Privacy Policy

Transaction Science, Inc. operates TrustOS. This policy describes how we handle identity data.

1. Data We Process

TrustOS handles authentication credentials, session tokens, policy decisions, and audit events. We process this data strictly to provide the Service. We do not sell personal data.

2. Encryption at Rest and in Transit

All customer data is encrypted at rest (AES-GCM) and in transit (TLS 1.3). Post-quantum key exchange (ML-KEM) is supported for customers who opt in.

3. Audit Logs

Audit logs are tamper-evident, append-only, and retained per customer configuration. Logs contain BLAKE3 hashes of events — no raw credential material.

4. Decentralized Identity

For customers using DID or Verifiable Credentials, the credential subject controls disclosure. TrustOS does not retain credential contents beyond what is necessary for verification.

5. GDPR, CCPA, and DSARs

Data subject access, deletion, and portability requests are supported via the admin API. Response within 30 days per regulation.

6. Contact

Privacy inquiries: [email protected]