Privacy Policy
Effective: January 2026 | Last updated: February 2026
Overview
Thurin Labs LLC ("Thurin Labs," "we," "our," or "us") builds Thurin (thurin.id), decentralized identity infrastructure for Ethereum. Thurin includes an identity explorer and an on-chain attestation flow (Signet). This policy covers Thurin.
Thurin products are designed to be fully decentralized and non-custodial. We do not operate backends or databases. Your data stays on your device, on the public blockchain, or on public keyservers you already use.
What We Collect
On-chain data (public, permanent)
| Data | Product | Purpose |
|---|---|---|
| Ethereum address | Signet | Binds identity claims to your wallet |
| GPG fingerprint | Signet | Links your public key to your address |
| Claim timestamp | Signet | Verification timing |
Data processed client-side only
- Signet: Your GPG private key is used locally to clearsign a claim message. The private key never leaves your machine.
- Explorer: Searches and signature verifications happen in your browser via openpgp.js. Public keys are fetched from keys.openpgp.org. No data is sent to Thurin servers.
Data we do NOT collect
- Names, addresses, dates of birth
- Driver's license or ID numbers
- Photos, biometrics, or facial data
- Private keys (GPG or Ethereum)
- Email content or contacts
- Analytics, telemetry, or usage data
How Thurin Works
Signet (attestation flow)
- You connect your Ethereum wallet and sign your GPG fingerprint
- You clearsign a claim message with your GPG key
- The dual-signed identity claim is published to the PGPRegistry smart contract
- No backend is involved. The transaction goes directly from your wallet to the chain.
Identity explorer
- You search by ETH address, ENS name, or GPG fingerprint
- Thurin reads identity claim data from the public blockchain
- Public keys are fetched from keys.openpgp.org and email ownership is verified via OpenPGP
- All verification happens client-side in your browser
Third Parties
We do not share data with third parties for marketing or advertising.
- Blockchain networks: Ethereum stores verification records and identity claims on-chain
- Keyservers: Thurin fetches public keys from keys.openpgp.org (a public service operated by the OpenPGP community)
- ENS: Thurin resolves ENS names to Ethereum addresses
- No third-party analytics or tracking services are used
Cookies and Tracking
Our websites do not use cookies or tracking technologies. The only value stored in your browser is your theme preference (localStorage).
Your Rights
You have the right to:
- Know what data exists about you (limited to public on-chain records and public keyserver data)
- Request information about our data practices
- Contact us with privacy concerns
Because Thurin products are decentralized, on-chain data cannot be deleted by us or anyone else. This is a feature of public blockchains, not a limitation of our policy.
Data Security
- All verification and signing happens client-side
- No personal data is transmitted to or stored on Thurin servers (we don't operate any)
- On-chain data is public but contains no personally identifiable information
- Smart contracts are open source and verifiable
Children's Privacy
Thurin has no age-gated content. The attestation flow (Signet) requires an Ethereum wallet to transact.
Changes to This Policy
We may update this policy as we ship new products and features. Changes will be posted on this page with an updated date.
Contact
- Email: privacy@thurin.id
- Website: thurin.id
Legal Basis (GDPR)
For users in the European Economic Area, our legal basis for processing is legitimate interest in providing privacy-preserving identity infrastructure. By design, no personal data is processed by Thurin systems. Zero-knowledge proofs and client-side verification ensure data minimization at the protocol level.
Thurin is committed to building identity infrastructure that respects privacy by default. We don't collect your data because we never need to.