Privacy Policy

Last updated: June 2026

Overview

EDUChain Trust is a credential-verification platform built for ministries, universities, employers, and embassies. This policy explains what data we process, why we process it, and how long we retain it.

Data we collect

We collect only the information needed to issue, verify, and audit academic credentials:

• Account data — name, institutional email, role, and assigned institution.
• Credential metadata — programme, graduation date, certificate number, hash. The credential body itself stays inside the issuing institution's tenant.
• Security telemetry — login events, IP address, session identifiers, audit trail for sensitive admin actions.

Blockchain anchoring

Only a one-way SHA-256 hash of a canonical credential payload is anchored on a permissioned blockchain network. No names, no national IDs, no programme details, and no email addresses ever land on-chain.

Retention

Credentials are retained for the lifetime of the issuing institution's contract with EDUChain Trust. Security telemetry is retained for 24 months. You can request earlier deletion of personal data subject to applicable academic-record law.

Your rights

You may request access to your data, correction of inaccuracies, restriction of processing, or deletion within the limits of applicable law. Requests are handled by the issuing institution's data-protection contact in the first instance.

Contact

Privacy questions and data-subject requests can be sent through the verification portal's contact form.