We care because it’s your data.

Your life. Your data.

Our vision is a world where everyone has complete control over their digital personal data. And the power to use it for the good of society as well as their own.

Control your personal data.

When your personal data gets stored in the cloud, who gets access to that data is not up to you. You have to trust the provider.

Privact is working on the technology you need to store your data on your own devices, putting you in the driver’s seat. And we are building the infrastructure to let you and society benefit from your and our collective data.

However, the real challenge lies in establishing self-controlled data storage as the new societal norm. Therefore, this will be our primary goal.

Presenting the privact ecosystem
at KDE Akademy 2024

Unlock the true value of your personal data.

To make the most out of your personal data, it needs an ecosystem of trusted apps, services and partners. And we’re building it.

You will always be the one deciding who can access your data and for what purpose. Organizations requesting this access will need to comply with privact’s terms and conditions and are audited by us.

By giving you control over your data and the infrastructure to use it, privact helps you realize the true value of your data.

And here is
how it works.

Below is a schematic illustration of the key concepts of the privact ecosystem we need to reclaim privacy in our digital lives. At privact, we are working together with partners to make this a reality.

Detailed explanations will appear as hover effects. You need a mouse to see them. (Sorry, we currently do not support mobile use cases.)

This is an ecosystem, so there is no real starting point. But since we are all users, you might find “User Devices” a good place to start exploring.

The privact system to guarantee individual privacy. Use mouse and hover effects to learn more about the system.
### Main Categories Services refers to any type of service or product that produces or consumes personal data. The definition is broad: It could be a website, an advertising service, your smart watch, your car… The privact ecosystem provides a level playing field for all service providers that is compliant with the latest data protection laws (e.g. GDPR, EU Data Act). This is your realm. Every technology you use as a human being and digital citizen. The privact ecosystem allows you to manage your digital privacy transparently and easily. All you have to do is use technology certified with the privact seal – everything else works automatically. The Foundation will be the non-profit organization to be established. It acts as a trustee for users’ digital privacy rights and provides the necessary technology and infrastructure – the privact ecosystem. It never gains knowledge of any user data. Research organizations range from small to large, can be non-profit or for-profit, and are interested in conducting market research. The privact ecosystem provides a clear and transparent set of rules so that all organizations have a level playing field when it comes to accessing the largest pool of anonymized consumer data. ### Services Services need to avoid cloud computation wherever possible. Cloud storage of personal data needs to be restricted to the minimum legaly or logistically needed ammount and time. Services participating in the ecosystem can use the Foundation’s seal to signal to consumers at the point of sale / use their commitment to respecting users’ privacy. As a user, the seal makes your life easy. All you have to do is use services that have been awarded the seal. This makes protecting your digital privacy as easy as buying organic food. All you have to do is choose the right product or service. Everything else happens automatically under the hood. Services must not transmit personal data to the cloud that can also be computed locally on users’ devices. On the other hand, any data that must be transferred to the cloud will receive a digitally signed contract from the user that defines the scope of data storage. By doing this, the Service can always prove that it’s complying with the GDPR. ### Research Organizations Organizations can conduct privacy preserving market research on any question that can be automatically evaluated from data in local databases. However, it is not possible to provide users with questions that must be answered manually. To collect this kind of information, or as a website to obtain statistical data about its users, first – acting as a SERVICE – the data must be written into the database. Then – acting as a RESEARCH ORGANIZATION – it can be mined using the federated secure aggregation mechanism. Research organizations must report on their social behavior. Categories can range from workers’ rights to women’s representation on boards to the organization’s environmental footprint. The actual categories will evolve over time. They will be used to match users’ expectations of how organizations should behave and to determine what market research individual users will participate in. ### Foundation The Foundation has the responsibility to audit the research organizations. This audit is mainly focused on the behavioral information provided by the organizations. Research organizations must accept the Foundation’s terms and conditions to participate in the ecosystem. Before the results of the Federated Secure Aggregation evaluation system are delivered back to the research organizations, we will check for and mask potential privacy violations, such as low numbers in certain intervals. A web interface allows organizations to feed their research question into the federated secure aggregation evaluation system. The possible content is provided by the central database schema. Maintaining the central database schema is at the heart of the Foundation’s work. The schema serves as the knowledge base for all potentially available personal data. Services and research rely on this catalog. In addition to avoiding duplicate records, one of the Foundation’s central tasks is to categorize the personal information registered in the catalog. Examples of these categories could be Health Data, Location Data, or Financial Data. The Foundation has the responsibility to audit the Services. This audit is mainly focused on the sparse storage of personal data in the cloud and the prohibition of interconnecting different data sources. Services must accept the terms and conditions of the foundation to participate in the ecosystem. Services must notify the Foundation of any data points they wish to store on users’ devices. The Foundation checks for duplicates and adds the new data point to the central database schema. ### User Devices Every service participating in the ecosystem must compute everything possible locally on your device. In return, you can safely share the personal data the service needs to provide you with the best possible experience. Any service may request access to different categories of your personal data. Examples of these categories could be Health data, Location data, or Financial data, as categorized in the central database schema. As with the current permission system of allowing app access to your addressbook or camera, you can always block, allow, or revoke any service’s access to the different categories. The local database is where your personal data is stored. It is actually not a single database, but a system of databases under your control. This includes various devices you own, as well as cloud providers you choose and trust for things like backups. You don’t keep all your money under your pillow, do you? Also, some data may be stored with trusted third parties, such as your health insurance company or government agencies that provide verified ID information. The central database schema is synchronized with your local database. This allows you, services, and research to benefit from the structured and categorized data. You can define how you want the organization you choose to support to behave socially. Categories can range from workers’ rights to women’s representation on boards to the organization’s environmental footprint. The actual categories will evolve over time. This is matched with the information provided by the research organization. Only if the organization’s social behavior matches your individual expectations will your data be included in the requested research. The federated secure aggregation protocol allows individual data to be aggregated into statistical data without revealing personal data. It is mathematically proven to be robust against a wide variety of attack vectors. Privact uses it to enable market research on the combined data pool without violating anyone’s privacy. ### privact e.V. The goal of the non-profit organization privact e.V. is to establish this ecosystem in society. We are working with partners to build the Foundation, develop the necessary technology, and create the momentum to make this system the new normal. The privact e.V. is not the Foundation.

Here’s how you can help make a difference:

Join us

We’d love to hear your thoughts. Come on over to our Discourse forum, read more about the concepts, and let us know what you think!

Contribute financially

If you would like to help us achieve our vision through financial support, we have good news: your donation may even be tax deductible.

Collaborate with us

Are you working on a privacy project with a similar goal? Are you building an application or service and want to know how to use privact? Then reach out so we can work together!

Community Meeting every 2nd Monday of the month

Next community meeting will happen on October 14 at 8:00 pm (Berlin time) using Senfcall.

Meet us at:

FOSDEM 2025 – Feb. 1&2 2025

Past events:

September 3. 2024: Demo Day of the Prototype Fund in Berlin

May, 6. & 7. 2024 in Berlin

Our partners and supporters:

Partner

Funding