Private Data Assets (PDA)

The foundational assets of our protocol

What is a PDA?

Private Data Assets (PDAs) serve as the foundational assets of our protocol, functioning as secure, encrypted containers that transport your data across the web. You maintain authoritative control, granting consent for data access to selected parties (more on this in Data Proofs). Issuers neatly encapsulate your information in these PDAs using a user-friendly JSON format.


PDAs are inherently private! Only the Issuer and Owner have read-access over this information. The Issuer has write access as well.

How does the PDA Lifecycle?


The lifecycle of the PDA starts when the Issuer utilizes a data model to claim a particular user to an identifier.

The user receives this PDA and can access it on their dashboard. This information is encrypted using a symmetric key native to that PDA.

The responsibility for ensuring the accuracy of this data rests squarely on the Issuer. Should the information be found inaccurate, the Issuer's credibility would diminish, leading to decreased trust from verifiers who rely on this data.

You can read more about the Issuer’s responsibility in the dedicated section here.

A sample mutation for issuance

mutation createPDA {
    title: "My First PDA",
    description: "A PDA can be anything you want it to be",
    recipient: "sanket"
    dataModelId: "1f1bff45-6ffb-48c1-ab6e-06f19cb7a744"
		image: "",
    expirationDate: null,
    claim: {
			firstName: "Sanket",
			lastName: "Jain",
      role: "Co-founder + CEO",
    }) {

Updating Claim Info

To preserve the accuracy and reliability of information within the Private Data Asset (PDA), it's essential for the issuer to have the authority to revise any aspect of the claim as circumstances dictate. However, these revisions must be conducted in alignment with the predefined Data Model, precluding the introduction of new fields.

This procedure ensures data consistency and firmly places the responsibility for maintaining up-to-date and accurate information on the issuer.

Updating Status

In our quest to uphold data integrity and verifiability, Gateway's protocol incorporates a dynamic status framework for Private Data Assets (PDAs). This ensures that all parties involved—from issuers to verifiers—are aware of the quality and reliability of the information they handle. Here's how it works:

PDA Status Framework

PDA Status Framework

By offering this nuanced status framework, we empower issuers to reflect real-time changes that affect the validity of a PDA while also providing verifiers with an insightful tool to gauge the risk and reliability of the data they consume. This framework enhances the user experience and maintains a high level of trust and compliance across all transactions.

The status change on the PDA is surfaced publicly on the Arweave file.

PDA Structure

These are the predictable components that are part of every PDA.


Each PDA has a unique format to identify the PDA. This is in UUID format and can be found on the top of the PDA page. It is generated at the time of creation of the PDA.

This is found above the name of the PDA and is unique per PDA

The PDA ID is the main reference to all the Arweave hashes associated with the respective PDA.

2. Name, Description, Categories

The following makes up the header of the PDA

PDA Header

These are used to provide a general context of what the PDA is about. It is not uncommon for PDAs to have names, descriptions, and categories that match the data model, especially if they are issued in mass.

By default, if an issuer does not provide a name, description, or category, it defaults to using the data model fields. An image can also be provided if the issuer would like.

3. Issuer

This is the ID of the entity that issued the PDA. The issuer can control the credential claims and update the PDA's status.
By default, the Display Name of the Issuer is shown, but you can click on the ID to see more info.

The ID is displayed in Display Name format. If verified, it will showcase the checkmark. Verification is limited to organizations at the moment.

4. Owner ID

This is the identifier of the Owner. It defaults to show your display name, but the Username is also available.
It is often who the claims are about.

Spotify sent Elon a PDA

5. Authenticated by

Identifies who was responsible for the issuance, in an org context, will identify an org user ID

6. Data Model ID

The data model used determines what the claims will be related to. Since every PDA is linked to a data model, the ID is stored as a reference on the PDA. This is particularly important for verifiers when they are requesting PDAs. The related data model is linked on the PDA page for you to reference and will redirect you to the explorer.

This redirects to the related data model

7. Issuance Date

This is when the PDA is issued and timestamped relative to when the transaction was initiated.

All times are UTC based.

8. Expiration date

When a creator Issues a PDA, It is possible to set an inspiration date or leave it indeterminate.

9. Status

The status of the PDA is extremely important in determining its consumption. The details related to the status are explained above.

Statuses will automatically update on your PDA if the issuer changes it

10. Claims

The core of each Private Data Asset (PDA) is its claims—key pieces of user information organized by a selected data model. These claims define what the PDA represents about a user or how it relates to the user.

These are Spotify's claims about Elon, and the structure is based on the "Top 1% Listener" Data Model.

Privacy + Storage Standards

At Gateway, your privacy is more than a feature—our core priority. For each Private Data Asset (PDA), we generate a unique symmetric key that controls read access to data stored securely on Arweave. This key is individually encrypted with the owner's and issuer's unique public keys. This ensures that each party can independently access the data while keeping it secure from unauthorized users. It's our way of reinforcing an unbreakable commitment to safeguarding your personal information.