PsicoStacks

Security Model

How PsicoStacks protects your sensitive psychometric data.

Multi-Layer Security

Layer 1: Encryption (AES-256-GCM)

All sensitive credential data is encrypted before storage using AES-256-GCM, a military-grade encryption standard.

  • 256-bit encryption key
  • Galois/Counter Mode for authenticated encryption
  • Unique initialization vector (IV) per credential
  • Authentication tag prevents tampering

Layer 2: Blockchain (Stacks)

Only metadata and commitment hashes stored on-chain. Benefits from Bitcoin's security via Stacks.

  • Inherits Bitcoin's Proof-of-Work security
  • Immutable audit trail
  • No PII stored on-chain
  • Cryptographic proof of issuance

Layer 3: Access Control

Time-limited, one-time tokens control access to decrypted data.

  • Share tokens: 2-hour expiry
  • View tokens: 60-second expiry, one-time use
  • Token invalidation on use
  • Automatic cleanup of expired tokens

What's Stored Where

✅ On-Chain (Public)

  • • Credential ID
  • • Owner wallet address
  • • Issuer wallet address
  • • Schema version
  • • Commitment hash (SHA-256)
  • • Expiry block height
  • • Revocation status

🔒 Off-Chain (Encrypted)

  • • Full psychometric report
  • • Test scores & percentiles
  • • AI analysis & insights
  • • Personal information
  • • Assessment metadata

Threat Model & Mitigations

Threat: Data Breach

Mitigation:

  • All data encrypted at rest (AES-256-GCM)
  • Encryption keys stored separately from data
  • Even with database access, data remains unreadable

Threat: Credential Forgery

Mitigation:

  • Blockchain immutability prevents tampering
  • Commitment hash cryptographically proves data integrity
  • Any modification invalidates the hash

Threat: Unauthorized Access

Mitigation:

  • Time-limited tokens (60s for full access)
  • One-time use view tokens
  • Payment required for full report
  • Candidate can revoke anytime

Threat: Credential Selling/Transfer

Mitigation:

  • Soulbound Tokens (non-transferable)
  • Wallet-bound credentials
  • Smart contract enforces non-transferability

Privacy by Design

  • Minimal On-Chain Data:

    Only necessary metadata on blockchain. No PII exposed.

  • User-Controlled Sharing:

    Candidates decide who can access and can revoke anytime.

  • Time-Limited Access:

    60-second windows prevent long-term data retention by verifiers.

  • Audit Trail:

    All verifications logged on-chain for transparency.

Best Practices for Users

For Candidates

  • Keep your wallet Secret Key secure
  • Only share credentials with trusted employers
  • Revoke credentials when no longer needed
  • Review verification logs regularly

For Employers

  • Only request credentials you need
  • Review data within 60-second window
  • Don't share view tokens (they're one-time use)
  • Respect candidate privacy

Learn More

→ Soulbound Tokens→ Credential Flow→ Smart Contract Security