How we use sensitive user data without ever storing it

The benefit of single-use ECDH secret encryption

On Tuesday I received this email notifying me that some of my information was compromised in a data breach (as well as that of around 100 million other people). It mentions that my “name, email, IP, user ID, encrypted password, user account settings, [and] personalization data” may have all been compromised.

The immediate question I asked myself was: how can I make sure I don’t ever have to send that email out to my own customers?

As a blockchain based application, we don’t store users’ passwords in any form. Our users will have private keys (and some will have encrypted keys). These are stored locally on the user’s device but are not backed up in any centralized server.