Data minimisation by design.

Scope

This page summarises how Proof of Travel — and the operating company, Travel Information Network (TIN) — handles data. It is intended as a plain-language overview. A formal privacy notice and Data Processing Addendum (DPA) are available on request.

What we do not store on chain

• Passenger names, dates of birth, contact details, or government IDs
• PNRs, ticket numbers, fare details, or itinerary contents
• Any other personally identifiable information

The on-chain artefact is restricted to a deterministic commitment hash and structural metadata sufficient for independent verification.

What we process off chain

To produce proofs, the protocol needs to evaluate operational signals from source systems. These signals may transit through TIN's verification environment as part of threshold evaluation. Off-chain processing is governed by the following principles:

• Minimisation — we process only what is required to evaluate verification thresholds.
• Purpose limitation — signals are used to generate proofs, not for analytics, profiling, or commercial reuse.
• Retention — operational signals are retained only as long as required for proof generation and audit traceability, then deleted.
• Access control — least-privilege, audited access; no direct passenger data exposure to operators.

GDPR alignment

The protocol is designed for GDPR alignment under the lawful basis of legitimate interest for audit and verification purposes. Where you are a data controller integrating PoT, TIN acts as a data processor under a Data Processing Addendum. We will sign Standard Contractual Clauses where required.

ISO/IEC 27001

TIN is implementing an Information Security Management System (ISMS) aligned to ISO/IEC 27001, with certification scoped to the operational components of the verification protocol. Implementation is staged; current status is available on request to enterprise integrators and auditors.

Cookies & analytics on this site

This website is intentionally minimal. It does not use tracking cookies, behavioural advertising, or third-party analytics. Fonts are loaded from Google Fonts; you may block the request if you prefer.

Right to erasure & the public ledger

Because no personal data is written to the public ledger, GDPR right-to-erasure obligations apply only to off-chain operational data, which is deleted on request and per the retention policy. The on-chain commitment hash is intentionally non-reversible to personal data.

Contact

Privacy questions, DPA requests, and ISO/IEC 27001 status enquiries: info@proofoftravel.io.

This page is informational and does not constitute legal advice. Last reviewed: 2026.