PRIVACY
Privacy Policy
Privacy-first by design. We process hashes only — never your content. No cookies. Edge-native security with HTTPS and HMAC signatures.
Effective date: January 2025 • Last updated: January 2025
At a glance
- No uploads: your files/content never leave your device.
- Hash-only: we store a SHA-256 hash + timestamp + signature.
- No cookies / trackers: we don’t use tracking technologies.
- Edge infrastructure: Cloudflare Workers + KV; TLS everywhere.
Zero-upload
Hash-only
No cookies
Definitions
- Hash: irreversible SHA-256 digest (64-hex) of your content, computed client-side or by you on server.
- Meta: optional, tiny JSON you send (e.g.,
{"type":"file","mime":"application/pdf"}) used only for categorization. - Proof: tuple stored in KV:
{ hash, timestamp, signature, type?, meta? }.
Data we process
- Hashes: provided by you; cannot be reversed to original content.
- Metadata (optional): small, app-provided fields (
type,meta). - Edge logs: minimal, ephemeral request metrics for abuse-prevention (e.g., timestamps, route, coarse IP region).
We do not collect names, emails, or user content when using the public API.
How we use this data
- Provide timestamping and public verification.
- Prevent spam, fraud, or abuse; ensure reliability.
- Aggregate, anonymous usage metrics (capacity planning).
Retention
Proofs are stored in Cloudflare KV for durability. We currently retain proofs indefinitely to ensure public, long-term verifiability. Operational edge logs are short-lived.
Security
- TLS for all transport.
- Server signatures use HMAC-SHA256 over
hash + timestampwith a private secret. - Principle of minimal data: only what’s needed for verification.
Sub-processors
We use Cloudflare (Workers, KV, edge security, routing). Cloudflare may process limited operational metadata to deliver the service. We don’t sell data or share it for advertising.
Cookies & tracking
We do not use cookies, analytics beacons, or third-party trackers.
Your choices & rights
- Content privacy: because only hashes are stored, your original files remain private by design.
- Proof removal: if you believe a proof contains personal data in its optional
meta, contact us and we’ll assess and purge where appropriate. - Contact: privacy@timeproofs.io
Note: deleting a proof removes public verifiability for that hash.
Policy changes
We may update this policy as our product evolves or to meet regulatory requirements. We’ll update the “Last updated” date above. Material changes will be highlighted for a reasonable period.