Trust & Compliance at Decot

A concise look at how we protect your data, honour your privacy and support global e-signature regulations.

1 · Sui’s Object-Centric Foundation

Every agreement created in Decot is minted on the Sui blockchain as its own discrete object. Ownership, signatures and state changes are all tracked on that single object’s timeline, giving you a permanent, tamper-evident history in one place.

2 · Security Architecture

Decot follows a three-wall defence model:

  • SEAL client-side encryption. Files are locked in your browser; keys never leave your device. Decrypt rights are controlled by on-chain policies.
  • Walrus distributed storage. Encrypted blobs live in a decentralised S3-compatible network, eliminating single points of failure.
  • Sui anchoring. A tiny fingerprint (SHA-256 hash) of every file and action is immutably recorded on Sui for public verification.
  • Independent security reviews. Our Move modules and cloud infrastructure undergo regular third-party assessments; all critical upgrades require multi-signature approval.
End-to-end resilience: Even if Decot’s servers were offline, your encrypted data remains in Walrus and its proofs stay verifiable on Sui.

3 · Privacy & Data Protection

  • Minimal on-chain data. Only wallet addresses, hashes and timestamps are public. Content never touches the ledger.
  • zkLogin onboarding. Sign in with Google, Microsoft, etc. A zero-knowledge proof links you to a Sui address without revealing personal info.
  • User-owned keys. SEAL ensures only wallets listed in the contract policy can decrypt.
  • Road-mapped selective disclosure. Future ZK circuits will allow “prove-without-reveal” statements (e.g. “value > €10k”).
Need our Data Processing Addendum? Email [email protected].

4 · Regulatory Compliance

eIDAS 2.0 (EU)

Decot’s ledger design aligns with the principles of “Qualified Electronic Ledgers” introduced in Regulation 2024/1183; a formal conformity assessment for the ledger is on our roadmap. For signatures, Decot issues Qualified Electronic Signatures (QES) via DigiCert — eIDAS-aligned and trusted in Adobe Acrobat.

GDPR

Decot acts as a data processor; you remain the controller.

  • Content encrypted client-side → Decot can’t read it.
  • On-chain data is pseudonymous.
  • “Right to erasure” = revoke access to the Walrus blob; the ledger hash alone cannot identify a person.

UETA & ESIGN (US)

Wallet signatures plus an immutable audit trail meet the intent, attribution and integrity requirements of both statutes.

5 · Audit & Verification

  1. In-app timeline.
  2. Downloadable evidence file.
  3. Sui Explorer. Public inspection.
  4. Local hash check.
  • Are blockchain logs admissible in court?

    Courts increasingly accept properly authenticated blockchain records as reliable evidence.

  • Can a contract be changed or deleted?

    Past transactions are immutable. Updates create new versions; nothing is silently overwritten.

  • Who holds the decryption keys?

    You and your authorised collaborators – enforced by SEAL’s on-chain policy engine.

  • Does Decot provide legal advice?

    No. Decot supplies secure tooling; please consult professional counsel for legal matters.

Still have questions? Email [email protected].