Privacy Policy

Last Updated: February 21, 2026

The Long Version

1. Information We Collect

We collect minimal information necessary to provide our services:

• Account Information: If you create an account, we collect your email address.
• Usage Data: Basic server logs (IP addresses, timestamps) for security and debugging purposes. These are deleted after 30 days.
• Payment Information: If you subscribe to a paid plan, payment processing is handled by Stripe. We never see or store your credit card details.

2. How We Use Your Information

We use collected information solely to:

• Provide and maintain our services
• Send you transactional emails (login links, receipts, service updates)
• Prevent abuse and ensure security
• Comply with legal obligations

We never: Sell your data, use it for advertising, or share it with third parties (except as required by law).

3. Product-Specific Data Handling

Each product handles data differently:

• ProveChain: Files are hashed entirely client-side via WebAssembly. Your files never leave your browser. Only the cryptographic hash is transmitted for blockchain timestamping. File hashes may be publicly verifiable, that is the purpose of the service.
• TimeAnchor: Proof verification runs entirely in your browser. No data is transmitted to any server. Nothing is stored. Even if we could see the data, a cryptographic hash reveals nothing about the original content.
• SignaSeal: Signed documents are stored on our platform with encrypted database storage to support the signing workflow, sharing, and audit trails. Signing metadata (timestamps, IP addresses, signatures) is stored to provide non-repudiation guarantees. Free tier documents are retained for 48 hours after completion, then deleted. Paid tier documents are retained until you delete them.
• Vigilo Verify: File integrity checks are performed client-side. Hash comparisons happen locally. Only hash data is stored for continuous monitoring purposes.

4. Your Rights (GDPR)

Under GDPR, you have the right to:

• Access: Request a copy of your data
• Rectification: Correct inaccurate data
• Erasure: Delete your account and data
• Portability: Export your data
• Objection: Object to data processing

To exercise these rights, email us at support@aramantos.dev

5. Cookies and Tracking

We use minimal essential cookies for:

• Session management (keeping you logged in)
• Security (CSRF protection)

We do NOT use: Google Analytics, Facebook Pixel, or any third-party tracking tools.

6. Third-Party Services

We use the following third-party services:

• Cloudflare: DNS management and email routing (cloudflare.com/privacypolicy)
• Vercel: Application hosting and CDN (vercel.com/legal/privacy-policy)
• Google Cloud Platform: Authentication and identity infrastructure (cloud.google.com/terms/cloud-privacy-notice)
• Supabase: Database and file storage (supabase.com/privacy)
• Stripe: Payment processing (stripe.com/privacy)
• Resend: Transactional email delivery (resend.com/legal/privacy-policy)
• OpenTimestamps: Bitcoin blockchain timestamping protocol (open-source, no data collection)

These services are GDPR-compliant and do not track users beyond what is necessary for their functionality.

7. Data Retention

• Account data: Retained until you delete your account
• Free tier documents (SignaSeal): Retained for 48 hours after completion, then permanently deleted
• Paid tier documents: Retained until you delete them or your account
• Account deletion (Individual tiers): Data permanently deleted within 30 days
• Account deletion (Enterprise tiers): Data permanently deleted within 90 days
• Server logs: Deleted after 30 days
• Backups: Retained for 90 days for disaster recovery
• Blockchain records: Permanent by design (Bitcoin timestamps cannot be removed)

8. Changes to This Policy

We may update this policy occasionally. If we make significant changes, we will notify you via email (if you have an account) or a prominent notice on our website.

9. Contact Us

If you have questions about this Privacy Policy:

• Email: support@aramantos.dev
• Data Controller: Aramantos Digital
• Location: Ireland