Privacy by design
At Zerion, your data is yours
The fundamental promise of decentralized finance (DeFi) is a more equitable financial system built on trust, privacy and transparency. It’s a vision that has catalyzed new financial institutions, business models and forms of community ownership. It’s also a vision that calls on us to practice what we preach.
Personal finance is a place where privacy matters. In web3, this is even more important because what constitutes your “financial portfolio” increasingly says a lot about who you are — from the governance tokens you hold to the NFTs that prove you’re a part of a community.
In this article, we’ll highlight several principles that have guided how we approach user privacy at Zerion:
- The burden is on the product, not the user
- Minimize data stored on our backend
- Maximize opt-out visibility
But first, a note on what we mean by “privacy”.
DeFi’s privacy paradox
How do you enhance user privacy when universal transparency is the default? Here it’s useful to distinguish between your on-chain wallet data and your individual user data when interacting with DeFi applications.
On-chain wallet privacy does not exist yet, at least on the Ethereum blockchain and most EVM compatible side-chains. Anyone can search any wallet address and view its asset holdings and transaction history. For example, Zerion is useful for watching the portfolios of crypto whales and keeping tabs on live hacks.
Individual user privacy, on the other hand, concerns how people interact with dapps and any personal information that may be associated with that usage.
When we first built Zerion, we completely abandoned the concept of a password-protected “user account”. This is the case for most dapps, but it doesn’t eradicate the need to protect personally identifiable information and behavioural data. Below we’ll go through several examples that discuss how we’ve approached this.
The burden is on the product, not the user
This should be obvious, but it still isn’t a norm. We’ve heard from users who will go to unimaginable lengths to protect their data when interacting with dapps and protocols — from setting up multiple browser profiles to clearing their cache at every log in.
None of this should be necessary. We want people to feel comfortable using our product knowing we won’t use their personal or behavioral data without their consent. For this reason:
- Zerion does not track IP addresses. Where third parties collect this information by default, we take a three-step approach: 1) request manual removal of IP tracking, 2) prevent this data from being sent to our product analytics services, and 3) give users the choice to opt out of analytics entirely.
- Google analytics has been removed from the Zerion web app. The truth is, much of the data collected by Google Analytics is invasive and unnecessary. There are hundreds of tools that can help users “de-google” but we believe the responsibility falls on companies themselves. We don’t need all the data Google Analytics tracks and we also don’t want to contribute to privacy invasion as a normalized trade-off for “better UX”. For now we’ve chosen to pivot to Plausible, an open-source alternative that only tracks what’s necessary, doesn’t have an ad-based business model and ensures privacy compliance. You can see how they compare to Google Analytics here.
- Zerion does not share user data with third parties, ever.
We prefer to do on-chain analyses on open data to guide our product decisions, which allows us to provide a better service without compromising on privacy.
The great thing about DeFi’s composability is you can easily abandon applications that do not uphold your privacy while enjoying the same functionality on applications that do. For example, if you’re unsure how your favourite decentralized exchange manages your data, you can use Zerion’s exchange feature to route your trade in the exact same way, with zero added commission.
Minimize data stored on our backend
“If I have multiple wallets connected to Zerion, can one be used to identify others?” This is one of the most frequent questions we get asked by our community.
The simple answer is no. On our web app, aggregated lists get passed to our backend to calculate the total value of your portfolio in real time, but this information is not stored. Specifically, we trim timestamps on server logs to the hour, so cross-associating wallet data is not possible.
We opt for local storage for important data such as your lists of asset Favorites or encrypted links to export your wallets across devices. Similarly with iCloud Sync, Zerion cannot access this information because it never reaches our backend.
For our mobile users, push notifications are slightly different because we rely on Apple and Google’s push notification systems. In order to send notifications to a given wallet, we need to persistently store device tokens (an anonymized string) and the list of wallet addresses subscribed to notifications from that device.
We’re currently researching how to remove this association while maintaining the functionality of push notifications — one of our most popular features — and welcome suggestions from our community. Anyone who wishes to avoid this data being stored entirely has the choice to disable push notifications on the Settings screen.
Maximize opt-out visibility
Part of giving more control to users is making it easier to access those controls.
We recently updated our cookie management policy, which lets you decide whether or not you want to share anonymous app usage analytics. This is easily accessible under Settings on both web and mobile.
Why it matters
The broader DeFi ecosystem has been taking steps towards better user protection on all fronts. Community standards for transparency and safety have emerged, such as Uniswap’s TokenLists (which inspired our DeFi blue tick) or DeFi Safety’s Developer’s Guide. Most importantly, these changes put the responsibility of user privacy on products and protocols instead of users themselves.
There’s always a challenge in bridging the old with the new, but there are concrete steps we can take that move us in the right direction. Protecting user privacy is an ongoing effort, and it’s one we’re willing to make.