Unlinkability
Company-side and citizen-side records are indexed separately and cannot be trivially joined through Agreely. This protects the link between a citizen's DID and a company's customer reference: neither Agreely, nor a leak of one side, can stitch the two graphs back together. This is not a policy promise; it falls out of how the two sides are keyed.
The precise boundary
Unlinkability is a specific property, and overclaiming it would be dishonest.
What unlinkability does and does not do
Unlinkability protects the citizen-DID-to-company-customer correlation: it stops Agreely, or a leak of one side, from joining a person's DID to a company's customer record. It does not hide the company's own customer_id from the company itself. The company already knows its own customers; Agreely does not, and cannot, change that. Agreely is not an anonymity system, and it does not claim the person is anonymous to the company they transact with.
Next
- Privacy and erasure: how the same property lets erasure keep proof while destroying the readable claim.
- Honest boundaries: the full honesty posture, including what is and is not written on-chain.
- The protocol for the DID and commitment construction.