We orient ourselves towards the EU Data Act’s definition of connected products and related services. In the Privact Trusted Data Ecosystem, a “product” typically refers to:

• Any item that collects, generates, or communicates data about its use or environment. This could be a smart device, an app, or a web service.
• The product’s main purpose isn’t just storing or processing data for others – it has its own primary function.
• It can share data through internet connections, physical connections, or direct access on the device.

This includes a wide range of offerings like applications, websites, connected devices, and platforms where users interact directly with the service. We also consider related services that support these products as part of our ecosystem.

When joining the Privact Trusted Data Ecosystem, product providers commit to key principles that prioritize user privacy and data control:

• Local Data Storage: Always store personal data in users’ local Privact databases. Cloud storage is allowed only as an additional measure if absolutely necessary.
• Local Processing: Ensure that personal data is primarily processed on users’ devices, minimizing reliance on cloud infrastructure.
• Schema Compliance: Follow the protocol for extending the central database schema when introducing new data types to ensure compatibility and transparency.
• Consent for Cloud Use: Obtain explicit user consent before storing or processing any data in the cloud.
• Data Separation: For cloud-stored data, maintain strict separation between data collected from different sources or under different user consents to ensure proper governance.
• Audit Participation: Agree to participate in compliance audits when requested to demonstrate adherence to Privact standards and maintain ecosystem integrity.

These commitments ensure that user privacy is respected while allowing products to operate effectively within the Privact Trusted Data Ecosystem.

Yes, Privact provides comprehensive opportunities for data analysis while protecting users’ privacy:

• Access to Your Product’s Data: As a Privact-compliant product, you can conduct statistical analysis of the personal data you’ve collected by registering as a Privact research organization.
• Gain Deep User Insights: By leveraging Privact’s consent protocols, you can additionally analyze data collected by other products in the ecosystem.
• Conduct Privacy-Preserving Analysis: All analysis is conducted in a way that respects user privacy, involving aggregated and anonymized data.
• Empower Users with Consent: Users actively decide which research organizations they support, fostering transparency and trust.

This approach enables you to gain valuable insights while upholding Privact’s core principle of user data sovereignty.

Privact actively supports your compliance with key privacy regulations by:

• Enabling Local Data Storage to align with EU Data Act requirements.
• Documenting User Consent through digitally signed smart contracts.
• Implementing Data Governance procedures to maintain accountability.
• Empowering User Control by supporting “Right to Access” and “Right to be Forgotten.”
• Facilitating Data Portability and interoperability for compliance.
• Automating Compliance Processes for efficiency.

These features streamline your privacy compliance efforts while building trust with your users.

Joining Privact offers you the opportunity to enhance user trust and data accessibility by transferring all previously collected data into the local Privact databases on users’ devices. This transition brings several key advantages:

• User Empowerment: The transfer makes data directly accessible to its creator and rightful owner – the user.
• Enhanced Utility: By moving data to local storage, you make it more useful and actionable for both users and your product.
• Compliance Boost: This transfer aligns with data portability requirements in regulations like GDPR and the EU Data Act, simplifying your regulatory compliance.
• Trust Building: Demonstrating this level of data respect significantly enhances user trust in your product, potentially improving user retention and engagement.
• Historical Insights: Transferring historical data enables richer, more comprehensive analysis within the Privact Trusted Data Ecosystem, benefiting both your product development and user experience.

By embracing this data transfer, you’re not just joining Privact – you’re actively participating in a user-centric data paradigm that benefits both your product and your users, positioning your business at the forefront of ethical data practices.

Privact is designed to respect user choice and maintain product flexibility. Here’s how you can handle situations where users choose not to participate in the Privact Trusted Data Ecosystem:

• User Freedom: Privact upholds the principle of user freedom. Joining is always a voluntary opt-in decision for each individual user.
• Alternative Solutions and Accessibility: Use cloud storage or product-specific databases for users choosing not to join the Privact Trusted Data Ecosystem, ensuring consistent product accessibility.
• Transparent Communication: Clearly communicate the benefits of joining Privact to users, but respect their decision if they choose not to participate.
• Future Flexibility: Users who initially decline can always opt into Privact later, so design your data architecture to allow for easy transition.

By accommodating both Privact and non-Privact users, you ensure maximum reach for your product while still offering the enhanced privacy benefits of the Privact ecosystem to those who choose it.

