Privacy Policy

Last updated: 19 June 2026

This policy explains how emajiwallet ("the wallet", "we") processes your personal data when you use the app and website. emajiwallet is a personal credential wallet: it lets you collect, store and selectively share digital credentials (e.g. certificates, qualifications and verifiable credentials).

1. Controller

The controller responsible for data processing within the meaning of the GDPR is:

relevantive GmbH
Pappelallee 78 / 79
10437 Berlin, Germany
Managing Director: Jan Mühlig
Register: Amtsgericht Charlottenburg, HRB 160518
Website: https://relevantive.de
Data protection contact: privacy@relevantive.de [REVIEW: confirm address]

2. What data we process

  • Account data — the identifier(s) you register with (email address and/or phone number), your display name, and your PIN/password (stored only as a salted hash, never in plain text).
  • Identity data — decentralized identifiers (DIDs) and cryptographic signing keys generated for or by you to hold and present credentials.
  • Credential data — the credentials you upload or import, including any personal data they contain (e.g. your name, the issuer, dates, qualifications). Credential contents are stored encrypted at rest.
  • Usage & sharing data — records of credentials you choose to share and with whom, your tracked goals/pathways, and notifications.
  • Technical data — session cookies and server logs (including IP address) needed to operate and secure the service.

3. Purposes and legal bases

  • Providing the wallet (account, storing and sharing your credentials) — performance of a contract, Art. 6(1)(b) GDPR.
  • Security (authentication, fraud and abuse prevention, logging) — legitimate interests, Art. 6(1)(f) GDPR.
  • Analytics — your consent where required, Art. 6(1)(a) GDPR (see §6).
  • Legal compliance — Art. 6(1)(c) GDPR where applicable.

4. Storage, encryption and hosting

Your data is stored on servers operated by Hetzner Online GmbH in Germany [REVIEW: confirm region/processor]. Credential contents are encrypted at rest (AES-256). We have a data-processing agreement with our hosting provider in accordance with Art. 28 GDPR. We do not transfer your personal data outside the EU/EEA.

5. Sharing of your data

We do not sell your data. Credentials are only shared with third parties when you actively choose to share them. Beyond that, we disclose data only to processors acting on our behalf (e.g. hosting) or where legally required.

6. Cookies and analytics

We use a strictly necessary session cookie to keep you signed in. For usage statistics we use Matomo, hosted on our own infrastructure (matomo.relevantive.de). Our analytics is configured to be privacy-friendly: it runs without cookies and anonymizes IP addresses [REVIEW: enable IP anonymization in Matomo → Privacy]. We do not use third-party advertising or cross-site tracking.

7. Retention

We retain your data for as long as your account exists. When you delete your account, your profile, credentials, identities, keys and associated data are permanently removed (see §9). Server logs are kept only for a limited period for security purposes.

8. Your rights

Under the GDPR you have the right to:

  • access your data (Art. 15);
  • rectify inaccurate data (Art. 16);
  • erase your data (Art. 17);
  • restrict or object to processing (Art. 18, 21);
  • data portability (Art. 20);
  • withdraw consent at any time (Art. 7(3));
  • lodge a complaint with a supervisory authority (Art. 77) — for us, the Berlin Commissioner for Data Protection and Freedom of Information.

9. Deleting your account

You can permanently delete your account and all associated data at any time directly in the app: Profile → Danger zone → Delete account. This action is immediate and irreversible.

10. Changes to this policy

We may update this policy to reflect changes to the service or legal requirements. The current version is always available here, with the date of the latest revision shown at the top.