Illustration of a shield with Verida Network logo on it

Verida Network Security

An explainer on the advanced security of the Verida Network

How is my data protected?

Your data is end-to-end encrypted with a private key on your local mobile phone, tablet or computer. Storage nodes and apps can not access your data.

Your data is securely transmitted to nodes on the Verida Network.

Your data is split into separate databases with different encryption keys for enhanced security.

Diagram with the title “Only you can access and decrypt your data, providing advanced protection from hackers” explaining the encryption of user data.

Where is my data stored?

By default, data is stored on storage nodes located within your country or region.

You can also select specific storage nodes or operate your own.

Your data is replicated across multiple nodes for backup and redundancy.

Diagram with the title “Only you can access and decrypt your data, providing advanced protection from hackers” showing the world map with storage nodes in different locations of the map connected together.

How is the network secured?

1

Storage node operators complete a comprehensive verification process before joining the network.

2

Storage node operators must stake tokens to participate in the network.

3

These tokens can be destroyed if the node operator is malicious or delivers poor service.

Diagram with the title “Node operators must adhere to strict rules or risk losing their capital” showing 3 steps mentioned above.
Diagram with the title “Only you can access and decrypt your data, providing advanced protection from hackers” explaining the encryption of user data.
Diagram with the title “Only you can access and decrypt your data, providing advanced protection from hackers” showing the world map with storage nodes in different locations of the map connected together.
Diagram with the title “Node operators must adhere to strict rules or risk losing their capital” showing 3 steps mentioned above.

How does the Verida Network allow compliance with Data Regulations?

Users

  • Users can delete their data. They have the right to be forgotten.
  • User data is portable by design.
  • Data is end-to-end encrypted with users controlling the keys.
  • Data is always user-owned by design.

Applications

  • Applications have no custody or access to user data, enabling GDPR / HIPAA compliance.
  • Data can be guaranteed to be stored in a country / region.
  • Rich permissions and controls for user consent of data sharing.

Storage Providers

  • Must complete a comprehensive verification process before joining the network.
  • Must stake tokens to participate in the network.
  • Tokens can be destroyed if the node operator is malicious or delivers poor service to users.

You remain in complete control of your personal data

You can login to applications to decrypt your personal data.

You can consent to share your personal data with others.

You can revoke third party access to your data at any time.

Application developers can not access your data.

data access screens

You receive data requests from applications or organizations.

You can share your data or ignore the data request.

You can verify who requested the data and what access is granted.

You can revoke access by logging out of applications or disabling data sharing connection

data sharing

Zero-Knowledge Credentials prove you hold personal information, without disclosing that information.

This allows you to prove your age or citizenship, without disclosing personal data such as your birthdate or passport number.

This significantly reduces the risk of leaking your personal data.

zero knowlege credentials

Strategies for applications to secure user data

Verida Wallet

  • Verida Wallet is a secure, user-friendly application to receive, access and share the user's data stored on the Verida Network
  • Data records are shared individually
  • User consent on an "as need" basis
  • Standard data schemas
  • Data is interoperable between different applications

Application Database

  • Users unlock an encrypted application database
  • Developers define the data schemas
  • User data is decrypted on their device when they sign in

Shared Database

  • Enterprises push data to an encrypted data warehouse
  • Data is encrypted with multi-party keys
  • Multiple parties must contribute their key parts to access and decrypt data

Verida Security Audits

Automated vulnerability testing

Manual security testing

Review of the Verida architecture

first audit

Chainsulting

No critical issues were found, and the team have addressed or acknowledged all other issues identified.

A comprehensive security audit on the protocol and the Verida Wallet (previously called Vault) mobile app was completed by Chainsulting (2022).

second audit

Hashlock

A second audit on the Verida Protocol was completed by Hashlock, resulting in Verida achieving the highest possible security rating (2023).

Build with us

Register your project, apply for the early adopter program and gain direct access to our developer success team and more!
Join the Verida Ecosystem
Priority access to mainnet
Developer previews
Community rewards
Token incentives
Thank you!
Your submission has been received! We'll get back to you soon.
Oops! Something went wrong while submitting the form.