I’m in the planning phase of a startup idea that would use Atala PRISM on Cardano, but there’s something I can’t quite figure out about it. Any clarification on this would be greatly appreciated:
On the Atala PRISM website, it says Atala PRISM is GDPR compliant and all the data associated with the DID is stored securely on the individual’s phone. Yet, later on it says that if the person loses the phone they can restore their DID and all of its data using their Seed Phrase. That seems to imply that the data is stored somewhere else than just the phone, which in turn seems to imply the data must be on the Cardano public blockchain… which of course can’t comply with GDPR/RtbF because it’s immutable.
There must be something I’m missing here?