Privacy Policy

Who We Are

TruthSeal Pro is a forensic-grade digital evidence integrity platform that enables lawyers, investigators, journalists, and forensic professionals to generate verifiable seals using SHA-256 hashes, RFC-3161 timestamps, perceptual hashing, and auditable chain-of-custody logs.

Contact: info@truthseal.pro

Data We Collect

We follow data minimization principles — collecting only what is strictly necessary for service functionality, integrity verification, and security.

• Account Data (via Google OAuth): Email, name, profile picture (if provided). Used solely for authentication and account linking.
• Seal & Verification Metadata: SHA-256 file hash, pHASH (perceptual), file size/MIME type, RFC-3161 timestamp, IP address (anonymized where possible), user-agent at seal/verification time — essential for chain-of-custody context and independent verification.
• Access & Event Logs: Timestamps of actions, verification results, IP/user-agent for auditability and abuse prevention.
• Original Files: Not stored by default. Optional encrypted storage (user opt-in only) for convenience; keys derived client-side where feasible.
• Cookies & Technical Data: Strictly necessary session cookies for security and functionality; no tracking or marketing cookies.

Purposes & Lawful Basis

• Service Delivery: Generate/verify seals, maintain logs — contract performance / legitimate interests.
• Security & Integrity: Prevent abuse, detect anomalies, ensure tamper-evidence — legitimate interests.
• Compliance & Legal Obligations: Respond to subpoenas, court orders, or regulatory requests — legal obligation.
• Support & Communication: Answer your inquiries — consent or legitimate interests.

We do not sell personal data or use it for marketing.

How We Protect Your Data

• HTTPS everywhere, secure cookies (HttpOnly, Secure), HSTS.
• Minimal retention — metadata/logs kept only as long as needed for verification value or legal requirements.
• Access restricted to authorized personnel; logged and audited.
• UTC timestamps for global consistency; IP anonymization where technically feasible.

Sharing & International Transfers

• No selling/sharing for profit.
• Sub-processors (e.g., timestamp authorities, hosting/CDN) under strict DPAs; limited to service needs.
• International transfers use safeguards (e.g., Standard Contractual Clauses, adequacy decisions) compliant with GDPR, CCPA, Australian Privacy Act.
• Legal disclosure only when compelled by law.

Data Retention

• Account data: While active + reasonable post-termination period for legal/operational needs.
• Seal metadata/logs: Retained for verification utility; older data may be aggregated/anonymized.
• Optional stored files: Until opt-out or service need ends.

Your Rights

Depending on jurisdiction (GDPR for EU/EEA, CCPA/CPRA for California, Australian Privacy Act, etc.):

• Access, correction, deletion of personal data.
• Objection/restriction to processing.
• Opt-out of optional storage; export seals/metadata.
• Withdraw consent where applicable.

Email info@truthseal.pro to exercise rights. We verify identity and respond within statutory timelines (e.g., 30-45 days).

Rights vary by location; we comply with applicable laws (GDPR, CCPA, Australian Privacy Principles, etc.).

Children’s Privacy

Service not directed at children under 16. If we learn of such data, we delete it promptly.

Changes to This Policy

We may update this policy. Material changes posted here with new date. Continued use = acceptance.

Contact

Questions or rights requests: info@truthseal.pro

You may also contact your local data protection authority (e.g., ICO UK, OAIC Australia, CPPA California).