Privacy Policy
Effective date: 1 June 2026 · Last updated: 1 June 2026
This Privacy Policy explains how Solonym (“we”, “us”, or “our”) collects, uses, stores, and protects your personal data when you use Solonym (“solonym.com”), a digital identity registry platform that allows individuals, projects, brands, businesses, organizations, and other entities to establish and manage digital identity records and public identity profiles. It also explains your rights under applicable data protection laws, including the EU General Data Protection Regulation (“GDPR”) and the California Consumer Privacy Act (“CCPA”).
By creating an account or using the service, you acknowledge that you have read and understood this Privacy Policy.
1. Who We Are (Data Controller)
Solonym (“we”, “us”, or “our”) is a digital identity registry service operated under the Solonym trade name.
For the purposes of the EU General Data Protection Regulation (GDPR), Solonym is the data controller responsible for your personal data collected through the platform.
For any privacy-related inquiries or to exercise your data rights, please contact us at support@solonym.com or through our contact form.
2. Data We Collect
2.1 Account data
When you register an account, we collect your email address, display name, and a hashed version of your password. Your password is hashed using bcrypt with a cost factor of 12 before storage; we never store your password in plain text and cannot recover it.
2.2 Profile data
When you register a name and build your profile, you may optionally provide: a real name, a bio, a profile photo, social network links, a website URL, a contact email address, and a physical location. Profile pages are publicly accessible by design — this is a core feature of the service. You control which optional fields (such as bio, photo, social links, and location) are shown on your public profile. Core identifiers such as your registered name are publicly visible for the duration of your active subscription, as this is the primary function of the service. Upon account closure or a valid erasure request, your profile data is deleted in accordance with Section 4.
Profile photos are resized and converted to WebP format upon upload and stored on our servers. The original upload is not retained.
Some accounts may apply for verification or authenticity review in connection with a real-world business, brand, organization, trademark, project, public figure, or other entity. In such cases, we may collect and review supporting documentation or evidence submitted to establish legitimacy, ownership, authorization, or authenticity. Such materials may include business registration records, trademark certificates, authorization letters, official website associations, or other verification information reasonably necessary for review purposes. Verification materials are used solely for verification, fraud prevention, dispute resolution, and platform integrity purposes, and are not displayed publicly unless explicitly designated by the submitting party. The legal basis for processing verification materials is our legitimate interest in maintaining platform integrity and preventing fraud, and, where you have voluntarily initiated a verification request, your consent to that process.
2.3 Payment data
Payments are processed entirely by our third-party payment provider. We do not store your credit or debit card number, CVV, or any raw payment card data on our servers. We receive and store a payment reference identifier and the outcome of the transaction (success or failure) for billing and audit purposes.
2.4 Security and abuse-prevention data
We log IP addresses associated with account registration, login attempts, and high-risk account actions (such as password changes and email changes) for security and fraud-prevention purposes. These logs are retained for 90 days and are then deleted. Failed login attempts are counted to enforce brute-force protection; this counter is reset on successful login.
2.5 Communication data
If you submit a contact or dispute request, we collect the content of your message, your name (if provided), and your email address. This data is retained for the duration of the matter plus a reasonable administrative period.
2.6 Audit logs
We maintain internal audit logs of significant platform events (including registrations, verification decisions, suspensions, disputes, moderation actions, and account deletions) for operational integrity, fraud prevention, security, legal compliance, and dispute resolution purposes. These logs may contain references to account identifiers, registered names, verification status, and administrative actions, but are not used for advertising profiling or behavioral marketing.
2.7 Moderation, Trust & Safety, and Enforcement Data
To maintain platform integrity, enforce our Terms of Service and moderation policies, and protect users and the public, Solonym may process information related to platform safety, trust, moderation, abuse prevention, and enforcement activities.
This may include:
- Registered names, usernames, display names, profile content, uploaded materials, links, symbols, imagery, and associated metadata.
- Reports, complaints, disputes, or moderation submissions submitted by users or third parties.
- Technical and behavioral signals associated with suspicious, abusive, fraudulent, deceptive, automated, or policy-violating activity.
- Internal moderation records, enforcement decisions, restriction history, appeals, and related administrative records.
- Information reasonably necessary to evaluate compliance with the Terms of Service, including prohibited-content and anti-circumvention rules.
Moderation and abuse-prevention activities may involve automated systems, manual review, or a combination of both. Solonym may evaluate contextual meaning, common usage, symbolism, linguistic variation, translations, transliterations, abbreviations, coded language, and circumvention techniques in connection with policy enforcement and platform safety operations.
