bank.hacktivism.ch · privacy · CH

Privacy notice · GOA Exploration Bank

This notice describes personal data processing for the self-hosted bank at bank.hacktivism.ch under the Swiss Federal Act on Data Protection (FADP / revDSG, in force since 1 Sep 2023). It is an explorational service, not a licensed Swiss bank.

1. Controller

Operators of the hacktivism.ch GNU Taler stack (GOA exploration deployment). Contact via the operational channels published for this host. No separate DPO is appointed for this experimental service.

2. Categories of data retained

DataExamplesTypical retention
Account identifiers Username, account serial, registration timestamp For account lifetime + up to 12 months after deletion or archive wipe
Authentication secrets Password hashes / tokens (not plaintext passwords) While account exists; tokens until expiry or revoke
Ledger / transactions Credits, debits, amounts (GOA), subjects, counterparty account names, timestamps Operational retention for the service lifetime; may be wiped on stack reset
Balances & limits Account balance, debt limit, conversion flags While account exists
Withdrawal operations Withdrawal IDs, amounts, status (pending/selected/confirmed), reserve pub when known Until completed/aborted + short operational logs (days–weeks)
Technical logs HTTP access logs (IP, User-Agent, path, status), application logs Typically days to a few weeks (rotation); not used for marketing
Landing / demo artefacts Public stats.json aggregates, demo withdraw URI state Stats overwritten continuously; demo URI until used or rotated

Not retained as payment content: wallet coin private keys (never sent to the bank). Full browser history or device contacts are not collected by this bank service.

3. Purposes

4. Legal basis (Swiss FADP)

Processing is necessary to provide the service requested by the user (account / withdraw) and for overriding private interests of secure operation of an experimental public stack (Art. 6 and 31 FADP principles: lawfulness, proportionality, purpose limitation).

5. Recipients & transfers

6. Your rights (FADP)

Subject to legal limits: right to information/access, rectification, deletion, and to object to processing. Contact the operators. You may lodge a complaint with the Swiss Federal Data Protection and Information Commissioner (FDPIC / EDÖB).

7. Security

TLS in transit; access control on bank API; experimental service — no certified ISMS. Do not store sensitive personal data in transaction subjects.

Related