Privacy Policy

Last updated: May 2, 2026

Your privacy matters. This Privacy Policy explains what data TruthStamp collects, how we use it, and the choices you have. Plain language; no fine-print games.

1. What We Collect

Information you provide directly

• Account information: email address, display name, and (optionally) avatar.
• Authentication data: if you sign in via Google, we receive your name and email from Google.
• Payment information: we do not store full card numbers. Payment processors (Razorpay, Stripe) handle card details directly. We store a payment reference, your credit balance, and billing history.
• Content you stamp: the text, files, or URLs you submit, depending on visibility you choose. Public content is stored on a decentralized verification layer; hash-only content remains entirely on your device.

Information collected automatically

• Usage data: pages visited, features used, stamps created, viewed, and shared.
• Device data: browser type, operating system, screen size, IP address (for security and analytics).
• Cookies and similar technologies: we use cookies for session management and analytics.

Information we do NOT collect

• We do not access your private data on other platforms.
• We do not sell your personal information to anyone, ever.
• We do not use facial recognition or biometric tracking.

2. How We Use Your Data

We use the data we collect to:

• Provide and improve the TruthStamp Service.
• Process payments and manage credit balances.
• Send transactional emails (account confirmations, payment receipts, important account notices).
• Send product updates and tips (you can opt out anytime).
• Analyze how the Service is used to make it better.
• Prevent abuse, fraud, and violations of our Terms of Service.
• Comply with legal obligations and enforce our rights.

3. Public vs Private Stamps

How visible your content is depends on the visibility setting you choose for each stamp:

• Public: the content is uploaded to a decentralized public storage layer and visible to anyone with the URL. The proof is permanent.
• Sealed: the content stays hidden until the date you choose. After that, it becomes public automatically.
• Hash-only: only the cryptographic fingerprint of your content is stored. The content itself never leaves your device. We cannot read it; nor can anyone else.

Once a public stamp is created, the proof is permanent and cannot be deleted — that is the entire point of the Service. Choose carefully.

4. Sharing Your Data

We share data only with:

• Service providers who help us run TruthStamp (e.g. hosting, email delivery, payment processing). These providers process data only on our instructions.
• Decentralized storage and verification networks, but only the content and cryptographic proofs you explicitly choose to make public.
• Law enforcement or legal authorities when required by valid legal process.
• A successor company in case of a merger, acquisition, or sale of TruthStamp's assets — with notice to you and continuity of these privacy terms.

We do not sell your personal data. We do not share data with advertisers.

5. Cookies & Analytics

We use Google Analytics (via gtag.js) to understand aggregate usage patterns. This is anonymized and not tied to your individual identity. You can opt out via browser settings or extensions like Google Analytics Opt-Out.

We use functional cookies for authentication and session management. These are required for the Service to work.

6. Your Rights

Depending on your jurisdiction, you have rights including:

• Access: request a copy of the data we hold about you.
• Correction: ask us to correct inaccurate data.
• Deletion: ask us to delete your account and data. Note: public stamps already on the decentralized verification layer cannot be deleted, but your account profile and association with those stamps can be removed.
• Portability: receive your data in a portable format.
• Withdrawal of consent: opt out of marketing emails or data processing where consent is the basis.

To exercise any of these rights, email support@truthstamp.io.

7. Data Security

We use industry-standard security measures including encryption in transit (TLS), encrypted storage of sensitive data, and access controls. No system is 100% secure, but we work hard to protect your data.

If a data breach occurs that affects you, we will notify you promptly and provide guidance on next steps.

8. Data Retention

• Account data: retained while your account is active and for up to 90 days after deletion (for backup recovery).
• Payment records: retained for 7 years to comply with tax and accounting laws.
• Public stamps: retained indefinitely on the decentralized verification layer (this is by design — permanence is the product).
• Logs and analytics: retained for 12 months in identifiable form.

9. International Users

TruthStamp is operated from India. If you access the Service from outside India, your data may be transferred to, stored, and processed in India and other countries where our service providers operate. By using TruthStamp, you consent to this transfer.

For users in the European Union (EU/EEA), we comply with the GDPR. For California residents, we comply with the CCPA. For users in other jurisdictions, similar protections apply where mandated by local law.

10. Children's Privacy

TruthStamp is not intended for users under 18 years old. We do not knowingly collect data from minors. If you believe a minor has created an account, please contact us at support@truthstamp.io and we will take prompt action to remove it.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or in-app notice at least 14 days before they take effect.

12. Contact Us

Privacy questions or concerns? Email support@truthstamp.io or visit our Contact page. We respond to privacy inquiries within 7 business days.