Such processing is carried out on the basis of Solonym’s legitimate interests in maintaining platform integrity, enforcing its Terms and policies, preventing abuse and fraud, protecting users and the public, and complying with applicable legal obligations.
2.8 Data we do not collect
We do not collect behavioral tracking data, advertising identifiers, or browsing history. We do not use third-party analytics services. We do not sell, rent, or trade your personal data with third parties. Solonym does not knowingly engage in behavioral advertising or profiling of users for advertising purposes. This applies to all users regardless of age.
3. How We Use Your Data
| Data | Purpose | Legal basis (GDPR) |
|---|---|---|
| Email address | Account authentication, transactional emails (verification, renewal reminders, billing notifications, security alerts) | Contract performance; Legitimate interest |
| Display name | Shown in the platform header and used in email communications addressed to you | Contract performance |
| Password (hashed) | Authentication | Contract performance |
| Profile data (bio, photo, links, location) | Public profile page display | Contract performance |
| Payment reference | Billing records, subscription management, refund processing | Contract performance; Legal obligation |
| IP address | Brute-force protection, fraud prevention, abuse detection | Legitimate interest |
| Contact/dispute messages | Responding to inquiries, resolving disputes | Legitimate interest; Legal obligation |
| Verification materials (business records, trademark certificates, authorization letters, etc.) | Identity and authenticity verification, fraud prevention, dispute resolution, platform integrity | Legitimate interest; Consent |
| Moderation, enforcement, and trust & safety data | Enforcing Terms of Service, detecting prohibited content or abuse, fraud prevention, platform integrity, safety enforcement, dispute handling, anti-circumvention review, and legal compliance | Legitimate interest; Legal obligation |
Core account and registry functions — including email address, display name, password, registered name, and payment processing — are processed on the basis of contract performance, as they are strictly necessary to provide the service. Optional profile content (bio, photo, social links, location) is also processed on the basis of contract performance: the core deliverable of the service is a public identity profile, and optional fields are content the user has affirmatively chosen to include in that profile as part of using the service. Verification and authenticity review materials, where submitted, are processed on the basis of legitimate interest in maintaining platform integrity, preventing fraud and impersonation, and supporting dispute resolution, and on the basis of the user’s consent to initiate the verification process.
Solonym may also process account information, profile content, moderation reports, verification submissions, technical indicators, and related platform activity for trust & safety purposes, including enforcement of the Terms of Service, detection of prohibited identities or content, prevention of abuse or circumvention, fraud prevention, dispute resolution, and protection of platform integrity and users. Such processing may involve automated detection systems, manual review, or both, and is based on Solonym’s legitimate interests in maintaining a safe, lawful, and operationally reliable platform environment.
4. Data Retention
| Data type | Retention period |
|---|---|
| Account data (email, display name, hashed password) | Duration of account + 30-day deletion window after closure |
| Profile data | Retained for the duration of the active subscription and any grace period thereafter. Deleted upon account closure, or when the subscription is not renewed and the grace period expires. |
| Payment references | Duration of account + 7 years (financial record-keeping obligation) |
| IP address logs | 90 days |
| Audit logs | 3 years (operational integrity) |
| Contact/dispute messages | Duration of the matter + 1 year |
| Verification materials (documents submitted for identity or authenticity review) | Duration of verified status + 3 years (dispute resolution and platform integrity) |
| Moderation, enforcement, and trust & safety records | Duration reasonably necessary for platform integrity, enforcement, fraud prevention, dispute resolution, and legal compliance, generally not exceeding 3 years after final enforcement action unless longer retention is legally required |
5. Who We Share Your Data With
We do not sell or rent your personal data. We share your data only with the following categories of third-party service providers, strictly to operate the platform:
- Payment processor — to handle subscription payments. They receive the data necessary to process the transaction (such as your billing email and payment card details entered in their checkout interface). We do not pass them your profile data.
- Email delivery provider — to send transactional emails (account verification, renewal reminders, billing receipts, security notifications). They receive your email address and the content of each email we send to you. This provider processes this data as a data processor under our instruction.
- Hosting infrastructure — the platform is hosted on a virtual private server. Your data resides on that server and is not shared with the hosting provider beyond what is inherent in server operation.
All third-party providers are engaged under data processing agreements where required by GDPR and handle your data solely as directed by us.
We may disclose your data to a law enforcement authority, court, regulatory body, or — to the minimum extent reasonably necessary — to a party asserting a legitimate legal claim (such as a trademark dispute, impersonation complaint, or fraud report) if required or permitted to do so by applicable law, or to protect the rights, property, or safety of Solonym, its users, or the public. Private verification documents submitted by a user are not disclosed to third parties except where required by law or expressly authorized by the submitting party.
