An Operative Definition of Privacy, an addendum to [SCP-80]
Jan 25, 2023


In SCP-80, ShapeShift Product Workstream leader Diggy made the case for data analytics to inform our path to product market fit, and the proposal passed Snapshot at the beginning of June. Pendo was formally integrated with the ShapeShift app at the start of Q3 2022, and the Product and Marketing workstreams started tracking data on our product features for those who have opted in to sharing anonymized in-app action data. In addition to Pendo, the two workstreams will continue to explore ways to pull on-chain data as well as structure and synthesize in-depth in-app data to give us new and more comprehensive insights with the goal of improving our product, messaging, marketing, and business development strategies. 

This proposal is intended to address the issue of privacy as it relates to tracking user data and actions both on and off the app. The Product and Marketing workstreams recognize and respect the role of privacy in the ethos of the ShapeShift DAO. We would like to work with the community to establish a working definition for privacy that can be used to enhance operational efficiency within the workstreams of the DAO with the goal of using this definition to improve the efficiency of delegated decisions.


If this proposal passes, the DAO will have successfully established an operative meaning for privacy that can empower workstreams to make autonomous decisions while remaining within the bounds set by the community. This definition would negate the current need to pass a governance proposal each time the Product or Marketing workstreams intend to test a new type of user behavior through data tracking for the purposes of improving user features and constructing effective marketing funnels as long as the feature or strategy falls within the bounds of the definition. If these powers were ever abused and/or used in such a way as to concern the community, the DAO can amend the working definition established by this proposal to narrow its scope appropriately.  


The primary motivation for this proposal is to increase efficiency of decision making related to the application of user data tracking within the ShapeShift app. Developing high-performing product features and marketing campaigns is a unique challenge in Web3, as there is a de facto expectation of data pseudonymity. In addition, the DAO is committed to offering a private version of our app that does not include any analytics or tracking. As a result, we are looking for creative ways to gather and synthesize the data necessary to determine answers to the key questions raised by Diggy in SCP-80

A clear definition of privacy and subsequent delegation of related decision making to the Product and Marketing workstreams would improve our ability to develop data gathering strategies required to answer these questions. 


The proposed working definition for privacy is as follows:

“Data privacy” means the ability of a user to determine when, how, and to what extent their personal information is shared with others as well as how that data is correlated with other trackable/metricisable events inside and outside the application. 

As mentioned above, ShapeShift currently maintains a private version of its app so users can opt out of data collection entirely. This option ensures the DAO offers a version of the product that guarantees complete data privacy一upholding the most extreme interpretation of “no tracking/no data collection”.

Importantly, the definition of “data privacy” above will be used to create a framework for data privacy decisions related to users who login via

Data Tracking Details:
Data: Anonymized click-throughs and user journey

The previous proposal explicitly excluded sending hashes of users' public keys. This proposal seeks to update that to permit tracking of anonymized data for the purposes of product improvement.

  • Hashed wallet id
  • Hashed public keys
  • Asset ids belonging to public keys
  • Total portfolio (wallet) fiat balances
  • Account balances, in fiat and crypto units

By hashing a user’s wallet id (a uniquely generated string) and associated public account ids (per chain), we will be able to derive insights and make better product decisions around user persona profiles and how different types of users are using the app.

Hashes are unique and not reversible - this does not enable us to deanonymize a user from hashed data back to public keys.

Private keys, or encrypted or hashed versions, never have or will be tracked.

When: user data is collected from the moment a user enters and agrees/opts in to sharing anonymized user data. Mobile app users are tracked as part of the terms of service.

No personal identifiable information will ever be tracked. 

How and to what extent:
Analytics will track anonymized click events within our app for the purpose of understanding user retention rates, which features our users adopt, identifying drop offs or potential issues in our user flows, and to generally understand how users navigate throughout our application. We may sometimes also use an analytics tool to run anonymous surveys or polls with our users, to help inform product decisions or gather feedback. In some cases it could also be used to identify the parts of the world our users are in and how they first entered the ShapeShift ecosystem. This information will be used to help us with SEO, user acquisition funnels and marketing strategy.

