Skip to main content

Documentation

Privacy

The EUDI Wallet Compliance toolkit is designed to be useful without ever needing to know who you are. Two facts cover most of what we do:

  • The credentials you assess never leave your browser.
  • Pageview-level analytics is collected via Plausible, a cookieless and privacy-friendly tool. No personal data is transmitted to any analytics service.

What stays in your browser

The Self-Assessment engine, the catalogue, and the report renderer all execute as static JavaScript in your browser. The runtime status- list resolver, when triggered, fetches the URL declared by your credential directly from your browser to the published endpoint. There is no proxy and no relay. PDF and JSON downloads are produced on the client via URL.createObjectURL; the bytes never touch our server.

Reports are persisted to your browser's localStorage with a 30-day TTL. The email address you submit at the download gate is also stored in localStorage alongside the matching report id, with a 365-day TTL. Both are cleared when you clear your browser's site data. We do not transmit either to a third party.

What we do collect

We use Plausible for aggregate, cookieless web analytics. Plausible is a privacy-friendly alternative to Google Analytics with no cookies, no fingerprinting, and explicit GDPR / CCPA compliance.

The signals Plausible records on our behalf:

  • Pageviews. Which pages on this site got visited, which referrer brought the visit. No IP address is stored.
  • Custom events. A handful of named actions: assessment started, assessment completed, report downloaded, control page viewed, sample used. Each event includes only the structural metadata needed to bucket it (e.g. tier name, pass/fail counts, control id) and a public-tenant identifier. No personal data is sent.

Plausible aggregates these signals at the page and event level and does not assemble them into a profile of any individual visitor. The full event list is in our source code under apps/web/lib/analytics.ts; you can audit it before opening the page if you wish.

What we do NOT collect

  • No advertising or tracking cookies. The site ships zero third-party trackers besides the Plausible analytics script.
  • No fingerprinting. Plausible explicitly does not fingerprint visitors; we do not run any other fingerprinting script.
  • No credential content. The bytes of your EAA, the issuer cert, and the type metadata stay in your browser. We have no copy and no way to recover them.
  • No email-to-page joins. The email captured at the download gate is local to your browser. It is not transmitted to any analytics or marketing service. We do not link the email to your pageview history.

Hosting

The site is a static HTML/JS export served from CDN edges. There is no application server between you and the published assets. The Plausible script that runs in your browser communicates with Plausible's hosted endpoint directly; your IP is hashed and discarded by Plausible per their stated policy.

Questions

For privacy questions, email [email protected]. For engineering specifics (which signals, where they are sent), the analytics code is open in the repository: github.com/L3-iGrant/eudi-wallet-compliance.

Last reviewed 02/05/2026. All documentation · Back to the Hub ·