Zero-data-retention (ZDR) is a design principle where systems process information without storing it. Data flows through the system to accomplish a task, but is immediately discarded afterward, nothing is retained for future use, analysis, or potential breach.
The principle
In a ZDR environment, when you submit a document for processing or present a credential for verification, the system handles the immediate task and then deletes the data. No copies are kept. Systems minimize or avoid retention of personal data beyond what is operationally or legally required, and the system has no memory of the transaction beyond the outcome.
Why retention creates risk
Every piece of personal data an organization stores becomes a liability. Stored data can be:
Breached by hackers, exposing individuals to identity theft and fraud.
Subpoenaed by government agencies, potentially revealing sensitive information.
Misused by employees with access to the data.
Monetized through sale to data brokers or advertisers.
Combined with other datasets to build detailed profiles of individuals.
The more data an organization retains, the larger the target it becomes and the greater the potential harm from a breach. Data you don't have can't be stolen, subpoenaed, or misused.
Applications in identity systems
Well-designed credential verification systems operate on ZDR principles. When you present a credential:
The verifier checks the cryptographic signature against the issuer's public key.
The verifier confirms the credential hasn't been revoked.
The verifier receives the specific attributes they requested.
The transaction completes, and the credential data is discarded.
The verifier retains only the outcome ("verified" or "not verified") and any business records required for their operations, not copies of your credential or personal information.
Issuers and ZDR
Issuers can also apply ZDR principles. Once a credential is provisioned to the holder's wallet, the issuer no longer needs to retain a usable copy of the verifiable digital credential, beyond the issuance records and status information required for operational purposes. The issuer maintains only the authoritative records they already kept for physical credentials, the same data the DMV has always had, without creating a new repository of verifiable digital credential information.
Personal data licenses
Some systems extend ZDR through "personal data licenses," which are machine-readable terms attached to credential presentations that specify how data may be used. When you prove your age, the presentation might include terms stating "for one-time use only; no storage or redistribution permitted."
These terms can create legal expectations and compliance obligations, depending on jurisdiction and enforcement mechanisms, giving individuals confidence that their data is governed by enforceable conditions even after it's shared.
Learn more about personal data licenses in our blog post, How Personal Data Licenses Can Keep Digital Identity Private.
ZDR in practice
Optional features, such as OCR-based document scanning or AI-assisted form completion, can operate within ZDR environments. The system processes uploaded documents to extract relevant information, but stores nothing, no user content is retained or reused for training purposes. This enables powerful functionality while maintaining privacy guarantees.
Want to keep learning?
Subscribe to our blog.
