Privacy & Security

The government can ask.
We can't deliver.

Not a policy statement. A technical fact. Here is exactly how Alokin's architecture makes identifiable contact data impossible to produce — and how your product data stays protected the same way.

Architecture

Two Tiers of Encryption.
Two Different Jobs.

Alokin runs two encryption layers simultaneously. Each is designed for a specific purpose. Neither can be worked around — not by Alokin, not by anyone.

Chain — Contact & Network Data

Signal Protocol — End-to-End

The same cryptographic protocol that powers Signal messenger. Your contacts, company connections, and network data are encrypted on your device before they ever touch our servers. The decryption key is generated on your phone and never transmitted. Our servers store ciphertext — a string of characters with no meaning to anyone without your key. Alokin engineers cannot read your Chain data. Full stop.

Ticket & PackTrack — Product & Transaction Data

AES-256 — Bank-Grade Encryption

Product inventory, transaction records, buy/sell tickets, and PackTrack data are encrypted using AES-256 — the same standard used by financial institutions and federal agencies. Because the identity layer (Chain) is end-to-end encrypted separately, product activity is permanently disconnected from any identifiable record. The network can generate aggregate trends without ever knowing who did what. Who sold what to whom: architecturally unknowable.

Transparency

What Alokin Can and Cannot See

Zero-knowledge architecture means we cannot see certain data by design — not because we chose not to look, but because the system was built to make it technically impossible.

Alokin Cannot Access

  • Your contact list, network, or who you're connected with in Chain
  • Messages or communications between Chain contacts
  • Which specific operators transacted with each other
  • Broker-protected supplier identities in Ticket
  • Any decrypted version of your Chain data — ever

Alokin Can Access

  • Your account email and login credentials
  • Aggregate, anonymized product movement data (opt-in only)
  • Usage patterns for app performance and reliability
  • Support tickets and communications you initiate
  • Subscription and billing information — if paid by card. Crypto payments are accepted and leave no identity trail tied to your account.
Legal & Compliance

What Happens If We Receive a Subpoena

We comply with all valid legal orders. That compliance produces almost nothing that identifies you — because of how the architecture works, not because of how we respond.

Contact Data Request

If law enforcement requests your Chain contact data with a valid legal order, Alokin complies and produces the server-side record: encrypted ciphertext. Without your device key, that data is mathematically unreadable. We cannot decrypt it for them. It is not a refusal — it is a technical wall.

Account Information

We can produce what we have access to: your email address, account creation date, login history, and subscription records. If you pay by card, billing records are tied to your account. If you pay with crypto, no payment identity exists on our side — nothing to produce. This is the limit of what Alokin can hand over about your identity either way.

Transaction Records

Product and transaction data is AES-256 encrypted and separated from identity at the architecture level. Aggregate patterns exist. Individual operator attribution — who sold what to whom — does not exist in a producible form on our servers.

How It Works

Why Signal Protocol

Signal Protocol is the most rigorously audited end-to-end encryption standard available. It is open-source, peer-reviewed by cryptographers worldwide, and used by Signal, WhatsApp, and now Alokin.

Key Generation

When you create your Chain, a unique cryptographic key pair is generated on your device using your device's secure hardware enclave. The private key is never transmitted to Alokin servers. It never leaves your phone.

What Gets Stored

Our servers receive and store encrypted ciphertext — a scrambled version of your data that requires your private key to decode. Without the key, the server-side record is computationally indistinguishable from random noise.

If Your Device Is Lost

Chain offers an encrypted key recovery option stored via your account credentials, so you can restore access. The recovery process uses zero-knowledge proofs — Alokin verifies you are who you say you are without ever seeing your key.

Network Intelligence

The Opt-In Data Layer

Alokin's market intelligence is built from operator data — but only from operators who explicitly opt in. Here is exactly how that system works.

Strictly Opt-In

No product data enters the intelligence network without your explicit consent. Opting in is a deliberate action in settings. You can opt out at any time and your data contribution stops immediately. Default state: opted out.

Anonymized Before Aggregation

When you opt in, your data is stripped of all identifying attributes before it contributes to network patterns. Product velocity, regional demand, and price trends are computed from the anonymized pool. Individual operator records are never surfaced.

You Get More Back

Operators who opt in receive market intelligence from across the entire network — what is moving, where prices are trending, what demand looks like by region. Sharing a small view of your operation gets you a much larger view of the market.

Common Questions

Straight Answers

Can Alokin employees read my contact list?
No. Chain contacts are end-to-end encrypted with a key that lives on your device. Our servers store ciphertext. No Alokin employee — engineer, admin, or otherwise — has access to a decrypted version of your Chain data.
What if there is a data breach?
A breach of Alokin's servers would expose encrypted ciphertext. Without device-side private keys, that data cannot be decrypted. For Chain data, a breach produces computationally useless noise. For AES-256 product data, the breach exposes records disconnected from any identifying information due to the separate Chain encryption layer.
Does Alokin store my contacts in the cloud?
Alokin stores encrypted ciphertext versions of your contacts for sync and backup. The data exists on our servers in a form that is unreadable to anyone without your device key. Sync is encrypted in transit and at rest. Think of it as a locked safe we are holding for you — we have the safe, not the combination.
How is this different from other cannabis software?
Most cannabis software stores your network data in plaintext or standard database encryption — accessible to the company's engineers and producible in response to legal orders. Alokin's architecture is designed so that contact identity data is technically inaccessible to us. The difference is architectural, not just policy.
Can I delete my data?
Yes. You can request full account deletion at any time. This removes your encrypted records from our servers, your opt-in data contributions from the anonymous pool, and your account credentials. Deletion is permanent and cannot be reversed.
What about package number linking in PackTrack?
PackTrack lets you manually enter package numbers in inventory records for your own reference and tracking. These records are stored in your PackTrack account under AES-256 encryption, tied to your account login. They are not connected to any external compliance system and are only accessible through your authenticated account.

If you're comfortable sending it on Signal, you're comfortable putting it in Alokin. Same protocol. Same architecture.

Back to Alokin