Privact supports products that need cloud data storage for various reasons, including but not limited to legal or logistic requirements. Here’s how Privact accommodates this while maintaining user privacy:

• Minimized Cloud Usage: Commit to storing or processing data in the cloud only when unavoidable. Strive to keep as much data as possible in local, user-controlled storage.
• Privact Protocol for Cloud Data: For necessary cloud storage and processing, utilize the Privact infrastructure to:
  • Request explicit user consent for each cloud-stored data point.
  • Document given consent via electronically signed smart contracts attached to each stored data point.
  • Profit from audit-proof, readily accessible documentation of user consent.
• Transparent Communication: Clearly explain to users why certain data needs cloud storage and the specific duration for which the data will be stored.
• User-Controlled Data Purge: Implement Privact’s technology for automatic data purging, allowing users to easily remove their data from cloud storage when they choose, enhancing user control over their information.
• Regular Review: Periodically assess your cloud storage needs to ensure you’re only using it where absolutely necessary, and adjust your practices accordingly.

By adhering to these principles, you can balance your product’s cloud storage requirements with Privact’s commitment to user privacy and data sovereignty.

Privact audits ensure that your product complies with the Privact standards outlined in the terms and conditions. Here’s what the audit process involves:

• Verification of Local-First Standards: Auditors confirm that your product adheres to Privact’s local-first data processing and storage principles.
• Consent Workflow Review: The audit checks that user consent workflows are properly implemented, ensuring compliance with Privact protocols.
• Cloud Data Handling Assessment: If your product uses cloud storage, auditors verify that data is stored and processed only when unavoidable and in accordance with the Privact protocol.
• Non-Intrusive Process: Audits are conducted by independent, trusted auditors in a way that protects your intellectual property and minimizes disruption to your operations.

Privact audits are designed to be transparent, collaborative, and supportive, maintaining trust and integrity across the Privact ecosystem by ensuring all participants meet the same high standards while strengthening user privacy.

Absolutely. Privact democratizes data access, creating a level playing field for all participants, including small businesses, large corporations, research institutions, NGOs, and any entity producing products or services:

• Unified Data Framework: All organizations use the same local data storage and consent framework, ensuring equal access to user data.
• Trust-Based Competition: The Privact Seal becomes a key differentiator, allowing smaller entities to compete on user trust rather than organizational size.
• Reduced Infrastructure Costs: Shared infrastructure lowers R&D and operational expenses, particularly benefiting organizations with limited resources.
• Technical Equalization: Privact’s SDKs level the technical playing field, enabling all participants to implement sophisticated data handling capabilities.

By leveraging these advantages, any organization can effectively compete and thrive within the Privact ecosystem, focusing on innovation and value creation rather than scale or resource advantages.

Privact automates compliance with user consent revocation, ensuring a seamless process for both users and product providers:

• Transparent Communication: The system provides users with a comprehensive overview of all cloud-stored data across different product providers. It also clearly communicates to users about their rights and the status of their data, fostering trust in the Privact ecosystem.
• Informed Deletion Process: Users are notified about which data can be deleted and which may need to be retained for legal reasons.
• User-Controlled Revocation: Users can easily revoke consent via Privact software, aligning with privacy regulations like GDPR.
• Automated Data Purging: When a user revokes consent, your product should implement an automated process to purge the relevant cloud-stored data. This ensures timely compliance with user wishes without manual intervention.

By leveraging Privact’s automated compliance features, product providers can efficiently manage user consent and data rights, maintaining trust and adhering to privacy regulations.

The central schema in Privact acts as a catalogue for all data that can exist in users’ local databases. This unified approach enables users, products, and researchers to maximize the value of existing data. Here’s how it works:

• Data Registration: You register all data fields your product needs (e.g., “shoe size”) in the central schema.
• Schema Definition Assistance: Privact’s database registry helps define these fields correctly, ensuring consistency and avoiding duplications across the ecosystem.
• Schema Synchronization: The central schema is synchronized with local clients, ensuring that all user devices are always up to date with the latest schema definitions.
• Data Validation and Filtering: User devices validate incoming data against the synchronized schema. Only previously registered data points are accepted, while unregistered data points are automatically rejected, maintaining the integrity of the Privact ecosystem.
• Open Source Collaboration: The schema is open source, allowing anyone to contribute to its improvement and maintenance, fostering transparency and collaboration across the ecosystem.

By leveraging this central schema, Privact creates a cohesive, efficient, and transparent data ecosystem that benefits all participants while maintaining strong privacy protections.