Privacy Policy

Privacy Policy

Last updated: May 2, 2026

FRAME00 Inc. (“we”) provides Lemma Oracle (the “Service”). This policy describes the data we receive, store, and process, given the cryptographic design of the Service.

  1. Data Minimization

    The Service receives only the minimum metadata required for API operation. Original documents (plaintext) never reach our servers. Documents are normalized cryptographically inside the user's environment, and only commitments and hashes are transmitted to us.

  2. Data We Receive

    Per our OpenAPI v2 specification, we receive only the following:

    • Schema ID (schema)
    • Document hash (docHash)
    • IPFS content identifier (cid)
    • Issuer identifier (issuerId) — an arbitrary string (DID, address, etc.) hashed via keccak256 to bytes32
    • Subject identifier (subjectId) — same hashing approach
    • Commitments — a Merkle root, leaves, and randomness based on Poseidon, Poseidon2, Rescue-Prime, or SHA-256
    • Revocation root and scheme
    • Issuer signature (optional)
    • Zero-knowledge proof and public inputs

    These structures make it cryptographically infeasible to reconstruct the original document. We do not hold plaintext documents and cannot read, analyze, or copy them.

  3. Encryption and Storage

    • Transit: all communication is encrypted via HTTPS (TLS 1.2+).
    • Storage: we store only the metadata above. We do not retain original document content.
    • Hosting: the Service runs on Cloudflare Workers. Cloudflare's security policies apply.

  4. Third-Party Disclosure (On-Chain Writes)

    When users explicitly set onchain: true on a proof submission, we record the verification result to the verification contract on the chain (EVM-compatible) configured by the targeted circuit (CircuitMeta.verifier). Chain ID and contract address come from the circuit's metadata.

    When onchain is not set (default), verification results are stored only within our internal systems.

  5. Selective Disclosure

    Users may combine ZK proofs with selective disclosure (bbs+ or opaque format). We receive only the disclosed attributes; undisclosed attributes are not processed.

  6. Retention

    • Metadata: retained for the period necessary to provide the Service.
    • Logs: retained for operational needs (up to 90 days), then deleted.

  7. User Rights

    Users may exercise the following rights regarding their metadata held by us:

    • Right to access
    • Right to correction and deletion
    • Right to restrict processing

    To exercise these rights, contact us at the address below.

  8. Third-Party Sharing

    We do not share data with third parties without user consent, except as required by law. By design, it is technically impossible for us to share the original document content.

  9. Changes to This Policy

    This policy may be updated to reflect changes in the technical specification or applicable law. Material changes will be announced on the Service's website and notified to users.

  10. Contact

    For questions about this policy or to exercise any of the rights above:

    FRAME00 Inc.
    Email: contact@frame00.com