EU AI Act transparency obligations apply from 2 Aug 2026how MolTrust supports Article 12 logging → EU AI Act · 2 Aug 2026 · Article 12 logging →
§
🌙 Toggle Dark Mode Home MoltGuard MoltProof MT Global MolTrust Sports MT Shopping MT Travel MT Skills MT Prediction MT Salesguard MT Music Integrity Dashboard VCOne Blog Developers Pricing Enterprise Partners Compliance About Publications Verify Us Status Contact API Docs
Privacy Notice

Privacy Notice
MolTrust

CryptoKRI GmbH (Zürich) is the controller for processing of personal data in connection with the MolTrust service. This notice describes what data is processed, on what legal basis, and how data subject rights can be exercised under GDPR, the Swiss FADP (nDSG), and applicable equivalent regimes.

Last updated: 04.06.2026 · Version 1.1

Who is responsible for processing.

Controller
CryptoKRI GmbH
Zürich, Switzerland
Managing Director: Lars Kroehl
Contact via /contact
EU Representative (Art. 27 GDPR)
An EU-based representative under Article 27 GDPR is being designated. Designation expected to be completed within 30 days of this notice. Updated contact details will be published here.
Data Protection Contact
For privacy enquiries, data subject rights, or supervisory authority correspondence: contact via /contact with subject line "Privacy".

MolTrust as a protocol layer — and where personal data actually enters.

MolTrust is a deterministic cryptographic protocol layer for agent authorization, comparable in role to transport-security and identity protocol layers such as TLS or PKI. What a customer transmits through the protocol is determined and controlled by the customer; MolTrust does not influence or inspect those contents. The legal roles below reflect this position.

Website, marketing communications, customer accounts
For visitors of moltrust.ch, recipients of MolTrust communications, and authorized contacts of customer organizations, MolTrust acts as controller under GDPR Art. 4(7) / Swiss FADP Art. 5(j). This is the only category of routine processing of personal data MolTrust performs in the present service configuration.
AAE / logging and identity infrastructure
When customers use MolTrust to issue and verify Agent Authorization Envelopes, the protocol layer carries only standard envelope metadata (DID, mandate scope, constraints, validity, signature). In the intended standard configuration, no personal data is processed by MolTrust in this flow. A processor relationship would arise only in the exceptional case that a customer embeds personal data into AAE fields contrary to intended use — for such cases a standard DPA template is available; no ongoing processor relationship exists in current operations.
Trust scoring, Sybil detection, risk assessment
These integrity services operate over pseudonymous agent identifiers (DIDs) and aggregated behavioural metadata associated with legal entities. Legal entities are not data subjects under GDPR; in the intended configuration these services therefore process no personal data, and GDPR does not apply to that flow. A re-assessment is performed for any future B2C use-case in which a natural person is the agent owner.

The minimum data necessary — and nothing else.

No agent payload. No personal data on-chain. No business secrets in transit.

MolTrust's architecture is designed around data minimization. The Agent Authorization Envelope (AAE) carries only the technical metadata required for the envelope to function as a signed authorization record: agent DID, mandate scope, constraint parameters, validity window, and cryptographic signature. The actual payload of an agent's action — the email content, the customer record, the business decision — is never transmitted to or stored by MolTrust.

What MolTrust processes
Agent identifiers (DIDs) — pseudonymous
AAE envelope metadata (mandate, constraints, validity, signature)
Customer account data (billing, contract, support)
Operational telemetry (rate, latency, error rates) — aggregated, non-personal
What MolTrust does not process
Agent action payloads (emails, documents, customer records)
Personal data of end users interacting with customer agents
Business secrets, trade data, or proprietary content
Any personal data on the public Base L2 ledger — only zero-knowledge proofs and hashes of non-personal operational data are anchored

What is anchored on Base L2, and what is not.

On-chain anchoring is a deliberate architectural choice for tamper-evidence. It is also a sensitive choice under GDPR because public-ledger entries are inherently immutable. MolTrust's design ensures that the immutability does not collide with data subject rights.

What is anchored
Zero-knowledge proofs and cryptographic hashes of non-personal operational data (envelope existence, validity window, signing key reference). The architectural guarantee is at the source: only non-personal data is ever hashed for anchoring.
What is not anchored
Personal data, agent payloads, customer business data, and any data subject identifiers are never written to chain — neither in plaintext nor as hash of personal data (which would still be pseudonymous PII under EDPB guidance).
Article 17 erasure
Because no personal data is anchored on-chain, the right to erasure (GDPR Art. 17) is exercisable against MolTrust's own systems without requiring ledger modification. Off-chain personal data is erasable on request, subject to legal retention obligations.

