Privacy Policy

1. Data We Collect

Account Information

When you create an account, we collect:

• Email address: used for authentication, account recovery, and service communications.
• Name: displayed as your signer identity on public verification pages.
• Password hash: we store a bcrypt hash of your password, never the password itself.
• OAuth provider ID: if you sign in via Google, we receive and store an identifier from Google. We do not receive your Google password.

Content You Upload

When you upload content for signing, we collect and store:

• The image file itself: stored in object storage (S3-compatible).
• Filename and content type: as provided by your browser or client.
• Cryptographic signature: the Ed25519 signature binding the content to your key.
• Public key and key fingerprint: the Ed25519 public key used to sign, and its fingerprint.
• Perceptual fingerprint: a vector embedding (SSCD) derived from the image, used for duplicate detection. This is a mathematical representation, not a viewable copy of your image.
• Shadow vectors: grayscale variant fingerprints used to improve duplicate detection accuracy.
• Vector hashes: hashes of the perceptual fingerprints.
• Signing timestamp: when the sigil was created.
• Origin date: if you provide one, the date you indicate the content was originally created.

Technical Data

We use session-based authentication. We do not use tracking cookies, analytics services, or third-party advertising pixels. We do not currently collect IP addresses, browser fingerprints, or device identifiers beyond what is inherent in standard HTTP server logs, which are retained for security purposes and deleted on a rolling basis.

2. How We Use Your Data

We use the data we collect for the following purposes:

• Operating the service: authenticating you, processing uploads, creating and verifying sigils, and performing duplicate detection.
• Public verification: displaying signer name, key fingerprint, filename, and signing date on public verification pages. This is a core function of the service.
• Security: detecting fraud, preventing abuse, investigating disputes, and protecting the integrity of the provenance chain.
• Communications: sending you service-related emails (account verification, security alerts, Terms updates, dispute notifications). We do not send marketing emails.
• Aggregate analysis: we may use anonymized, aggregate data (such as total verification volume) for business reporting and research. This data cannot be used to identify you.

We do not sell your personal data. We do not share your personal data with third parties for their marketing purposes. We do not use your uploaded content for training machine learning models.

3. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area, the United Kingdom, or Switzerland, we process your personal data under the following legal bases:

• Performance of a contract (Article 6(1)(b) GDPR): processing your account data and uploaded content is necessary to provide the Sigil service under our Terms of Service.
• Legitimate interests (Article 6(1)(f) GDPR): security monitoring, fraud prevention, dispute investigation, and aggregate analytics. Our legitimate interest is maintaining the integrity and security of the provenance platform. You may object to processing based on legitimate interests (see Section 9).
• Legal obligation (Article 6(1)(c) GDPR): where we are required to retain data or respond to legal process.
• Consent (Article 6(1)(a) GDPR): where applicable, such as for optional communications. You may withdraw consent at any time.

4. What Is Public by Design

Sigil exists to create a verifiable, public record of content provenance. The following information is publicly accessible by design and cannot be made private:

• Your signer name (as you provided it during account creation).
• Your Ed25519 public key fingerprint.
• The filename of signed content.
• The date and time content was signed.
• Whether a sigil has been voided and the reason.

The following information is not publicly accessible:

• Your email address.
• Your uploaded image files (stored but not publicly served or distributed).
• Your perceptual fingerprints and vector data.
• Your account credentials and OAuth identifiers.

You should assume that anything you sign through Sigil will be permanently and publicly associated with your signer name. Choose your display name accordingly.

5. Data Retention

We retain your data as follows:

• Account data: retained while your account is active and for 30 days after deletion to allow for recovery, then deleted.
• Uploaded images: retained while your account is active. After account deletion or subscription expiration, we may delete stored image files after a reasonable retention period (currently 90 days).
• Sigils, signatures, and verification data: retained permanently. This is a core design property of the system: sigils survive account deletion. Without permanent retention, the provenance chain would be meaningless. Even after you delete your account, anyone who previously received a verification link can still confirm that the content was signed and by whom.
• Perceptual fingerprints: retained as long as the associated sigil exists (permanently), because they are necessary for ongoing duplicate detection.
• Server logs: retained for up to 90 days for security purposes, then deleted.

If you request account deletion, we will delete your personal account data (email, password hash, OAuth IDs). Your sigils, public key fingerprints, signer name (as recorded at signing time), and signing timestamps will remain. This is disclosed here and in our Terms of Service so you can make an informed decision before creating sigils.

