Last Updated: [28 April 2026]

1. INTRODUCTION

This Privacy Policy describes the manner in which personal data is processed in connection with the Dataswyft Wallet and the Dataswyft Wallet Network.

The Dataswyft Wallet is a data interaction system designed to enable individuals to acquire, manage, authenticate, present, and share structured data within a multi-party network environment. This Privacy Policy applies to personal data processed through Wallet Accounts and associated infrastructure and should be read together with the Dataswyft Wallet User Agreement and the Dataswyft Wallet Trust Deed.

2. DATA GOVERNANCE FRAMEWORK

The Dataswyft Wallet operates within a user-directed, instruction-based data governance framework supported by infrastructure administered under a trust structure. Within this framework, personal data is processed through the interaction between user-directed actions and infrastructure-based execution.

Processing is characterised by the determination of data use and disclosure by the wallet user, combined with the execution of such processing through systems operated by a Network Licensee. The resulting data environment reflects a structured interaction between participants operating within defined roles and network actions.

3. DATA CONTROLLERS AND GOVERNANCE ROLES

Within the Dataswyft Wallet, the allocation of responsibility for personal data processing reflects the underlying architecture of the system.

The wallet user determines the purposes for which personal data is processed, including decisions relating to acquisition, structuring, authentication, presentation, sharing, and revocation of data. In doing so, the wallet user acts as a data controller in respect of such personal data.

The wallet infrastructure is operated by a Network Licensee appointed for the relevant jurisdiction. The Network Licensee acts as trustee of trustee-custodied wallet data under the Dataswyft Wallet Trust Deed and is responsible for maintaining the systems through which wallet processing is carried out. In this capacity, the Network Licensee determines the technical and organisational means by which personal data is processed, including system architecture, execution mechanisms, and security measures, but does not independently determine the purposes of processing.

To the extent that both the wallet user and the Network Licensee participate in determining elements of personal data processing, they may be regarded as joint controllers within the meaning of applicable data protection laws. Such joint controllership is functional and limited in scope, arising solely from the interaction between user-directed purposes and infrastructure-based execution.

4. WALLET ARCHITECTURE AND DATA ENVIRONMENTS

A Wallet Account constitutes the data environment associated with a Dataswyft Wallet and may include both trustee-custodied storage and self-custodied storage.

Trustee-custodied data is stored within the Dataswyft Jurisdiction Wallet Database and forms part of the trust property governed by the Dataswyft Wallet Trust Deed. In contrast, personal data stored within Personal Data Accounts maintained through HAT Microservers remains under the direct control of the wallet user and does not form part of the trust property.

The wallet interface provides a unified mechanism for interacting with these environments, notwithstanding their distinct legal and technical characteristics.

5. INSTRUCTION-BASED PROCESSING

Personal data within the Dataswyft Wallet is processed exclusively through an instruction-based model. Processing occurs only where a wallet user initiates an action through the wallet interface, including the acquisition of data, the receipt of badges, the authentication of data, the presentation of badges, the sharing of information, or the granting and revocation of access permissions.

The Network Licensee processes personal data solely for the purpose of executing such instructions and maintaining the integrity, availability, and security of the wallet infrastructure. The Network Licensee does not initiate independent processing of personal data within Wallet Accounts except where necessary to ensure system security, operational continuity, or compliance with applicable legal obligations.

6. CATEGORIES OF PERSONAL DATA