Privacy Policy
How NobleID protects your privacy and handles personal data
Effective date: September 24, 2025 | Controller: NobleID, Wyoming, USA (doing business as "NobleID")
We collect only what's necessary to provide NobleID services and maintain scholarly records.
No third-party advertising cookies or cross-site tracking. Only strictly necessary cookies.
Access, correct, delete, or restrict processing of your personal data with clear procedures.
Contact us directly at info@nobleid.org for privacy questions and data requests.
Privacy Policy Sections
Who we are
NobleID provides persistent, verifiable identifiers for people and their works. We operate resolver pages, public metadata, an author identity and claims service, a public API, an OAI-PMH endpoint, and a small "Update-Checker" widget.
What we collect
Information you provide
- Publisher or partner details: name, email, organization, verification materials.
- NobleID Person: your email for sign-in and claims, and any public profile fields or links you choose to publish.
- Work metadata: titles, creators, abstracts, licenses, links or files, and related identifiers. This is scholarly metadata intended to be public.
- Support and licensing: payer contact details for fiat payments, transaction references, and amounts. For crypto support we create fresh or relayed receiving addresses so a creator's base wallet is not exposed.
Information collected automatically
- Web and API logs: IP address, date and time, URL, referrer, user agent, and response codes for reliability, security, and abuse prevention.
- Integrity telemetry: results of fixity checks and mirror operations.
- Cookies: strictly necessary cookies for authentication, session security, and abuse prevention. We do not use third-party advertising cookies.
How we use data
- Provide and operate NobleID services, including issuing and resolving identifiers, rendering resolver pages, running identity and claims, and producing verifiable provenance receipts.
- Maintain durability and integrity, including mirroring eligible metadata and running fixity checks.
- Show the Update-Checker badge and return version status.
- Process optional "Support the author" and licensing payments, apply declared revenue splits, and hold funds during disputes.
- Protect against fraud and abuse, ensure service reliability, and comply with legal requirements.
- Communicate important service notices.
Sharing
- Service providers for hosting, storage, content delivery, email, logging, and monitoring under appropriate data protection terms.
- Payment processors for fiat payments, and custody or relay providers for crypto flows if used.
- Decentralized mirror providers to store mirrored metadata that enables public integrity verification.
- Law enforcement or other parties when required by law or to protect rights and safety.
We do not sell personal data and we do not use third-party advertising technologies.
International transfers
We may process and store data in multiple countries. When we transfer data across borders, we use appropriate safeguards.
Security
We use encryption in transit and at rest, least-privilege access controls, key management, web application firewall rules, rate limits, and continuous monitoring. We review access regularly and accept responsible vulnerability disclosures.
Your choices and rights
Depending on your location, you may have rights to access, correct, delete, restrict or object to processing, and receive a copy of your data. For scholarly records already public, deletion requests result in a clear tombstone rather than removal of the historical record. How to make a request is explained in the Your Privacy Rights section below.
Changes
If we change this policy, we will update this page and the effective date. For significant changes, we will provide additional notice.
Contact
Questions or requests: info@nobleid.org
Widget & Resolver Privacy Notice
What loads
A small script from our CDN that checks whether a newer version exists for a given NobleID Work and renders a status badge. Resolver pages display metadata and version information for works.
What we collect
- Standard logs (IP, user agent, URL, timestamp, response codes) for reliability, security, and abuse prevention.
- Aggregate counts (for example, badge shown, update available).
- No third-party trackers and no fingerprinting.
Cookies
- The widget does not set cookies.
- Resolver pages may set strictly necessary cookies when you sign in to claim authorship or manage works.
Opt-out
Remove the embed from your page or serve the script via your own proxy.
Data Retention
Scholarly record
- Works and versions (public metadata), knowledge-proof receipts, and resolver tombstones are retained permanently as part of the scholarly record.
Accounts and verification
- Account and verification data: kept while active and for two years after termination, then deleted or anonymized.
Operational records
- Access logs: 90 days in hot storage and 12 months in encrypted cold storage.
- Security logs: one year.
- Audit logs (administrative actions and dispute outcomes): seven years.
- Payment and licensing records: kept as required for accounting and compliance.
Mirrored copies
- Mirrored metadata objects are retained to support integrity verification and long-term durability.
Deletion and tombstones
When a work is withdrawn, the resolver displays a clear tombstone with a brief, non-identifying reason. Past versions may remain visible for the record unless removal is required for legal or safety reasons.
Sub-processors & Infrastructure
We use carefully selected service providers under data protection and security obligations. We will update this page when material changes occur.
Categories of providers
- Cloud hosting and storage: compute, databases, object storage, and content delivery.
- Email delivery: sending claim links, receipts, and dispute notices.
- Logging and monitoring: collection of operational metrics and alerts.
- Payment processing (if enabled): fiat payments and receipts for support or licensing.
- Crypto custody or relay (if enabled): privacy-preserving receiving addresses and payout routing.
- Decentralized mirror provider: independent storage of mirrored metadata for public fixity verification.
To ask about current providers or request a copy of our data protection terms, contact info@nobleid.org.
Your Privacy Rights
Your rights
Depending on your location, you may be able to:
- Access the personal data we hold about you.
- Correct inaccurate or incomplete data.
- Delete personal data, with the exception of public scholarly records that are preserved with a tombstone.
- Restrict or object to certain processing.
- Receive a copy of your data in a portable format.
- Opt out of sale or sharing for cross-context advertising (we do not sell personal data).
- Appeal a decision if we decline your request where applicable.
- Use an authorized agent to make a request where permitted by law.
- Lodge a complaint with your local authority. We welcome the chance to address concerns first.
How to make a request
Email info@nobleid.org with:
- What you are requesting (for example, access, correction, deletion).
- The email address you used with NobleID and any relevant Work or Person IDs.
- Proof that you control the email or account associated with the request.
If you use an authorized agent, include proof of authorization.
Identity verification
We may ask you to verify your identity or control of the account or email before we act on your request.
Response times
We aim to respond within the time required in your jurisdiction. If we need more time, we will let you know.
Limits
For the integrity of the scholarly record, public metadata is generally not deleted. Withdrawals result in a clear tombstone explaining the status.