Skip to content
Trust & Transparency | MyDataKey — World’s First PDAOS
🛡️ 501(c)(3) Nonprofit · World’s First PDAOS

Trust & Transparency

MyDataKey is designed to minimize data custody by architecture. We don’t store your data—we help you prove you own it. This page explains what we do, what we don’t do, and how we maintain accountability.

🔒
Non-Custodial
📋
Metadata-Only
Proof & Auditability
🌍
Global Alignment
❤️
No Data Monetization

What MyDataKey Does

🔑

Originates Ownership Records

We provide the world’s first Personal Data Asset Origination System (PDAOS) that creates verifiable, timestamped ownership certificates.

🛡️

Witnesses Declarations

Own Your Data Inc. acts as an independent third-party witness to your data sovereignty declaration—not as a data custodian.

📊

Facilitates Opt-Outs

Our Opt-Out Hub connects you to 750+ data brokers, AI training opt-outs, and privacy tools—without storing your personal information.

Verifies Identity

Our verification process confirms you are who you claim to be, then discards sensitive data after generating your certificate.

🚫 What We Explicitly Do NOT Do

We do not: store or warehouse raw personal data • centralize third-party datasets • sell, share, or monetize personal data • operate as a data broker, data vault, or profiling platform • make money from your information in any way. Our pricing model is transparent and subscription-based.

🏆

Our Commitments

We use trust indicators, not certification logos. Each badge represents an architectural commitment and documented alignment—not implied certification.

🔒
Architecture

Non-Custodial by Design

MyDataKey does not store or warehouse personal data. You cannot lose, leak, or resell data you do not hold. Risk is reduced at the architectural level.

📋
Data Handling

Metadata-Only Processing

We process only the minimum metadata required for verification: hashes, timestamps, identifiers, and audit logs. This materially limits privacy, security, and regulatory exposure.

📜
Verification

Accountability by Design

Every claim is verifiable, timestamped, and auditable. Accountability does not depend on trust alone—it is provable. Verify any certificate →

🌍
Compliance

Global Privacy Alignment

Our architecture aligns with the core principles of GDPR, CPRA, HIPAA Security Rule, SOC 2, and NIST. This does not imply certification—it reflects design philosophy.

⚙️
Security

Risk-Based Security Governance

Security controls are selected based on actual risk, not checkbox compliance. ISO/IEC 27001–aligned ISMS, risk registers, and continuous review. Security details →

❤️
Business Model

No Data Monetization

We do not sell, share, or broker personal data. As a 501(c)(3) nonprofit, our mission—not profit from your data—drives every decision. Support our mission →

🌐

Framework Alignment

MyDataKey aligns with major privacy and security frameworks through shared principles. We apply a single non-custodial, risk-based architecture that supports consistent expectations across regions and industries.

GDPR (EU)
Minimisation, purpose limitation, accountability, security by design
CCPA/CPRA (CA)
Collection limitation, purpose limitation, reasonable security
HIPAA Security Rule
Access controls, integrity, auditability, risk-based safeguards
SOC 2 (TSC)
Security, availability, confidentiality principles
NIST
Risk assessment, threat modeling, incident response
ISO/IEC 27001
ISMS governance, risk management, continuous improvement
ℹ️ Important Clarification

Alignment does not imply certification, attestation, or regulatory endorsement unless explicitly stated. We publish clear explanations, documented alignment, and verifiable controls. Trust comes from clarity, not badges.

🔗

Related Resources

Privacy Policy Security Responsible Disclosure Terms of Service PDAOS White Paper security@mydatakey.org