Privacy

Privacy

Citopia leverages advanced cryptographic methods to give users and service providers control over their organizational data and personally identifiable information (PII) in compliance with cross-border data privacy regulations.

Citopia leverages advanced cryptographic methods to give users and service providers control over their organizational data and personally identifiable information (PII) in compliance with cross-border data privacy regulations.

Global Data Privacy Challenges

Global Data Privacy Challenges

Digital transactions today rely on identities issued by centralized platforms to prove their credentials. However, in addition to being vulnerable to fraud, identity theft, and data leaks, centralized approaches to identity management fail to address the trust problems created by the rise of decentralized digital services, IOT, and Generative AI.

As digitization progresses, it will become increasingly challenging — and costly — to verify data authenticity, secure digital perimeters, and ensure cross-border compliance with regulations like the General Data Protection Regulation (GDPR) and the Federal Zero Trust Mandate.

0%
% of online traffic originating from malicious bots in 2022
0T
Annual cost of cybercrime globally (USD)

How Does Citopia Protect Sensitive Consumer & Business Data?

How Does Citopia Protect Sensitive Consumer and Business Data?

Citopia leverages W3C-compliant Decentralized Identifiers (DIDs) and Verifiable Credentials (VCs), along with zero-knowledge proofs (ZKPs) and other pseudonymization techniques to ensure users’ PII and service providers’ organizational data is preserved.

Citopia does not store PII. Personal or organizational data is always stored in the respective Self-Sovereign Digital Twin™ (SSDT™) on the user’s or service provider’s device/server. Only the owner of the SSDT™ can access the data, which cannot be shared without permission. Citopia does not have access to SSDTs™. Through SSDTs™, users and providers can selectively disclose pertinent information at the moment of a transaction. Citopia processes/stores only the minimum amount of data (not PII) needed to execute a transaction. Read the full data privacy report to learn more

Benefits of Zero Trust

Benefits of Zero Trust

Citopia’s Zero Trust approach minimizes the potential for data breaches, provides greater visibility and transparency, and strengthens compliance by helping organizations meet regulatory requirements and industry standards for data protection.

Separation for Further Decentralization

Separation for Further Decentralization

Zero Trust is best achieved in a collaborative framework between two independent networks, with neither containing complete information about any users, trips, or transactions. Citopia is designed such that DIDs can be anchored in any W3C-compliant DIDs registry, such as the Integrated Trust Network (ITN). DIDs are the only things registered and stored on chains. All personal and competitive information is stored locally in the Self-Sovereign Digital Twin™ (SSDT™) and is controlled by the SSDT™ controller/owner, never by Citopia.

Blockchain has been called a “trust machine”, a technology for replacing trust services — including but not limited to authority, identity verification, assurance, and settlement — traditionally offered by centralized intermediaries. While almost anything can be put on a blockchain, sensitive personal and business information should not be put on-chain.

Using SSDTs™ with W3C DIDs anchored to blockchains in federated networks enables the best of both worlds, combining the transparency, data security, and tamper evidence of public blockchains with the speed, efficiency, and low cost of cloud data storage.

Preventing Data Correlation

Preventing Data Correlation

To prevent data correlation, transactions are processed as W3C Verifiable Credentials (VCs) on Citopia, while participants’ identifiers — W3C Decentralized Identifiers (DIDs) — are anchored and verified on the ITN. An entity may create multiple DIDs for separate functions to further reduce the risk of data correlation. DIDs are the only things registered and stored on chains — all personal and competitive information is stored locally in the SSDT™ and remains under the control of the owner.