Maenada is a credential issuance and verification platform built on the principle that personal data should never accumulate where it is not needed. This Privacy Policy describes what information we collect, why we collect it, and how we protect it. Where technically possible, we operate in a manner that ensures no personal data is processed beyond what is strictly necessary for the service requested.
By using our platform, you acknowledge that you have read and understood this policy. If you do not agree with any part of it, you should discontinue use of our services and contact us at the address listed below.
We collect only the information necessary to operate the Maenada platform. This includes account registration data such as name and email address, technical identifiers required for credential issuance and verification workflows, and operational metadata such as session logs and API access records necessary for security and compliance purposes.
We do not collect sensitive personal attributes such as biometric data, financial records, or health information, unless explicitly required by a specific issuance workflow authorised by your organisation. In such cases, the data is processed under a separate data processing agreement and subject to enhanced safeguards.
All personal data processed by Maenada is handled on one of the following legal bases under the General Data Protection Regulation (GDPR): performance of a contract, compliance with a legal obligation, or our legitimate interest in providing secure and reliable identity infrastructure. Where consent is the basis, it is collected explicitly and can be withdrawn at any time without affecting the lawfulness of prior processing.
Maenada operates as both a data controller for platform account data and a data processor for credential data processed on behalf of your organisation. The distinction is described in detail in our Data Processing Agreement, available upon request.
We retain personal data only for as long as necessary to fulfil the purpose for which it was collected, or as required by applicable law. Account data is retained for the duration of the contractual relationship and deleted within 30 days of account termination. Credential metadata and audit logs are retained for a period of 12 months by default, configurable per deployment under enterprise agreements.
Verifiable credential content is never stored by Maenada after issuance unless explicitly configured as part of a revocation registry. Even in that case, only the minimum data required to support revocation status checks is retained.
Under the GDPR and applicable data protection legislation, you have the right to access personal data we hold about you, to request correction of inaccurate data, to request erasure where processing is no longer justified, and to object to or restrict certain types of processing. You also have the right to data portability where technically feasible.
To exercise any of these rights, contact us at privacy@maenada.com. We will respond within the timeframes required by applicable law, typically within 30 days. Where a request is complex, we may extend this period by a further 60 days with notice.
If you have questions about this Privacy Policy, the data we hold about you, or our data practices, you may contact our Data Protection Officer at privacy@maenada.com. For enterprise clients, a dedicated data protection contact is assigned during onboarding and available through your account portal.
Maenada is operated by Blokverse. Registered address and full legal entity details are available upon request or as required by applicable regulation.