Where reasonably necessary for fraud prevention, legal compliance, platform safety, dispute resolution, enforcement of the Terms of Service, or protection of rights, property, or users, Solonym may internally review or disclose limited relevant information associated with moderation, enforcement, impersonation, abuse-prevention, or dispute matters to legal advisers, law enforcement authorities, regulatory bodies, infrastructure or security providers, or affected parties where permitted or required under applicable law.
6. International Data Transfers
Solonym is a globally operated service. If you are located in the European Union or European Economic Area, your personal data may be transferred to and processed in countries outside the EEA that may not provide the same level of data protection as your home country. Where such transfers occur, we ensure adequate protection is in place through Standard Contractual Clauses approved by the European Commission or equivalent transfer mechanisms recognized under GDPR. The identity of the legal entity acting as signatory to those clauses will be updated in this Policy upon incorporation of the operating legal entity.
7. Your Rights
7.1 Rights under GDPR (EU/EEA users)
If you are located in the EU or EEA, you have the following rights regarding your personal data:
- Right of access — you may request a copy of the personal data we hold about you.
- Right to rectification — you may correct inaccurate or incomplete data. Most profile data can be updated directly in your account settings.
- Right to erasure — you may request deletion of your personal data. You can initiate account deletion from the Account Settings page. We will delete or anonymise your personal data within 30 days of your deletion request being confirmed. Note that this deletion is partial where we are required by law or legitimate interest to retain specific categories of data beyond that point: payment references are retained for up to 7 years to meet financial record-keeping obligations, and internal audit logs are retained for up to 3 years for operational integrity and dispute resolution purposes. These retained records are not used for any other purpose.
- Right to restriction of processing — you may request that we limit how we process your data in certain circumstances.
- Right to data portability — you may request a machine-readable export of the personal data you have provided to us. Use the “Export my data” option in Account Settings.
- Right to object — you may object to processing carried out on the basis of legitimate interest.
- Right to lodge a complaint — you have the right to lodge a complaint with your national data protection supervisory authority.
7.2 Rights under CCPA (California users)
If you are a California resident, you have the right to know what personal information we collect and how it is used, the right to request deletion of your personal information, and the right to opt out of the sale of your personal information. Solonym does not sell personal information to third parties. There is therefore no “sale” to opt out of. To exercise any other CCPA right, use our contact form.
7.3 Exercising your rights
To exercise any of the rights above, please use our contact form. We will respond within 30 days. We may ask you to verify your identity before processing a request, to ensure we do not disclose or delete data at the request of an unauthorized party.
8. Security
We implement appropriate technical and organizational security measures to protect your personal data against unauthorized access, loss, destruction, or alteration. These measures include password hashing (bcrypt, cost factor 12), HTTPS-only access, brute-force login protection, access controls on our server infrastructure, moderation controls, abuse-prevention systems, rate limiting, administrative access restrictions, and monitoring systems designed to protect platform integrity and detect unauthorized or policy-violating activity.
No method of data transmission over the internet or method of storage is 100% secure. We cannot guarantee absolute security, but we take our obligation to protect your data seriously. In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify you and the relevant supervisory authority without undue delay, and where feasible within 72 hours as required under GDPR.
9. Children’s Privacy
Solonym is not directed at children. Users must be at least 13 years of age to register an account. If you are located in the European Union, the minimum age is 16, unless your country of residence has adopted a lower age of digital consent (which may be no lower than 13 under GDPR Article 8). We do not knowingly collect personal data from children below the applicable minimum age. If we become aware that we have inadvertently collected personal data from a child below the minimum age, we will delete it promptly. If you believe a child has registered without appropriate consent, please contact us using our contact form.
10. Cookies
We use at most two strictly necessary cookies: an authentication session cookie to keep you logged in, and a Remember Me preference cookie set only when you do not select “Remember me” at login. Unauthenticated visitors browsing public pages receive no cookie. Both cookies are strictly necessary for the authenticated service you requested, so no cookie consent banner is required under EU ePrivacy rules. We do not use advertising, analytics, profiling, or behavioral tracking cookies of any kind. For full details, see our Cookie Policy.
We may use strictly necessary security-related technologies, including authentication tokens, rate-limiting mechanisms, and abuse-prevention measures, to protect the platform, detect suspicious activity, enforce platform policies, and maintain operational integrity.
11. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will endeavor to notify you by email where practicable, and will update the “Last updated” date at the top of this page. Continued use of the service after the updated policy takes effect constitutes your acceptance of the changes.
12. Contact
For any questions about this Privacy Policy, to exercise your data rights, or to report a privacy concern, please contact us at support@solonym.com or use our contact form. We aim to respond to all privacy inquiries within 30 days.