Consent Framework
The whole promise, in five stages. Nothing about your data happens without your explicit, revocable consent.
This framework is enforced by the ConsentRegistry, ContributorRegistry, and QueryRouter programs. What you toggle in the app is what the network enforces on-chain.
Consent is per-category (heart rate, sleep, location, mobility, environmental) and per-purpose (research, AI training, aggregates, insurers). Never one big checkbox.
One tap removes you from in-flight and future queries. Revocation writes to the ConsentRegistry program immediately.
Each contributor has a differential-privacy budget (ε). Once spent for the period, no query can include your data until it resets.
Every consent change is on-chain: scope diff, timestamp, device binding. Auditors can verify a query only used consented data.
You toggle categories and purposes in the Consent Center. Nothing leaves your device before you do.
Your device is attested and bound to your contributor identity. Rotating enclave keys re-seal ongoing streams.
When a buyer query arrives, only ciphertext whose active consent matches the query's purpose is eligible.
Every included query debits your ε budget. The Privacy Explorer shows the same numbers publicly, without identifying you.
Any category, any purpose, or the whole account — one tap. Revocation is enforced by the on-chain program, not by us.
- ConsentRegistry
- ContributorRegistry
- QueryRouter
- k-anon · 25
- ε floor · 0.1 default
- Timelocks · 7 / 14 / 21d
Open the Consent Center to grant, revoke, and see your live privacy budget.
Open Consent Center