Zero PII Policy
Structural Privacy Commitment
Overview
Liana Banyan’s Zero PII (Personally Identifiable Information) Policy is a Structural Bylaw that fundamentally limits what data the platform can collect. This isn’t just a policy—it’s architecturally enforced.
What We DON’T Collect
| Data Type | Reason |
|---|---|
| Real names | Not needed for service |
| Addresses | Handled by local nodes |
| Phone numbers | Not needed |
| Government IDs | Never required |
| Demographics | Structural prohibition |
| Browsing history | Not tracked |
| IP addresses | Not logged long-term |
What We DO Collect
| Data Type | Purpose | Notes |
|---|---|---|
| Email hash | Account recovery | Hashed, not stored plaintext |
| Locale (city) | Node assignment | Coarse location only |
| Credit card (age check) | Age verification | Via Stripe, not stored |
Data Access Levels
┌─────────────────────────────────────────────────────────┐
│ DATA ACCESS FRAMEWORK │
├─────────────────────────────────────────────────────────┤
│ │
│ TIER 1: PUBLIC │
│ • Platform statistics │
│ • Aggregate metrics │
│ • Published content │
│ │
│ TIER 2: ANONYMOUS AGGREGATE │
│ • Trend analysis │
│ • Academic research │
│ • No individual identification │
│ │
│ TIER 3: PROJECT-LEVEL │
│ • Member sees own project data │
│ • Collaborators see shared project │
│ • Time-limited access │
│ │
│ TIER 4: MEMBER-ONLY │
│ • Individual sees own data only │
│ • Export available on request │
│ • Deletion available on request │
│ │
└─────────────────────────────────────────────────────────┘
Local S.O.P. Privacy Barrier (#948)
Node-level operations are completely isolated from corporate:
CORPORATE LOCAL NODE
───────────────────────── ─────────────────────
✓ Aggregate metrics ✓ Delivery routes
✓ Financial summaries ✓ Member addresses
✓ Quality scores ✓ Pickup schedules
✓ Local preferences
║
║ FIREWALL
║ (No data flows)
║
Unlimited Accounts
The platform doesn’t track accounts per person:
- Create unlimited accounts
- No verification between accounts
- Each account stands alone
Structural Bylaw Status
The Zero PII Policy is enshrined as a Structural Bylaw:
- Cannot be changed by normal vote
- Requires Founder approval + member supermajority
- Architecturally enforced in database schema
Database Enforcement
-- Schema prevents PII storage
CREATE TABLE profiles (
id UUID PRIMARY KEY,
-- NO name column
-- NO address column
-- NO phone column
email_hash TEXT, -- Hash only
locale TEXT, -- City-level only
created_at TIMESTAMP
);
-- Trigger rejects PII
CREATE TRIGGER prevent_pii_insertion
BEFORE INSERT ON profiles
FOR EACH ROW
EXECUTE FUNCTION check_no_pii();
Related Systems
- Harper Review Protocol
- Local S.O.P. Registry
- Data Access Framework