Skip to main content

Privy overview

Why Privy?​

Knowing your users is essential to building great user experiences. Access to user data can help you onboard users, communicate with them, provide a personalized experience, and more.

Handling sensitive user data correctly (e.g. names, email addresses, etc), however, is difficult, time-consuming, and puts your company and users at risk if done wrong.

Web3 is an opportunity for us to do better, where web2 fell short. Users deserve to have great experiences online without compromising their privacy. Developers deserve tools that enable them to easily deliver transparent, interoperable products. You shouldn't have to choose between delighting your users and protecting them.

Enter Privy​

Privy is a simple API that enables you to collect your users' data without having to store it or run a secure backend. Privy manages storage, availability, encryption, key rotation, and access control so that you can reclaim valuable development time and get back to building great products.

You can integrate Privy into your front-end with just a few lines of code as shown below. Data is encrypted on the user's client device β€” Privy never sees the plaintext data.

const client = new PrivyClient({
session: session,
});

// encrypt and save SSN for user with id '0x123'
const result = await client.put('0x123', {
field_id: 'ssn',
value: '123-45-6789',
});

Using Privy you can:

  • Keep sensitive data out of your of your stack,
  • Configure fine-grained access control to user data,
  • Clearly explain to users what data you are collecting and why.

Check out more use cases!

How it works​

The diagram below shows how data flows from a user's device to an encrypted datastore.

  1. The user inputs their sensitive data in their client device.
  2. Privy's client libraries fetch a wrapper key from a secure keystore. A unique key is used for each data field.
  3. Privy's backend checks to make sure the requester has permission to write to this field.
  4. The data is encrypted on the user's device using the unique key fetched.
  5. The encrypted data is safely stored in a managed datastore. Privy never sees plaintext data.

Privy's client libraries encrypt data client-side using a unique key for each data field. Today, keys can only be decrypted using a hardware security module run on a hardened network. Additionally, you can configure fine-grained access control to this data using Privy's API. The encrypted data is ultimately stored in remote storage managed by Privy. This is backed by transparent audit logs so your users can audit what is happening to their data.

Finally, the client libraries are open source, so that you can be sure about the code that's running.

Using Privy, you can take on user data without storing it on your stack or putting it at risk. We handle the cryptography security so that you don't have to.

Privy Architecture​

Privy brings together 4 main components:

  • Privy KMS β€” Privy's Key Management System (KMS) handles encryption and key management. It ensures no unencrypted user data ever leaves the client.
  • Permissions β€” The permissions layer enables you to configure fine-grained access control to user data.
  • Datastore β€” The datastore guarantees redundancy, fast access and compliant storage of user data.
  • Client libraries β€” The client libraries encapsulate the full functionality of Privy in simple SDKs and APIs.

Read more about Privy security.

Privy KMS​

All user data is encrypted by the Privy client using a hybrid encryption scheme. Specifically, data is encrypted using symmetric keys generated client-side.

The symmetric keys are then encrypted and stored alongside the data. They are encrypted using public keys generated by remote Hardware Security Modules (HSMs) managed by Privy's Key Management System (KMS). Private keys are never exposed anywhere outside of the HSM.

Privy currently uses:

  • Symmetric authenticated encryption scheme: AES-256-GCM.
  • Public-key Cryptography scheme: RSAES_OAEP_SHA_1, with 2,048 bit keys.

The KMS is easily upgradable, and Privy ensures your data protection is future-proof and leverages the best cryptographic algorithms.

All operations on plaintext data are run client-side by default. Privy never reuses cryptographic material across Privy customers, and automates the generation of new data keys for each and every piece of user data it handles.

Permissions​

Any request to the Privy ecosystem first goes through the permissions oracle to determine whether it should be executed.

You can configure the oracle using the Privy configurations API or the Privy console. This allows you to set appropriate permissions on every data field for each user.

Datastore​

Privy securely stores your encrypted user data, indexed by user ids that you define (for example: a user wallet address), in a managed datastore. You can configure your datastore to receive structured and unstructured data, stored in the appropriate regions to minimize latency. We guarantee data availability and redundancy. All data is stored encrypted, and cannot be accessed without the appropriate data permissions.

Privy today, Privy tomorrow​

Today​

Privy's trust model today is β€œTrust but Verify.”

Under this initial model, you (the developer/org) retain control over user data but use Privy to handle that data securely and transparently. You never have to have access to user data if you don’t want to, and your users can see how you are using it. In this model, you get:

  • Permissions β€” You control Privy permissions with full granularity (users, fields)
  • Transparency β€” You can prove to users how you are using their data with Privy audit logs.
  • Encryption β€” user data is encrypted using your keys, whose management is delegated to Privy.

Tomorrow​

Our goal is to build the best possible developer experience so you can focus on your product while benefitting from top of the line privacy guarantees. As part of that, we are working toward the progressive decentralization of our systems.

Privy's system will evolve over two axes: sovereignty and decentralization.

  • Sovereignty β€” Enabling end-users to replace the Privy Key Management System with key material they own, notably using their web3 wallet.
  • Decentralization β€” Using threshold cryptography to delegate permissions enforcement and ensure m-of-n honest data delegates are required to sign off on access to user data.

This will enable a more "Trustless" model for Privy. Under this model, your users will retain full control over who can access their personal data.

  • Permissions β€” The user sets permissions for their own data. All data access requires user consent.
  • Transparency β€” All data access is logged by Privy for the user to audit access usage.
  • Encryption β€” User data is encrypted using keys secured by the user’s own web3 wallet.