Data Privacy at Storj: Why We Couldn’t Sell Your Data Even If We Wanted To

John Gleeson and Katherine Johnson
December 16, 2021

In a recent Let’s Talk Storj DCS Webinar, we discussed how privacy, policy, compliance, and regulatory changes impact developers and application owners and how these changes impact data storage overall.

To continue our discussion, we’re publishing a four-part series on privacy and compliance issues as they relate to decentralized cloud storage. This introductory post explains why privacy matters at Storj — and why it’s integral to the software we build, the services we provide, and the policies we implement.

Why Data Privacy Matters

To understand why data privacy matters, it’s important to understand what happened when it didn’t seem to matter.

Flashback to the dawn of Web 2.0 when users began trading their data for free software applications like email, social media and photo sharing. The free software data collection model gave rise to third-party trackers as well as collection, aggregation and sale of data on a massive scale. From those large sets of data came an increased number of data breaches that have impacted hundreds of millions of people worldwide. 

Unfortunately, most users didn’t initially understand the value of their data and the risks of freely sharing it. But as data breaches made the news, consumers began to see the true cost of sacrificing their privacy, which has led to a new era of data privacy regulation.

Today, software companies generally fall into one of (or a combination of) two categories:

  1. Those that aggregate and sell data collected about users as part of a free service
  2. Those that sell a service and collect data to improve the user experience and enhance the service

Storj belongs firmly in the second category — but with serious limitations on how we collect and use data.

Zero Trust Ethos

Storj DCS is built on a decentralized network of 13,000 storage nodes operated by third parties in 100 different countries.

One of the key benefits of our decentralized architecture is that it increases privacy and censorship resistance. How? By requiring zero trust. That means we assume every person or system attempting to reach a protected resource has been compromised and can’t be trusted.

Our zero trust ethos not only protects data stored on our network from external cybersecurity threats but also from the thousands of independent operators who host that data — and from Storj itself.

Privacy in Policy & Practice

The basic starting point for understanding our approach to privacy is our Privacy Policy. As a privacy-first organization, Storj is committed to protecting the privacy of user data by:

  • Collecting the minimum amount of data to operate and improve the network and the service
  • Not aggregating, mining, or selling any data ever
  • Using anonymized data whenever possible

We put this policy into practice with a focus on two key aspects of data privacy:

  1. Collection of user data. For users with registered accounts who build applications or services on our system, we collect only the information needed to run and make enhancements to the network and services. Most of this data relates to usage, durability, or billing and payment.
  1. Storage of user application data. Our objective is to never have the ability to access or mine data stored on our network. That’s why all user application data is erasure coded and distributed over the network in tiny pieces as encrypted chunks of objects.

So what does our zero trust, privacy-first approach mean for anyone who uses or develops applications on our service?

It means that instead of asking people and businesses to trust us with their data. We ensure they don’t have to trust us, because no party on the network ever has access to the entirety of the data or any data in an unencrypted state. It also means Storj could never aggregate, transfer, or sell the data that users upload to the network — even if we wanted to (which we don’t).

Next in the Series: Data Privacy Regulations

Consumer awareness and concern over privacy issues have led to current data privacy laws, which are broad and can include substantial penalties.

In our next post, we’ll focus on data privacy regulations — not only how we ensure regulatory compliance with our users’ personal information, but also how users who build solutions on Storj should approach storing data that may be subject to privacy regulations.

Want to learn more about our data privacy policy? You can read about it here.

Ready to try Storj DCS yourself? You can start for free.

Sign Up

Share this blog post

Put Storj to the test.

It’s simple to set up and start using Storj. Sign up now to get 25GB free for 30 days.
Start your trial
product guide