← Home Legal - Privacy

Privacy by design.

SPEAQ ID is built on the principle that the safest data is data that was never collected. This page explains how that principle is implemented at the architecture level, what little data we do process, and how to reach us with a question.

This page is published in English. Translations follow on partner request.

What we do not collect

No phone number or email is required to create a SPEAQ ID.
No browser fingerprint is sent to any third party.
No analytics cookies, no advertising cookies, no cross-site tracking.
No central credential database. Verifiable credentials live on your device.

What we process

Authentication sessions: a short-lived nonce and session identifier, stored in our auth-server for up to 24 hours of replay protection. No personal identifiers are stored alongside.
Public DIDs and presented credentials: only when you actively present them to a platform during the Sovereign Handshake. The platform receives only the public key and the claims you authorise.
Marketing site visits: anonymous request logs aggregated within 24 hours, no individual profiles.
Developer-portal accounts (when launched): email address and organisation name for licensing and support, retained until cancellation plus 30 days.

Where data is processed

All servers are located in the European Economic Area, in europe-west1 (Belgium) on Google Cloud Run. Sub-processors:

Vercel Inc. for marketing-site hosting (with EEA region pinning).
Google Cloud (Belgium) for the SPEAQ ID auth-server and the developer-portal.
GitHub Inc. for source-code distribution of the SPEAQ ID SDK.

Standard Contractual Clauses (SCC) are in place for any unavoidable transfer outside the EEA.

Your rights under GDPR

You have the right to access, rectify, delete, restrict, port, and object to the processing of your personal data. Because most of your SPEAQ ID lives only on your device, exercising these rights is a matter of using your device. For server-side data such as a developer-portal account, contact us at the address below.

Contact

QSR2go Operations B.V., trading as Plexaris
Amsterdam, the Netherlands
Chamber of Commerce (KvK): 62031619
Privacy contact: frank@plexaris.com

QSR2go Operations B.V. (h.o.d.n. Plexaris) is the controller for personal data processed in connection with SPEAQ ID. There is no formally appointed Data Protection Officer because the company remains under the GDPR article 37 thresholds; the CEO performs DPO-light duties.

Last updated: 10 May 2026 - Legal entity disclosure added.