AUCTA
AUCTA
Get AUCTA
PRIVACY BY INFRASTRUCTURE

Data Protection
Protocol

Last Updated: January 2025

Entity: AUCTA Protocol SARL

Jurisdiction: French Republic (EU)

At AUCTA, data protection is not a feature — it is the foundation. Every vault, object, smart contract, and client interaction is encrypted, segmented, and controlled by a custom protocol architecture.

We do not run ads. We do not sell data. We do not allow third-party analytics.

We engineer for privacy permanence, not just compliance.

Design Principles

AUCTA applies a three-tiered data protection model:

Tier 1: Client Privacy

  • All user data in EU-hosted servers under strict RLS controls
  • No AUCTA employee has default access to full identity sets
  • Optional facial verification processed on-device

Tier 2: Object Privacy

  • Object metadata stored separately from client data
  • Only owner or designated proxies can access both sets
  • Privacy bridge for resale or inheritance transfers

Tier 3: Protocol Privacy

  • Transactions hashed and stored on private blockchain
  • Smart contracts handle transfers pseudonymously
  • Identity-minimised permanence architecture

Data Categories

CategoryExamplesAccess Scope
IdentificationName, address, ID, selfieOwner, Legal, DPO only
OwnershipVault ID, product UUID, timestampOwner, AUCTA internal
ActivityLogins, confirmations, Face ID checksSecurity only
CommunicationMessages with concierge, transfer requestsConcierge + owner
BlockchainWallet address (or vault proxy), transaction hashesOwner, system, public pseudonymised

Processing Locations

All personal data is stored in France or Luxembourg.

Backup copies (encrypted) are stored in cold storage vaults under contracted EU ISO27001+ providers.

Biometric data is not stored in raw form, and processed either on-device or in anonymised vector format.

Storage Durations

Identity (KYC)10 years (AMLD5 compliance)
Vault & Object HistoryIndefinite (compliance + ownership proof)
Session Logs12 months
Biometric (opt-in)Deleted within 30 days of deactivation
Transfer/Resale HistoryIndefinite, hashed

Client Controls

You can request at any time:

Access or export of your full vault data
Deletion of personal identity (subject to legal restrictions)
Deactivation of facial/biometric features
Transfer of assets to heirs or proxies
Review of who accessed your vault (access logs available)

Contact: privacy@aucta.io

GDPR Compliance

AUCTA is fully compliant with:

Regulation (EU) 2016/679 (GDPR)
Loi Informatique et Libertés (France)
ePrivacy Directive (cookies, tracking)
AMLD5 & AMLD6 (Anti-Money Laundering Directives for identity checks)

Our appointed Data Protection Officer (DPO) monitors all access logs and audit trails.

Vault Access Controls

RoleAuthentication Required
OwnerEmail + Password + 2FA + Facial ID (if active)
ConciergeTemporary vault key + SMS code
Legal DelegateSmart contract trigger + identity proof
AUCTA AdminRead-only access under audit approval only

We log every access, including IP address, timestamp, and what data was viewed or modified.

Blockchain Compatibility

Blockchain records are by nature immutable. To stay GDPR-compliant, AUCTA:

Stores no plain identity on-chain
Uses UUID-linked tokens for object and client traces
Anchors metadata off-chain (where it can be deleted)
Uses layered permissions to restrict lookup and access

We can prove history — without exposing identity.

Zero Third-Party Profiling

No Google Analytics
No social pixel trackers
No third-party cookies
No automated advertising
No external mailing providers without encryption
All analytics are anonymised and run in-house

Reporting & Breach Policy

In the event of a confirmed data breach:

You will be notified within 72 hours, as per GDPR Article 33
Breach type, scope, and impact will be fully disclosed
AUCTA will freeze all vault activity and regenerate session keys

Contact

Data Protection Request

AUCTA Protocol SARL

Délégué à la Protection des Données (DPO)

privacy@aucta.io

[Legal Address], France

File a Complaint

CNIL - Commission Nationale de l'Informatique et des Libertés

https://www.cnil.fr/

Commission Nationale de l'Informatique et des Libertés