upon account deletion, biometric data is removed within 90 days
  • Blockchain records remain immutable per distributed ledger design
  • Transaction history maintained per applicable regulatory requirements

Medical Disclaimer

The Signet Ring collects physiological data solely for identity verification purposes and is not a medical device. Data should not be used for health monitoring or medical purposes.

Children Under the Age of 18

Our Websites and Signet Ring services are not intended for children under 18 years of age. No one under age 18 may provide any personal information to or on the Websites or use the Signet Ring. We do not knowingly collect personal information, including biometric data, from children under 18. If you are under 18, do not use or provide any information on our Websites, or provide any information about yourself to us, including your name, address, telephone number, email address, or any screen name or username you may use. If we learn we have collected or received personal information from a child under 18, we will delete that information. If you believe we might have any information from or about a child under 18, please contact us at [email protected].

Contact Information

To ask questions or comment about this privacy policy and our privacy practices, contact us at:

Email: [email protected]
Data Protection Officer: [email protected]

IOST Foundation
Unlocking Real-World Assets on IOST 3.0
The first multi-chain RWA infrastructure

Released under the MIT License.

Copyright © 2025-present IOST