Last updated: May 2026

Privacy Policy

Onboard3 collects personal information solely for credential verification and platform operation. We do not sell, rent, or share your personal information with third parties for marketing purposes.

Information We Collect

We collect:

  • Information you provide during credential submission — name, contact details, documents
  • Usage data — pages visited, verification lookups, API calls
  • Technical data — IP address, device type, browser for security and analytics
  • Payment information processed by Stripe — we never store card numbers directly

How We Use It

Your information is used to:

  • Process credential applications and conduct document review
  • Maintain audit records required by our verification process
  • Respond to legal inquiries and comply with applicable law
  • Send transactional emails about your credentials and account
  • Improve platform performance and security

What Goes On-Chain

The following data is written to the public Polygon blockchain:

  • A SHA-256 hash of the credential record — not the record itself
  • Credential issuance, expiry, and revocation timestamps
  • Platform wallet address (never a user wallet)

The following is strictly off-chain and encrypted at rest using AES-256:

  • Full legal names, addresses, dates of birth, and government ID numbers
  • All submitted documents
  • KYC review notes and reviewer decisions
  • Email addresses and contact information

No personally identifiable information is ever written to the blockchain.

Data Retention

Submitted documents are retained for the life of the credential plus 7 years, after which they are securely deleted. Blockchain anchors are permanent and cannot be deleted by design. Contact information is retained until account deletion is requested.

Your Rights

You have the right to access, correct, or request deletion of your personal data. Note that deletion of off-chain data does not affect the immutable blockchain anchor, which remains permanently on-chain as a hash with no linked PII.

To exercise your rights: privacy@onboard3.io

GDPR and CCPA

For EU users: we process personal data on the basis of contractual necessity and legitimate interests. We implement Standard Contractual Clauses for any transfers from the EEA.

For California residents: you have the right to know what personal information is collected, the right to delete it, and the right to opt out of the sale of personal information. We do not sell personal information.

To submit a data subject request: privacy@onboard3.io

Third-Party Services

We use the following third-party services, each with their own privacy policies:

  • Stripe — payment processing
  • Supabase — database and authentication
  • Resend — transactional email delivery
  • Alchemy — blockchain RPC provider
  • Vercel — hosting and deployment

Contact

Privacy questions: privacy@onboard3.io — Response within 5 business days.

Security reports: security@onboard3.io

Terms of ServicePricingDocsHome