Privacy Policy

Last updated: 1 November 2025

1. What We Process

• Account data: name, email, auth identifiers, subscription status.
• Verification data: uploaded files, computed hashes (e.g., SHA-256), metadata, analysis outcomes, and signed certificates.
• Technical logs: IP address, user agent, timestamps, request diagnostics for security and reliability.
• Billing: limited billing metadata via our payment processor (we do not store full card details).

2. Purpose & Legal Basis

• Provide the service and generate authenticity certificates (contract).
• Security, abuse prevention, and rate limiting (legitimate interests).
• Payments and invoicing (contract/legal obligation).
• Analytics to improve service quality (legitimate interests; aggregated/anonymised where possible).

3. Retention

Certificate retention is set per verification at issuance based on your plan. See Retention Policy for exact durations. Logs may be kept longer for security and audit.

4. Sharing

We use service providers (e.g., hosting, storage, payment processing). We require appropriate safeguards and data processing terms. Public verification pages are visible to anyone with the link; do not include confidential information in filenames.

5. Your Rights

Subject to law, you may request access, rectification, deletion, restriction, or portability of your personal data. Contact privacy@canonproof.com.

6. Security

We apply technical and organisational measures including encryption at rest/in transit, key management, rate limiting, and access controls.

7. International Transfers

Data may be processed outside your country with appropriate safeguards (e.g., SCCs).

8. Cookies

We use essential cookies for authentication and session management. Optional analytics cookies may be used with notice and consent where required.

9. Contact

Privacy inquiries: privacy@canonproof.com