On-chain tracking will respect the pseudonymity of user wallets, and utilize analytics for critical business tasks such as building complete marketing funnels, feature planning, feature utilization and verifying partner revenue reporting. 

The anonymized data collected via the ShapeShift app will be available through the analytics provider/s and analytic platform access will be granted to relevant workstream contributors and shared during calls or office hours with the community.

ShapeShift will: 
• Never have access to users private keys nor collect any personal information 
• Never collect a users IP address 
• Never sell user data 
• Never gate features for users that opt-out of sharing data


Defining “privacy” and allowing Product and Marketing Workstreams to explore various data collection strategies will allow these Workstreams to further measure the success of our products leading to better feature engagement, higher user retention and finding the best product market fit. This definition will give parameters for workstreams to operate so that the core values of the DAO一such as privacy一can continue to be scrupulously upheld while giving workstreams the agency to operate effectively within those confines.

Users will continue to have the option to opt-in to sharing data or choose to proceed with the complete “Private” version that collects no data of any kind. 


Giving workstreams the agency to implement tracking within these confines means that the broader community will have less jurisdiction over the specific tools implemented by workstreams in the future to collect, synthesize, and aggregate data. As long as the strategy falls within the bounds set by this proposal, a workstream would have the authority to execute on it.

This post has 1 history
Write a reply...
Read More
Fireb0mb1Jan 27, 2023

Just to break the silence (which I think stems from people agreeing with this proposal) and show some support. I find it good to define such concepts and validate them through Governance even if they are mostly already understood/followed/promoted by the current Workstreams, so I'm in favor of this.

In addition, there might be other fundamental pieces of the ShapeShift vision that we currently uphold that could be defined in a similar way to ensure a clear definition/framework for Workstreams to follow, and if they needed to change a new proposal would have to be made. Non-custodial, open-source, come to mind as non-controversial ones, no additional fees for a more controversial one. We take them for granted, or we assume that the community still agrees with all of them after couple of years but everything can change as we've seen with recent proposals, so it might be worth reevaluating them and submitting them to the community from time to time.

Read More
TylerShapeShiftJan 31, 2023

Thank you for breaking the silence and showing your support @Fireb0mb1.

This proposal is a first for the DAO around clarifying a working definition of a term and its implicit use at the DAO and among workstreams. I hope we can see future proposals take similar approaches to clearly defining the foundational ideals ShapeShift builds its product suite around when faced with actioning previous proposals that have uncertain or improperly defined terminology that can hinder our future progress and goals.

Specifically in this proposal, the ability to collect and interpret anonymized data feels like an asterisk that could have been considered in the previous iterations the privacy conversations the DAO had. Recognizing in our current state of product development the benefits this proposal would allow in data collection and user feedback, while also respectfully considering no change to our stance on privacy has been the thoughtful work of quite a few DAO contributors to get this draft as polished as it is now.

More From ShapeShift
FOX Governance Process
FOX Governance Process
How to link legacy forum history to your Metaforo account
How to link legacy forum history to your Metaforo account
Anonymous Feedback Submission Form
Anonymous Feedback Submission Form
🏛️Proposal template and instructions
🏛️Proposal template and instructions
[SCP-131][Incubation] Added fees for Thorchain swaps
[SCP-131][Incubation] Added fees for Thorchain swaps
by 0xean
Addendum to [SCP-119]
Addendum to [SCP-119]
by TylerShapeShift
[SCP - TBD] Treasury Signed Selection Committee and formalizing the signing process.
[SCP - TBD] Treasury Signed Selection Committee and formalizing the signing process.
by PTT
Welcome to the official forum for ShapeShift DAO. Learn more at
About this Discussion