[SCP-130] An Operative Definition of Privacy, an addendum to [SCP-80]


In SCP-80, ShapeShift Product Workstream leader Diggy made the case for data analytics to inform our path to product market fit, and the proposal passed Snapshot at the beginning of June. Pendo was formally integrated with the ShapeShift app at the start of Q3 2022, and the Product and Marketing workstreams started tracking data on our product features for those who have opted in to sharing anonymized in-app action data. In addition to Pendo, the two workstreams will continue to explore ways to pull on-chain data as well as structure and synthesize in-depth in-app data to give us new and more comprehensive insights with the goal of improving our product, messaging, marketing, and business development strategies.

This proposal is intended to address the issue of privacy as it relates to tracking user data and actions both on and off the app. The Product and Marketing workstreams recognize and respect the role of privacy in the ethos of the ShapeShift DAO. We would like to work with the community to establish a working definition for privacy that can be used to enhance operational efficiency within the workstreams of the DAO with the goal of using this definition to improve the efficiency of delegated decisions.


If this proposal passes, the DAO will have successfully established an operative meaning for privacy that can empower workstreams to make autonomous decisions while remaining within the bounds set by the community. This definition would negate the current need to pass a governance proposal each time the Product or Marketing workstreams intend to test a new type of user behavior through data tracking for the purposes of improving user features and constructing effective marketing funnels as long as the feature or strategy falls within the bounds of the definition. If these powers were ever abused and/or used in such a way as to concern the community, the DAO can amend the working definition established by this proposal to narrow its scope appropriately.


The primary motivation for this proposal is to increase efficiency of decision making related to the application of user data tracking within the ShapeShift app. Developing high-performing product features and marketing campaigns is a unique challenge in Web3, as there is a de facto expectation of data pseudonymity. In addition, the DAO is committed to offering a private version of our app that does not include any analytics or tracking. As a result, we are looking for creative ways to gather and synthesize the data necessary to determine answers to the key questions raised by Diggy in SCP-80

A clear definition of privacy and subsequent delegation of related decision making to the Product and Marketing workstreams would improve our ability to develop data gathering strategies required to answer these questions.


The proposed working definition for privacy is as follows:

“Data privacy” means the ability of a user to determine when, how, and to what extent their personal information is shared with others as well as how that data is correlated with other trackable/metricisable events inside and outside the application.

As mentioned above, ShapeShift currently maintains a private version of its app so users can opt out of data collection entirely. This option ensures the DAO offers a version of the product that guarantees complete data privacy一upholding the most extreme interpretation of “no tracking/no data collection”.

Importantly, the definition of “data privacy” above will be used to create a framework for data privacy decisions related to users who login via app.shapeshift.com.

Data Tracking Details: Data: Anonymized click-throughs and user journey

The previous proposal explicitly excluded sending hashes of users’ public keys. This proposal seeks to update that to permit tracking of anonymized data for the purposes of product improvement.

Hashed wallet id Hashed public keys Asset ids belonging to public keys Total portfolio (wallet) fiat balances Account balances, in fiat and crypto units

By hashing a user’s wallet id (a uniquely generated string) and associated public account ids (per chain), we will be able to derive insights and make better product decisions around user persona profiles and how different types of users are using the app.

Hashes are unique and not reversible - this does not enable us to deanonymize a user from hashed data back to public keys.

Private keys, or encrypted or hashed versions, never have or will be tracked.

When: user data is collected from the moment a user enters app.shapeshift.com and agrees/opts in to sharing anonymized user data. Mobile app users are tracked as part of the terms of service.

No personal identifiable information will ever be tracked.

How and to what extent: Analytics will track anonymized click events within our app for the purpose of understanding user retention rates, which features our users adopt, identifying drop offs or potential issues in our user flows, and to generally understand how users navigate throughout our application. We may sometimes also use an analytics tool to run anonymous surveys or polls with our users, to help inform product decisions or gather feedback. In some cases it could also be used to identify the parts of the world our users are in and how they first entered the ShapeShift ecosystem. This information will be used to help us with SEO, user acquisition funnels and marketing strategy.

On-chain tracking will respect the pseudonymity of user wallets, and utilize analytics for critical business tasks such as building complete marketing funnels, feature planning, feature utilization and verifying partner revenue reporting.

The anonymized data collected via the ShapeShift app will be available through the analytics provider/s and analytic platform access will be granted to relevant workstream contributors and shared during calls or office hours with the community.

ShapeShift will: • Never have access to users private keys nor collect any personal information • Never collect a users IP address • Never sell user data • Never gate features for users that opt-out of sharing data


Defining “privacy” and allowing Product and Marketing Workstreams to explore various data collection strategies will allow these Workstreams to further measure the success of our products leading to better feature engagement, higher user retention and finding the best product market fit. This definition will give parameters for workstreams to operate so that the core values of the DAO一such as privacy一can continue to be scrupulously upheld while giving workstreams the agency to operate effectively within those confines.

Users will continue to have the option to opt-in to sharing data or choose to proceed with the complete “Private” version that collects no data of any kind.


Giving workstreams the agency to implement tracking within these confines means that the broader community will have less jurisdiction over the specific tools implemented by workstreams in the future to collect, synthesize, and aggregate data. As long as the strategy falls within the bounds set by this proposal, a workstream would have the authority to execute on it.