Circuit Logo

Privacy Policy

Last updated: December 2024

Circuit, Inc. ("Circuit," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard information when you use our identity verification network services.

Our Zero-Knowledge Architecture

Circuit's core architecture is designed with privacy at its foundation. Our zero-knowledge pointer model means:

  • We never store personally identifiable information (PII) - Only cryptographic hashes and blind indices
  • Data transfers are peer-to-peer - We orchestrate but never see the data flowing between institutions
  • Hot potato processing - Any data that passes through our systems exists only in RAM for milliseconds

Information We Collect

From Financial Institutions (Our Customers)

  • Account and billing information
  • Technical integration data (API keys, webhook endpoints)
  • Usage analytics and performance metrics

From End Users (Through Our Customers)

  • We do NOT collect or store identity documents
  • We do NOT collect or store biometric data
  • We do NOT collect or store Social Security numbers or government IDs
  • We process only cryptographic hashes that cannot be reversed to reveal personal data

How We Use Information

We use the information we collect to:

  • Provide and maintain our identity verification network
  • Process transactions between financial institutions
  • Improve and optimize our services
  • Comply with legal obligations
  • Communicate with customers about their accounts

Data Security

We implement industry-leading security measures:

  • FIPS 140-2 compliant hardware security modules for key management
  • SOC 2 Type II certified operations
  • mTLS encryption for all data in transit
  • Multi-zone redundancy with 99.9% uptime SLA

Data Retention

  • Cryptographic audit logs: Retained for 7 years (regulatory compliance)
  • Usage analytics: Retained for 2 years
  • Billing records: Retained as required by law

Your Rights

Depending on your jurisdiction, you may have rights to:

  • Access information we hold about you
  • Request correction of inaccurate data
  • Request deletion of your data
  • Object to certain processing activities
  • Data portability

Contact Us

For privacy-related inquiries:

Email: privacy@circuit.io Address: Circuit, Inc., San Francisco, CA

Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes by posting the new policy on our website and updating the "Last updated" date.