Why the processing is lawful.

GDPR Art. 6(1)(b) — Contract
Processing necessary for performance of the contract between CryptoKRI GmbH and the customer (account, billing, service provision).
GDPR Art. 6(1)(f) — Legitimate interest
Processing necessary for the legitimate interest of providing tamper-evident evidence infrastructure, fraud detection (Sybil/risk services), service security, and abuse prevention — balanced against data subject rights.
GDPR Art. 6(1)(c) — Legal obligation
Where processing is required to fulfill MolTrust's own obligations (tax records, anti-money-laundering checks where applicable, response to lawful supervisory requests).
GDPR Art. 6(1)(a) — Consent
For extended logging features and analytics that go beyond contract necessity, only on the basis of specific consent. Consent can be withdrawn at any time.

Where data leaves Switzerland or the EEA.

MolTrust operates primarily within Switzerland (Hetzner data centre, Nuremberg backup) and the EU. Certain components involve third-country processing, documented here.

Base L2 anchoring (United States)
Base is a Layer-2 blockchain operated by Coinbase Inc., subject to US jurisdiction. The Swiss adequacy decision and the EU-US Data Privacy Framework do not categorically cover blockchain infrastructure. Article 46 GDPR safeguards apply: Standard Contractual Clauses (SCCs) where the relationship is contractual; for the public-ledger interaction itself, the safeguard is at the architectural level — only non-personal hashes and zero-knowledge proofs are transmitted to the network. No personal data leaves Switzerland or the EEA in identifiable form.
AWS KMS (Frankfurt, eu-central-1)
Root signing key managed in AWS KMS region eu-central-1 (Frankfurt). AWS is a US-headquartered processor; processing is contractually bound to the EU region. SCCs in place via AWS Data Processing Addendum.
Other sub-processors
A current list of sub-processors with their roles and location is maintained and available on request from the controller contact above.

What data subjects can do.

Under GDPR and the Swiss FADP, data subjects have specific rights regarding their personal data. MolTrust honours all of them; the table below describes how to exercise each.

Right of access (Art. 15)
Request a copy of personal data MolTrust holds about you. Response within one month.
Right to rectification (Art. 16)
Correct inaccurate personal data. Response within one month.
Right to erasure (Art. 17)
Erasure of off-chain personal data, subject to legal retention obligations. On-chain anchors contain no personal data — see "On-chain anchoring scope" section.
Right to restriction (Art. 18)
Restrict processing while a request is under review or in case of dispute.
Right to data portability (Art. 20)
Receive personal data in a structured, machine-readable format. JSON export available.
Right to object (Art. 21)
Object to processing based on legitimate interest at any time.
Right to lodge a complaint
With the Swiss FDPIC (edoeb.admin.ch) or with the EU supervisory authority of your residence.
How to exercise
Via /contact with subject line "Privacy — [right name]". Identity verification may be requested to prevent unauthorized disclosure.

For Swiss data subjects.

As a Swiss-based controller, MolTrust is primarily subject to the revised Swiss Federal Act on Data Protection (FADP / nDSG, in force since 1 September 2023). The rights described in the previous section have direct equivalents under Swiss law (Art. 25 ff. FADP). For Swiss data subjects, the responsible supervisory authority is the Federal Data Protection and Information Commissioner (FDPIC), and Swiss law applies in addition to GDPR where the data subject is in Switzerland.

How long data is kept.

Account data
For the duration of the customer relationship, plus statutory retention periods (commercial: 10 years under Swiss CO; tax: as required by Swiss tax law).
AAE envelope metadata
According to the validity tier selected by the customer (30 days / 90 days / 365 days / up to 7 years for Scale tier). Customer can request earlier deletion subject to legal retention obligations.
Operational logs
90 days for security and abuse prevention purposes, then aggregated or deleted.
Marketing communications
Until consent is withdrawn or contact ceases.

This notice will be updated as MolTrust's processing activities evolve, as the EU representative is designated, or as legal requirements change. Material changes will be communicated to active customers via email and noted at the top of this page with the version number and date.