Data Security and Privacy

The cybersecurity and regulatory landscape is constantly evolving—and so are we.

A young woman in an interview

Key Security and Privacy Features

An icon of a magnifying glass validating a credential

CPRA and GDPR Compliance

Enjoy data privacy at a level that meets or exceeds multiple international standards.

Padlock icon

Latest SCCs

The latest EU SCCs were released in June 2021. Naturally, we've incorporated them into our agreements.

An icon of connected squares representing connected credential systems

Secure Infrastructure

Look at the list at the bottom of this page to learn more.

Digit.ink logo altered to contain highlighted face icons, representing getting ahead

Secure Infrastructure

Security rules built into our database and long-term storage enforce RBAC at the lowest levels.

Icon of secure node connecting to two other nodes, representing encryption

Encryption during Transmission and Storage

Protected in transmission with HTTPS, protected at rest with AES-256.

to do list icon

Open Standards

Built on W3C and IMS standards, our credentials are designed from the ground up for portability and interoperability.

Comprehensive Compliance


Although the CPPA was superseded by the CPRA in 2023, we're already prepared with measures such as protection of "Sensitive Personal Information", a ban on both selling and sharing recipient data for the purpose of advertising, and avoidance of "Profiling".
For further information on the CPRA, we recommend visiting the website of the Californians for Consumer Privacy, which has summaries, changes from the CPPA, and even annotated versions of the CPRA.


In addition to handling the CPRA/CPPA, we also stay on top of the GDPR. On our website, we follow best practices on cookie consent and have eliminated all non-essential cookies. Meanwhile, aside from those needed for authentication, our SaaS application has zero mandatory cookies in it.  Following the GDPR isn't too challenging for the team at Digit.ink since we're just not interested in gathering information through intrusive methods.
Data subjects in the EU can reach us for requests at https://digit.ink/about/contact-us.

Data Security

The Schrems II decision invalidated the EU-US Privacy Shield framework, forced drafting of new Standard Contractual Clauses (SCCs), and generally threw established data transfer arrangements into disarray. Fortunately, Digit.ink has stayed on top of the regulatory situation and we've incorporated the latest SCCs into the agreements we sign with data controllers based in the EU. For more details, contact us.

Our credentials

  • Open Badges v2
  • Verifiable Credentials Data Model 1.0
  • Decentralized Identifiers (DIDs) v1.0
  • JSON-LD 1.1
  • Linked Data Proofs 1.0

Our cloud infrastructure (GCP)

  • ISO/IEC 27001
  • ISO/IEC 27017
  • ISO/IEC 27018
  • ISO/IEC 27701
  • SOC 2
  • SOC 3

Get started free

Try it out for yourself! We make it easy to get started with your very own trial account. You can also schedule a free demonstration.