/ Legal · consent framework

Consent Framework

The whole promise, in five stages. Nothing about your data happens without your explicit, revocable consent.

This framework is enforced by the ConsentRegistry, ContributorRegistry, and QueryRouter programs. What you toggle in the app is what the network enforces on-chain.

/ Principles
Granular

Consent is per-category (heart rate, sleep, location, mobility, environmental) and per-purpose (research, AI training, aggregates, insurers). Never one big checkbox.

Revocable

One tap removes you from in-flight and future queries. Revocation writes to the ConsentRegistry program immediately.

Bounded

Each contributor has a differential-privacy budget (ε). Once spent for the period, no query can include your data until it resets.

Auditable

Every consent change is on-chain: scope diff, timestamp, device binding. Auditors can verify a query only used consented data.

/ Lifecycle
1
Grant

You toggle categories and purposes in the Consent Center. Nothing leaves your device before you do.

2
Bind

Your device is attested and bound to your contributor identity. Rotating enclave keys re-seal ongoing streams.

3
Enforce

When a buyer query arrives, only ciphertext whose active consent matches the query's purpose is eligible.

4
Measure

Every included query debits your ε budget. The Privacy Explorer shows the same numbers publicly, without identifying you.

5
Revoke

Any category, any purpose, or the whole account — one tap. Revocation is enforced by the on-chain program, not by us.

/ Programs
  • ConsentRegistry
  • ContributorRegistry
  • QueryRouter
/ Floors
  • k-anon · 25
  • ε floor · 0.1 default
  • Timelocks · 7 / 14 / 21d
/ Try it

Open the Consent Center to grant, revoke, and see your live privacy budget.

Open Consent Center