Encrypted key share custodian
Rozero Digital, MB is a company registered in the Republic of Lithuania, acting as one of seven independent encrypted key share custodians in the Everfair user-recovery system.
What we do
- We hold one encrypted Shamir Secret Sharing share assigned to Rozero Digital, MB under the Everfair 2-of-7 recovery model.
- We respond to lawful recovery requests once the Everfair recovery protocol has assembled the required quorum.
- We act as the Lithuanian legal point of contact for lawful law-enforcement and judicial requests concerning ownership of Everfair wallets.
- We store, in encrypted form and in the minimum scope required, a mapping from a wallet address to a state-issued personal / company identification code (see below).
- We maintain operational, geographic and legal separation from the other six share custodians.
Exactly what data we store
Rozero Digital stores the absolute minimum required to fulfil its lawful disclosure obligation:
- The Everfair wallet address (public).
- The country code (ISO 3166-1, e.g.
LT,EE,US). - The national personal identification code (in Lithuania — asmens kodas; in other countries — the corresponding state identifier), or the company registration number for legal entities.
- A disclosure audit log.
The personal code is stored encrypted with AES-256-GCM; the encryption key is split using a Shamir 2/3 scheme between Rozero Digital, the Everfair vault and an independent legal escrow. No single Rozero employee can decrypt the data unilaterally.
What we do not do and do not store
- We do not perform customer identity verification (KYC) or business verification (KYB). The Everfair network has assigned these functions to a separate accredited KYC/KYB provider (currently — Sumsub; may be replaced with another accredited partner without affecting Rozero's role).
- We do not store user names, surnames, dates of birth (as a separate field), residential addresses, phone numbers or email addresses.
- We do not store identity document images, biometric data, PEP or sanctions screening results, or KYC video recordings.
- We have no direct access to Everfair's transaction stream or customer funds.
- We cannot decrypt a user's key on our own — participation of other Shamir 2-of-7 share custodians is required.
Cooperation with authorities
Rozero Digital, MB operates under the jurisdiction of the Republic of Lithuania and complies with applicable legal obligations. Upon receipt of a valid Lithuanian court order, prosecutor's decision or decision of a competent authority, Rozero Digital provides the requesting authority, for the wallet address in question, with:
- the country code (e.g.
LT); - the national personal or company identification code.
Rozero cannot supply the user's name, surname or address — it does not hold such data. The authority itself establishes the identity through state registers (in Lithuania — the Population Register and the Register of Legal Entities), in which that personal / company code is the authoritative identifier.
Foreign law-enforcement requests
Rozero Digital does not act on direct requests from foreign law-enforcement agencies. International cooperation flows through established legal channels and ends with a national act issued by a Lithuanian court or prosecutor:
- EU Member States — via a European Investigation Order (EIO) under Directive 2014/41/EU. The issuing-state authority submits the EIO to the competent Lithuanian authority (typically the Prosecutor General's Office), which forwards it to Rozero Digital for execution.
- Third countries (e.g. United States, United Kingdom, Switzerland) — via a Mutual Legal Assistance Treaty (MLAT) or diplomatic channel. The foreign agency contacts its own central authority, which contacts the Lithuanian Prosecutor General's Office or Ministry of Justice; these initiate a national procedure and issue a Lithuanian order executed by Rozero Digital.
- Emergency cases (imminent threat to life, child exploitation) — expedited disclosure is possible under the Lithuanian Code of Criminal Procedure and the AML Law, with mandatory retrospective judicial review.
In all cases, Rozero Digital's legal basis to disclose data is a Lithuanian court or prosecutor's act, not a direct request from a foreign authority.
Conditions in all cases
- executed only on a valid legal basis under Lithuanian and EU law;
- only data that the legal basis permits is disclosed — typically only the country code and the personal / company code;
- recorded in an immutable audit log (request date, authority, legal basis, data disclosed);
- does not weaken the Shamir 2-of-7 scheme — Rozero Digital cannot move user funds even when serving an authority's request.
Foreign law-enforcement requests
Rozero Digital does not act on direct requests from foreign law-enforcement agencies. International cooperation flows through established legal channels and ends with a national act issued by a Lithuanian court or prosecutor:
- EU Member States — via a European Investigation Order (EIO) under Directive 2014/41/EU. The issuing-state authority submits the EIO to the competent Lithuanian authority (typically the Prosecutor General's Office), which forwards it to Rozero Digital for execution.
- Third countries (e.g. United States, United Kingdom, Switzerland) — via a Mutual Legal Assistance Treaty (MLAT) or diplomatic channel. The foreign agency contacts its own central authority, which contacts the Lithuanian Prosecutor General's Office or Ministry of Justice; these initiate a national procedure and issue a Lithuanian order executed by Rozero Digital.
- Emergency cases (imminent threat to life, child exploitation) — expedited disclosure is possible under the Lithuanian Code of Criminal Procedure and the AML Law, with mandatory retrospective judicial review.
In all cases, Rozero Digital's legal basis to disclose data is a Lithuanian court or prosecutor's act, not a direct request from a foreign authority.
Conditions in all cases
- executed only on a valid legal basis under Lithuanian and EU law;
- the user's full identity (name, documents, company registration data) is obtained by the authority directly from the KYC/KYB provider or state registers — such data does not reside in Rozero's infrastructure;
- recorded in an immutable audit log (request date, authority, legal basis, data disclosed);
- does not weaken the Shamir 2-of-7 scheme — Rozero Digital cannot move user funds even when serving an authority's request.
Why this matters
The Everfair recovery system is designed on a banking-grade 2-of-7 model: a user's master key is split into seven encrypted shares using the Shamir algorithm, and at least two independent shares must be combined to reconstruct it. This means that no single custodian, including Rozero Digital, can access user assets or data without consent of other independent share holders.
Rozero Digital, MB performs a second essential function in the Everfair network: it ensures that every wallet created in the Everfair network has a known owner. There are no anonymous wallets in Everfair: every address is bound to a state-issued personal or company identification code, which Rozero holds in encrypted form.
The purpose is to prevent money laundering, terrorism financing and other financial crime: upon a Lithuanian court order, prosecutor's decision or decision of a competent authority, law enforcement can always reach, through Rozero, the identifier of a specific wallet's owner and establish identity via state registers. This mechanism applies to the entire Everfair network, regardless of which KYC/KYB partner is in use, and regardless of the country in which the user creates the wallet.
Company details
- Name
- Rozero Digital, MB
- Legal form
- Mažoji bendrija (small partnership)
- Registration number
- 307130992
- Registered address
- Žemaitijos st. 1-14, LT-89140 Mažeikiai, Republic of Lithuania
- Director
- Laurynas Baranauskas
- Phone
- +370 692 47311
- info@rozero.digital
- Website
- https://rozero.digital
Role in personal data processing
Everfair is a decentralized network, not a legal entity, so there is no classic GDPR controller–processor relationship between Rozero and Everfair. Rozero Digital:
- is a technical custodian of one encrypted Shamir key share — the ciphertext in isolation is not identifiable personal data under GDPR;
- is the data controller of the minimal mapping “wallet address → country code + personal / company code" which it stores on its own initiative in order to act as the Lithuanian legal point of contact;
- does not control or process KYC/KYB identity data (names, documents, biometrics, company registration data) — these are processed in its own infrastructure by a separate accredited KYC/KYB provider of the Everfair network (currently — Sumsub), under its own agreements with users.
See the Privacy policy for details.