<<< Back to Home

Privacy Policy

Effective Date: 26 April 2025

  1. Introduction

Sigillum Fidei is a service operated by Lab421 S.r.l., VAT no. 06050190658, headquartered at Via Montemagno, 1 – Palomonte (Salerno), Italy.

This Privacy Policy explains how Sigillum Fidei collects, processes, protects, and uses your personal data when you use our website, mobile application, and NFT Seal services.

By accessing our services, you accept the practices described in this Privacy Policy.

  1. Data We Collect

Sigillum Fidei may collect and process the following types of personal data:

  • Account Data: Name, email address, and registration details;
  • Optional Identification Data: Profile photo, date of birth, nationality (only if the user opts to store this information on the blockchain);
  • Location Data: Real-time location necessary to verify visits to sacred sites;
  • Payment Data: Details related to contributions or transactions;
  • Usage Data: Interaction with the platform, accessed pages, and engagement metrics;
  • Newsletter Subscription Data: Email address and communication preferences.
  1. Purpose of Data Processing

We process your personal data for the following purposes:

  • Certification Services: Issuing digital pilgrimage certificates (NFT Seals);
  • Verification of Pilgrimage: Confirming physical visits via GPS tracking;
  • Blockchain Certification: Permanently recording essential metadata on the Polygon blockchain;
  • Visual Certificate Hosting: Hosting external NFT images via IPFS or HTTPS;
  • Communications: Sending updates, event information, and promotional content;
  • Security and Fraud Prevention: Ensuring platform integrity and preventing unauthorized access;
  • Legal Compliance: Meeting legal obligations under EU and national regulations;
  • Research and Development: Using anonymized data to train, validate, and improve artificial intelligence systems developed by Lab421.
  1. Blockchain Data Permanence

Sigillum Fidei uses blockchain technology (Polygon network) to create tamper-proof pilgrimage certifications.

The following certification metadata is permanently and publicly recorded on the blockchain:

  • Full Name
  • Date of Birth
  • Nationality
  • Sacred Site Visited
  • Visit Date
  • Visit Time
  • GPS Coordinates
  • Certifier (Sigillum Fidei)

Important Notice:
Once written to the blockchain, this data cannot be altered, deleted, or hidden by Sigillum Fidei, users, or third parties.
Blockchain records are publicly accessible and immutable.

Users select which optional personal data to include before minting.

  1. Visual Certificates and External Hosting

Each NFT Seal includes a visual certificate image graphically representing the pilgrimage information.

  • The image is not recorded on the blockchain but hosted externally on:
    • IPFS (InterPlanetary File System), a decentralized storage system;
    • or secure HTTPS servers controlled by Sigillum Fidei or trusted partners.

Please note:
While we aim for long-term accessibility, Sigillum Fidei cannot guarantee permanent availability of externally hosted images due to changes in technology or third-party service conditions.

The validity of the blockchain certification remains unaffected if the visual image becomes unavailable.

  1. Data Retention

We retain your data according to its type:

  • Account Data: Stored while the account is active or until user-initiated deletion;
  • Location Data: Used solely for certification purposes and not stored long-term;
  • Payment Data: Retained as required for financial and legal compliance;
  • Newsletter Data: Stored until you unsubscribe;
  • Blockchain Data: Permanently recorded and non-deletable once minted.

When feasible, personal data stored off-chain is deleted following standard security practices.

  1. Legal Basis for Processing

We rely on the following legal grounds for processing personal data:

  • Consent: For newsletter subscriptions and optional inclusion of personal data on the blockchain;
  • Contractual Necessity: For delivering certification services (NFT Seals);
  • Legitimate Interest: For improving services, ensuring platform security, and conducting research and development activities through the use of anonymized data to train and validate artificial intelligence systems;
  • Legal Obligation: For compliance with applicable laws and regulations.

Important Note:
Data used for AI research and development is anonymized beforehand and cannot be used to identify individual users.

  1. Data Sharing and Third-Party Services

Sigillum Fidei does not sell personal data to third parties.

We may share data only with:

  • Service Providers: Companies providing hosting, blockchain interaction, payment processing, email services, and security support;
  • Public Authorities: When legally required under applicable laws;
  • Decentralized Storage Networks: For hosting visual certificate images (e.g., IPFS nodes).

In addition:

  • Anonymized data may be used internally by Lab421 S.r.l. for training and validating artificial intelligence systems, in compliance with privacy regulations.
  • No identifiable personal data is used for AI development without explicit user consent.

All service providers are contractually bound to uphold confidentiality and data protection obligations.

  1. Data Protection Measures

We apply industry-standard security measures to protect your data, including:

  • Encryption of data during transmission and storage;
  • Access controls restricting data handling to authorized personnel;
  • Regular security assessments and system audits.

Despite our best efforts, users acknowledge that no technology, including blockchain networks, is immune from risks.

  1. Your Rights under GDPR

As a data subject under the General Data Protection Regulation (GDPR), you have the right to:

  • Access your personal data;
  • Rectify inaccuracies (before blockchain recording);
  • Request deletion of off-chain data (blockchain data cannot be deleted once published);
  • Object to certain types of processing based on legitimate interest (where technically applicable);
  • Withdraw consent at any time for activities based on consent;
  • Request data portability, where applicable.

Note:
Due to the immutable nature of blockchain technology, certification data once recorded cannot be altered, hidden, or erased.

To exercise your rights, please contact us at 📧 epistula@sigillumfidei.com.

  1. Changes to this Privacy Policy

We may update this Privacy Policy to reflect:

  • Changes in legislation;
  • Improvements to our services;
  • Technological developments in blockchain and decentralized storage.

Significant changes will be communicated through our website or mobile application.
We encourage users to review this Privacy Policy periodically.

  1. Contact Information

For any inquiries regarding this Privacy Policy or your personal data:

📧 Email: epistula@sigillumfidei.com
🌍 Website: www.sigillumfidei.com