The Biological Sovereignty Protocol is an open protocol that gives every individual cryptographic ownership of their biological data — genomics, clinical records, wearables, and more.

Where is my data stored?

All data is permanently stored on the Arweave network, a decentralized storage blockchain. No company can delete or revoke your access.

Do I need to pay to use BSP?

No. BSP is open source and MIT-licensed. Any developer can integrate for free. Arweave storage costs are minimal.

How does consent work?

Every access requires a ConsentToken — cryptographically signed by the BEO holder. You define scope, time limits, and can revoke at any time.

Can I integrate with existing systems (FHIR, HL7)?

Yes. BSP was designed to interoperate with existing standards. Our Exchange API translates between formats natively.

BSP is maintained by the Ambrósio Institute and community-governed through BIPs (BSP Improvement Proposals). Anyone can propose changes.

What is BSP?

The Biological Sovereignty Protocol (BSP) is an open, permissionless protocol that gives individuals full ownership and control over their biological data — from genomics and clinical records to wearable metrics and microbiome profiles.

Built on Arweave for persistent storage and using Ed25519 cryptography for tamper-proof consent, BSP removes institutions as gatekeepers of your most personal data. You retain the right to cryptographically erase your data at any time by destroying your private key — rendering it permanently inaccessible.

The problem

Your biological data is the most personal information that exists. Yet today:

Hospitals and labs own your records — you get a copy at best
Genomics companies sell your DNA data to third parties
Health apps monetize your biometrics without meaningful consent
Researchers can't access real data — privacy regulations lock it away
You have no financial upside when your data trains AI models

How BSP solves it

BSP creates a three-layer sovereignty stack:

1. BEO — Biological Entity Object

Your sovereign biological identity. A cryptographic identity anchored to you — not an institution. Contains your data references, access policies, and consent rules. Only you can sign changes to your BEO.

2. IEO — Institution Entity Object

How institutions interact with the protocol. Labs, hospitals, AI companies, and researchers register IEOs to request access to biological data — on your terms.

3. ConsentToken

A cryptographically-signed authorization that you grant to an IEO for a specific purpose, duration, and data scope. Revocable at any time. Logged permanently on Arweave.

What becomes possible

With BSP, individuals can:

Own and control their complete biological record
Grant and revoke access to researchers in seconds
Cryptographically erase their data at any time — stronger than traditional deletion
Receive compensation when their data is used commercially
Port their data between providers without losing history

Researchers and institutions can:

Access consented, high-quality biological datasets
Build AI health models on real, verified data
Comply with privacy regulations by design

The open standard

BSP is fully open source. No company controls the protocol. Anyone can read the specification, build implementations, propose changes via BIPs, or deploy their own registry.

Read the Whitepaper · View the Specification · Start Building

Frequently asked questions

Who owns my biological data under BSP?

You do. Your BEO is signed with your private key. No institution can modify it without your signature.

Is BSP live?

BSP v1 is deployed on Arweave mainnet. The Registry API and TypeScript SDK are publicly available.

Can institutions reject BSP?

They can choose not to use it — but they cannot prevent individuals from using it. BSP is permissionless.

Can I delete my data?

Yes. BSP implements Sovereign Cryptographic Erasure. All your data is encrypted with your key. If you destroy your private key, the data becomes permanently unreadable — functionally erased. This is a stronger guarantee than traditional deletion, where copies often persist in backups and logs.

Those are legal frameworks. BSP is technical infrastructure. Compliance is enforced by cryptography, not paperwork. BSP's cryptographic erasure satisfies GDPR Article 17 and LGPD Article 18 by rendering data permanently inaccessible.

Who maintains BSP?

The Ambrosio Institute publishes the reference implementation. The protocol is governed by BIPs (BSP Improvement Proposals) — open to anyone.

What is BSP? ​

The problem ​

How BSP solves it ​

1. BEO — Biological Entity Object ​

2. IEO — Institution Entity Object ​

3. ConsentToken ​

What becomes possible ​

The open standard ​

Frequently asked questions ​

Who owns my biological data under BSP? ​

Is BSP live? ​

Can institutions reject BSP? ​

Can I delete my data? ​

How is BSP different from GDPR/HIPAA compliance? ​

Who maintains BSP? ​