Privacy by design
Last updated: 30 April 2026 · v0.1 draft
We never see your files. Hashing happens entirely in your browser using crypto.subtle.digest. Only the resulting 256-bit hash is sent to our servers — never the content.
What we store
- SHA-256 hash of your file
- Metadata you provide (title, optional description, genre)
- Your account email and authentication tokens
- Timestamp tokens from DigiCert and OpenTimestamps
- Verification log (anonymous IP, user agent — for analytics, opt-out available)
What we never store
- Your file or any portion of it
- Reverse-derived content from the hash (mathematically impossible)
Your rights (GDPR)
EU residents have full GDPR rights: access, rectification, erasure, portability, objection. Email [email protected]. Note: erasing a certificate after issuance does not invalidate the on-chain anchor (Bitcoin timestamps are public and permanent by design).
Cookies
Minimal: a session cookie if signed in, an anonymous analytics cookie that you can decline. No third-party trackers.