Wavelynx — PII surface
Every data field Wavelynx ever transmits to a wallet platform, with the mode of transmission per destination. Anonymous credentials are fully supported — display name, role, and photo are voluntary, never required. Wavelynx never collects financial data, government IDs, contact information beyond what appears on the pass, biometric templates, or location data.
| Field | wallet Apple Wallet | mediator NXP MIFARE2GO | wallet Google Wallet |
|---|---|---|---|
| Pass display | |||
Institution name Text rendered on the pass front; configured per partner site / group. | Required | Required | Required |
Cardholder display name Voluntary. Sourced from partner's issuance request. Omitted entirely for anonymous credentials. | Voluntary | Voluntary | Voluntary |
Cardholder role Voluntary. e.g. "Sales Manager", "Cardholder". Omitted for anonymous. | Voluntary | Voluntary | Voluntary |
Cardholder photo Voluntary. Stored encrypted in Wavelynx GCS, transmitted as image bytes. Omitted for anonymous. | Voluntary | Voluntary | Voluntary |
| Credential material | |||
DESFire NFC profile (Apple) Card structure — AIDs, file definitions, file access rights — defining how an access reader interacts with the credential on Apple Wallet. | Required | Not transmitted | Not transmitted |
DESFire EV2 NFC payload (Google) Card structure — AIDs, files, key aliases — for Google Wallet via NXP MIFARE2GO. | Not transmitted | Required | Required |
Cryptographic key material (Apple) Symmetric AES keys wrapped per Apple's published key-wrapping spec. Apple holds the key-wrapping envelope; Wavelynx never transmits raw key material in the clear. | Wrapped / encrypted | Not transmitted | Not transmitted |
AES128 key material (Google) Symmetric keys for the credential, JWE-encrypted in transit. NXP receives only the encrypted envelope. | Not transmitted | Wrapped / encrypted | Not transmitted |
| Identifiers | |||
VUID — Virtual Unique ID Apple-side credential identifier, generated by Wavelynx. Federated — meaningful only within the Wavelynx ↔ Apple ↔ specific-device relationship. | Required | Not transmitted | Not transmitted |
PBID — Provisioning Bundle ID Apple-side pass-instance identifier. Federated. One VUID can have many PBIDs over time — each provisioning event (initial add, removal-and-re-add, device transfer) produces a new PBID while the underlying VUID stays constant. | Required | Not transmitted | Not transmitted |
Device-bound identifiers (UAP only) Apple-issued IDs binding the credential to a specific device. Federated — scoped to Apple's issuer-device relationship; cannot be correlated externally. | Required | Not transmitted | Not transmitted |
correlationId Per-credential tracking identifier used by NXP to correlate webhook callbacks. Federated to the Wavelynx ↔ NXP relationship. | Not transmitted | Required | Not transmitted |
dfName Per-customer NXP-side identifier scoping the credential to the issuing organization. | Not transmitted | Required | Not transmitted |
cardType NXP card-type taxonomy value (e.g. ACCESS_CORPORATE_ID_CARD). | Not transmitted | Required | Not transmitted |
| Explicitly NOT transmitted | |||
Government identifiers SSN, driver's licence numbers, passport numbers, tax IDs, etc. | Not transmitted | Not transmitted | Not transmitted |
Contact info (email, phone, mailing address) Wavelynx does not collect or store these beyond what appears on the wallet pass (display name and role only). | Not transmitted | Not transmitted | Not transmitted |
Financial / account data Account numbers, payment-instrument data, billing details. | Not transmitted | Not transmitted | Not transmitted |
Biometric templates Fingerprint, face, or other biometric template data. | Not transmitted | Not transmitted | Not transmitted |
Location data Device location, geolocation traces. | Not transmitted | Not transmitted | Not transmitted |
- src/wallet-api-data-flow-architecture-v1.0.12.pdf — §5.1 Data sent to Apple · §6.1 Data sent to NXP / Google