Privacy & compliance
Personally Identifiable Information
Also known as: PII, personal data
Data that identifies or can be used to identify a natural person — legal name, email, government ID — subject to GDPR and similar regimes.
Personally Identifiable Information (PII) is information that can identify a specific natural person, either on its own or combined with other information. Under GDPR the definition is broader: any data "relating to" an identifiable person is personal data, which includes pseudonymous identifiers if they can be linked back.
LearnCoin's GDPR-aware schema (ADR-001) treats PII as a hard constraint. PII never goes on-chain, because blockchain immutability conflicts with the GDPR right to erasure. PII lives only in Supabase, scoped by tenant Row Level Security, and is deleted on recipient request. The pseudonymous recipient ID that appears in the signed credential is not PII in isolation — the mapping to an email address is what makes it PII, and that mapping is in the off-chain database.
When in doubt, LearnCoin defaults to off-chain. Tenant-supplied external identifiers (Ewance's internal user_id, for example) are treated as PII and stay off-chain, never in the signed JSON-LD.
Related terms