Erasure

GDPR Article 17 grants EU residents the right to have their personal data erased. For a credential-issuing platform this is a fundamental design constraint: if any PII is ever written to immutable blockchain storage, it cannot later be erased, which is incompatible with GDPR.

LearnCoin resolves the tension through an architectural split (see ADR-001). The on-chain footprint is strictly the Merkle root, the issuer DID reference, the issuance timestamp, and the transaction ID — no PII. PII (recipient legal name, email, tenant-supplied external identifiers) lives off-chain in Supabase under tenant-scoped Row Level Security.

On a recipient-requested erasure, LearnCoin deletes the Supabase row mapping the email to the pseudonymous recipient ID. The credential itself stays cryptographically valid — anyone with a copy of the signed document can verify it — but the verification page at learncoin.me/c/<id> redacts the display name. The credential is still revocable by the issuer; erasure and revocation are independent.