Tezos KYC/AML & tokensoft.io

After observing the fallout surrounding the KYC/AML issue, I felt compelled to write this here.

I’m only going to address what should happen after the process is completed. Once an activation code is issued on the blockchain all data submitted to tokensoft.io should be removed, all of it.

  1. Complete the background check, KYC/AML
  2. Get issued an activation code on the blockchain
  3. All submitted data that was used for verification is permanently and irrevocably removed from tokensoft.io / Tezos system

I’m advising everyone to request the same from tokensoft.io, hopefully, Tezos leadership will see the merit in this and make it standard practice, until then you should request your data is irrevocably removed.

tokensoft.io contact information:
Mason Borda, CEO / Co-founder
Twitter @masonic_tweets

James Poole, CTO / Co-founder
Twitter @JamesCPoole

Various addresses I sent to, (they do not list contact info):
tezos@tokensoft.io
masonborda@tokensoft.io
mborda@tokensoft.io
jamescpoole@tokensoft.io
webmaster@tokensoft.io
abuse@tokensoft.io
postmaster@tokensoft.io

(I will not be following comments on this post)

before getting to point 3 I would say that banks need to verify that no world criminals are hidden among the contributors so that funds can finally get released to TF. After that, they have no reason to keep the data, but if, for whatever reason they do (or they have to at least for some time), I think it would be sufficient to ask to break the link between donors and donations, basically they would have a tote bag of names and a tote bag of donations but no way to know who has donated what.

(I will be following comments on this post)

Had a quick scan through their privacy policy

1/ The policy may not apply: “This policy does not apply to TS’s white-label platform used by its customers. TS is a service provider and does not control how customers use information obtained via our products.” => in which case it’d be Tezos’ privacy policy

2/ If the policy does apply: here are some points worth noting:

“We generally retain your personal information as long as necessary to fulfill the purposes of collection or to comply with applicable law. Otherwise we will try to delete your personal information upon your request or when we no longer need it for the purposes we originally collected it for… We recognize that retention requirements can vary between jurisdictions, but we generally apply the retention periods described below.”
- Marketing: until you unsubscribe
- Information about the use of our services: varies (assume indef.)
- Google Analytics data: one year
- Note: there’s nothing about info users provide (or I may have missed it)

For specific requests regarding your data (updates to it, opt-out of certain uses, etc.) contact: privacy@tokensoft.io

Disclaimer: I’m not a lawyer