6. Data Sharing and Disclosure

We do not sell your personal data. We share personal data only in the following circumstances:

• Public verification: as described in Section 4, certain signing data is publicly accessible by design.
• Service providers: we use infrastructure providers (cloud hosting, object storage, email delivery) that process data on our behalf under contractual data processing agreements. These providers do not have independent rights to use your data.
• Legal requirements: we may disclose data when required by law, subpoena, court order, or government request, or when we believe disclosure is necessary to protect our rights, your safety, or the safety of others.
• Business transfers: if Sigil Proof PBC is acquired, merges with another company, or sells substantially all of its assets, your data may be transferred to the successor entity. We will notify you via email before your data is subject to a different privacy policy.
• Dispute resolution: we may share limited information between parties to a signing dispute as described in our Terms of Service.

7. International Data Transfers

Sigil is operated from the United States. If you are located outside the United States, your data will be transferred to and processed in the United States.

For users in the European Economic Area, United Kingdom, or Switzerland, we rely on the following transfer mechanisms as applicable:

• Standard Contractual Clauses (SCCs) approved by the European Commission, where required for transfers to service providers.
• Your explicit consent to the transfer, provided through your use of the service after being informed of the transfer in this policy.

You may request a copy of the applicable transfer safeguards by contacting us at privacy@sigilproof.com.

8. Data Security

We implement technical and organizational measures to protect your data, including encrypted storage, bcrypt password hashing, TLS encryption in transit, and access controls limiting who can access personal data within our systems.

No system is perfectly secure. If we become aware of a data breach affecting your personal information, we will notify you and applicable regulators as required by law.

9. Your Rights

All Users

Regardless of your location, you may:

• Request a copy of the personal data we hold about you.
• Request correction of inaccurate personal data.
• Request deletion of your account and personal data (subject to the retention rules in Section 5; sigils and associated public data survive deletion).
• Request an export of your signing history before account deletion.

European Economic Area, UK, and Swiss Users (GDPR)

In addition to the rights above, you have the right to:

• Object to processing based on legitimate interests. We will cease processing unless we demonstrate compelling legitimate grounds that override your interests.
• Restrict processing: request that we limit how we use your data while a dispute is being resolved.
• Data portability: receive your personal data in a structured, machine-readable format.
• Withdraw consent at any time, where processing is based on consent. Withdrawal does not affect the lawfulness of processing before withdrawal.
• Lodge a complaint with your local data protection authority if you believe we have violated your rights under the GDPR.

Important limitation: The right to erasure under GDPR Article 17 does not apply to data that must be retained for the establishment, exercise, or defense of legal claims, or where processing is necessary for reasons of public interest. Sigils and associated provenance data fall within these exceptions because they serve as evidence of content origin and are relied upon by third parties.

California Residents (CCPA/CPRA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act and California Privacy Rights Act:

• Right to know: you may request the categories and specific pieces of personal information we have collected about you.
• Right to delete: you may request deletion of your personal information, subject to the exceptions described in Section 5.
• Right to correct: you may request correction of inaccurate personal information.
• Right to opt-out of sale or sharing: we do not sell your personal information and do not share it for cross-context behavioral advertising. There is nothing to opt out of.
• Right to non-discrimination: we will not discriminate against you for exercising your CCPA/CPRA rights.

Categories of personal information we collect (as defined by the CCPA):

• Identifiers: name, email address, account ID, public key fingerprint.
• Internet or electronic network activity: server logs (retained up to 90 days).
• Professional or employment-related information: not collected.
• Sensitive personal information: not collected beyond account credentials, which are used only for authentication.

We do not sell personal information. We have not sold personal information in the preceding 12 months. We do not use or disclose sensitive personal information for purposes other than those permitted under CCPA Section 1798.121.

10. How to Exercise Your Rights

To exercise any of the rights described in Section 9, contact us at privacy@sigilproof.com. We will verify your identity before processing your request. We will respond within 30 days (or within the timeframe required by applicable law, such as 45 days under the CCPA).

You may also designate an authorized agent to submit requests on your behalf. We may require the agent to provide proof of authorization and may verify your identity directly.

11. Children

Sigil is not intended for anyone under the age of 18. We do not knowingly collect personal data from anyone under 18. If we learn that we have collected data from a person under 18, we will delete it promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email at least 30 days before they take effect. Continued use of Sigil after changes take effect constitutes acceptance of the updated policy. The "Effective Date" at the top of this page indicates the date of the most recent revision.

13. Contact

For privacy-related questions or requests, contact us at:

Sigil Proof PBC
Email: privacy@sigilproof.com

For EU/UK users: if we appoint a data protection officer or EU representative in the future, we will update this section with their contact details. In the meantime, direct all inquiries to the email above.