This notice describes personal data processing for the self-hosted bank at
bank.hacktivism.ch under the Swiss Federal Act on Data Protection
(FADP / revDSG, in force since 1 Sep 2023). It is an
explorational service, not a licensed Swiss bank.
Operators of the hacktivism.ch GNU Taler stack (GOA exploration deployment). Contact via the operational channels published for this host. No separate DPO is appointed for this experimental service.
| Data | Examples | Typical retention |
|---|---|---|
| Account identifiers | Username, account serial, registration timestamp | For account lifetime + up to 12 months after deletion or archive wipe |
| Authentication secrets | Password hashes / tokens (not plaintext passwords) | While account exists; tokens until expiry or revoke |
| Ledger / transactions | Credits, debits, amounts (GOA), subjects, counterparty account names, timestamps | Operational retention for the service lifetime; may be wiped on stack reset |
| Balances & limits | Account balance, debt limit, conversion flags | While account exists |
| Withdrawal operations | Withdrawal IDs, amounts, status (pending/selected/confirmed), reserve pub when known | Until completed/aborted + short operational logs (days–weeks) |
| Technical logs | HTTP access logs (IP, User-Agent, path, status), application logs | Typically days to a few weeks (rotation); not used for marketing |
| Landing / demo artefacts | Public stats.json aggregates, demo withdraw URI state |
Stats overwritten continuously; demo URI until used or rotated |
Not retained as payment content: wallet coin private keys (never sent to the bank). Full browser history or device contacts are not collected by this bank service.
Processing is necessary to provide the service requested by the user (account / withdraw) and for overriding private interests of secure operation of an experimental public stack (Art. 6 and 31 FADP principles: lawfulness, proportionality, purpose limitation).
exchange.hacktivism.ch): reserve/wire-related data required by the protocolSubject to legal limits: right to information/access, rectification, deletion, and to object to processing. Contact the operators. You may lodge a complaint with the Swiss Federal Data Protection and Information Commissioner (FDPIC / EDÖB).
TLS in transit; access control on bank API; experimental service — no certified ISMS. Do not store sensitive personal data in transaction subjects.