Legal

Privacy Policy

Last updated: July 9, 2026

This Privacy Policy describes how DataSeal.net("DataSeal", "we") collects, uses, and protects information when you use our services.

1. Information we collect

Account data

  • Email address and authentication credentials (via Supabase Auth)
  • Profile settings (display name, notification preferences)
  • Credit balance, transaction history, and plan tier

Proof records

  • Content hashes (SHA-256 fingerprints)
  • Titles, descriptions, and optional metadata you provide
  • Blockchain transaction IDs and proof status
  • Uploaded files or ciphertext (when not using hash-only mode)
  • Encryption key hints (first/last characters only — never full keys)

Usage data

  • API request logs (hashed IP, user agent, endpoint, status codes) for Developer API users
  • Server logs for error diagnosis and security

2. What we do not collect

  • Full encryption keys (generated and held by you in the browser)
  • Payment card numbers (processed by Stripe when enabled — we receive only Stripe customer IDs)
  • Plaintext file contents for hash-only mode

3. How we use information

  • Provide timestamping, proof pages, and API services
  • Process credit purchases and subscriptions
  • Send transactional emails (account verification, proof confirmations, billing)
  • Improve service reliability and security

4. Public proof pages

When you create a public proof link, selected metadata (title, hash, blockchain details, optional payload) becomes accessible to anyone with the link. This is by design. You control whether downloads are enabled. See our Terms of Service.

5. Third-party services

  • Supabase — database, authentication, and file storage
  • Google — optional sign-in via Google OAuth (when enabled)
  • Stripe — payment processing (when enabled)
  • Resend — transactional email delivery (when enabled)
  • Blockchain networks — public transaction data anchored on-chain

Each provider has its own privacy policy governing their handling of data.

6. Data retention

We retain account and proof data for as long as your account is active or as needed to provide services. Deleted accounts may have data removed from our database, but blockchain anchors persist independently. API usage logs may be retained for operational and billing purposes.

7. Security

We use industry-standard practices including encrypted connections, row-level security on database tables, and service-role isolation for public proof API routes. No system is perfectly secure — maintain your own backups and protect your credentials.

8. Your rights

You may access, update, or delete your account data through Settings. Contact us for data export requests. Depending on your jurisdiction, you may have additional rights under applicable privacy laws.

9. Cookies

We use essential session cookies for authentication. We do not use third-party advertising trackers.

10. Changes

We may update this policy. Material changes will be posted here with an updated date.

Questions? Contact support through your account dashboard or return to the home page.