Atala Prism and location of stored credentials

Hi all,

I’ve got a quick question. I’m writing my masters’ thesis on Atala Prism and whether it could be GDPR compliant as a specific implementation of SSI. I’m wondering the following:

Credentials are stored in the atala prism wallet app, secured by a password and seed phrase. (Password will only work on the device where holders’ have set up their wallet)

After sending a credential two things happen:

  1. Metadata is stored on chain (encrypted in binary data)
  2. The credential is sent to the entity with which the holder has established a secure connection.

Where is the credential stored on the verifiers’ side? (If stored at all) Does the verifier reside within the ecosystem of Atala Prism, or is that not necessarily the case?

It’s important for me to get a rough (technical) understanding of this, as credentials are personal information which cannot be processed without keeping the key elements of the GDPR in mind.

THANKS in advance to the one being able to help me. Unfortunately information on Atala Prism is stil scarse! : ) Have a nice week.