BitSeal
Effective April 18, 2026

Privacy policy.

An honest account of what BitSeal sees, what it does not, who processes data on our behalf, and the rights you have over that data.

Plain-English summary

BitSeal is a cryptographic timestamping service. Files you seal never leave your device. Only a hash fingerprint, filename, size, MIME type, entropy measurement, and timestamp are transmitted to our ledger. We use Vercel for hosting, Neon for ledger storage, and Cloudflare for bot protection. Ledger entries are designed to be durable and publicly queryable by hash. We do not sell data and run no advertising profiles.

1. Data BitSeal does not receive

All cryptographic hashing happens in your browser before anything is sent to our servers. The following categories of data never reach BitSeal infrastructure.

The contents of any file you seal. Files are read, hashed locally, and discarded in your browser.
Private signing keys. BitSeal does not generate, receive, or custody user private keys.
Account credentials or payment details. BitSeal currently has no user accounts and accepts no payments.
Advertising or cross-site tracking identifiers. We do not run ad tech and do not build behavioral profiles.

2. Data BitSeal does receive

To operate the ledger and issue a verifiable seal, the following fields are transmitted to our servers when you use the Evidence Sealer or the Verifier.

Ledger entry fields
  • Root hash64-character BLAKE3 hex fingerprint of the file. Cryptographically irreversible.
  • SHA3-512 hashSecondary NIST-standard hash of the file. Cryptographically irreversible.
  • FilenamePlain text string, truncated to 255 characters. Filenames may contain personal or project names, consider renaming files before sealing if that concerns you.
  • File size and MIME typeByte count and detected content type.
  • Shannon entropyNumeric measure of byte-distribution randomness across the file.
  • Timestamp (UTC)Unix time at which the seal was issued by the server.
  • Ed25519 signatureCryptographic signature binding the root hash and timestamp under Orygn's signing key.
Operational telemetry
  • IP addressObserved by our hosting provider (Vercel) and our bot-protection provider (Cloudflare Turnstile) for each request, for the purpose of abuse prevention, rate limiting, and security investigation.
  • User agentBrowser identifier string, recorded in edge logs.
  • Request metadataStandard web-server access records, including request time, path, method, and response status.

3. How we use this data

The data described above is used strictly for the operation, security, and improvement of the Service.

  • Sealing. To generate the signed manifest and the downloadable PDF certificate.
  • Verification. To allow any third party who knows the root hash to confirm its presence in the ledger and retrieve the signed manifest.
  • Abuse prevention. To enforce the Cloudflare Turnstile challenge and block automated flooding of the ledger.
  • Aggregated analytics. To measure page-level traffic and performance via Vercel Analytics, which is cookieless and does not profile individuals. A Google Analytics 4 integration with EU consent-mode may be enabled in the future, this policy will be updated before that occurs.

We do not use BitSeal data to train machine-learning models, do not sell or rent it, and do not share it with third parties except the subprocessors listed in Section 4.

4. Subprocessors

BitSeal relies on the following service providers to operate. Each is contractually bound by its own privacy and data-processing commitments, which are linked for your reference.

Vercel Inc.
Privacy policy →
Application hosting, edge delivery, and serverless function execution for bitseal.orygn.tech. Receives HTTP request metadata including IP address, user agent, request path, timestamp, response status, and request bodies for API routes.
United States, with a global edge network.
Vercel Web Analytics
Privacy policy →
Cookieless, aggregated page-view and performance analytics. End users are identified by a hash derived from the incoming request, and that session identifier is discarded after 24 hours. Collects event timestamp, URL, dynamic path, referrer, filtered query parameters, coarse geolocation, device OS, browser, and device type. No personally identifying data is stored.
United States.
Neon, Inc.
Privacy policy →
Managed Postgres hosting for the canonical BitSeal ledger. Receives the ledger manifest fields listed in Section 2. Neon stores data on AWS infrastructure under its own data-processing terms.
United States (AWS us-east-2).
Cloudflare, Inc. (Turnstile)
Privacy policy →
Bot detection on submission and verification endpoints. Processes the following signals: client IP address, TLS fingerprint, User-Agent header, sitekey, and origin. Cloudflare acts as a data processor for bot-detection on our behalf, and as an independent controller when improving its own bot-detection algorithms. Cloudflare states it cannot directly identify individuals from these signals.
United States, with a global edge network.
Google LLC (Analytics 4, not currently active)
Privacy policy →
Privacy-respecting web analytics with EU consent-mode v2. Not currently enabled on bitseal.orygn.tech. This policy will be updated before the integration is activated in production.
United States.

5. Permanence and the public ledger

BitSeal seals are designed to be durable, publicly queryable by hash, and independently verifiable. We want to be precise about what that means.

What is cryptographically durable

The Ed25519 signature on each seal is verifiable against Orygn's published Authority public key. Any party in possession of a signed manifest or PDF certificate can confirm the signature independently of BitSeal's hosted infrastructure using any standard Ed25519 verifier.

What depends on Orygn's continued operation

The hosted ledger lookup at bitseal.orygn.tech/verify, the PDF generation endpoint, and the API are operated by Orygn LLC on commercial cloud infrastructure. Their continued availability depends on Orygn's continued operation of them. We do not represent that the hosted ledger is immortal, and we recommend that you retain your own copy of any signed manifest or PDF certificate that you rely on.

Once a seal is recorded, its ledger entry is treated as part of an evidentiary record for the ordinary course of business. We do not delete individual seal entries in response to general deletion requests, because doing so would defeat the evidentiary purpose of the Service. The narrow circumstances under which we will remove a ledger entry are set out in Section 9.

6. Retention

Retention for each category of data is determined by the subprocessor that holds it, as described below. We do not maintain independent long-term copies of subprocessor logs.

  • Ledger entries (Neon Postgres). Retained for the life of the Service, subject to the removal conditions in Section 9.
  • Vercel runtime logs. Retained for 1 hour on our current Vercel Hobby plan. If we upgrade to a plan with longer retention, or enable Vercel's Observability Plus add-on, this policy will be updated.
  • Vercel Web Analytics. The per-visitor session identifier is discarded after 24 hours. Aggregated, non-identifying analytics are retained within Vercel's dashboard for reporting purposes.
  • Cloudflare Turnstile signals. Retained by Cloudflare under its published Turnstile data-processing practices. No specific retention window is published in the Turnstile notice, refer to Cloudflare's policy for current details.
  • Neon database logs. Query and connection logs are retained by Neon under its operational-log retention practices. Refer to Neon's privacy policy for current details.

7. International transfers

Orygn LLC is established in the United States and processes data in the United States. If you access BitSeal from outside the United States, your information will be transferred to, stored, and processed in the United States. For transfers originating in the European Economic Area, the United Kingdom, or Switzerland, we rely on the Standard Contractual Clauses executed by our subprocessors, and on the UK International Data Transfer Addendum where applicable. Google LLC is certified under the EU-U.S. Data Privacy Framework and the UK and Swiss extensions. Cloudflare, Inc. and Vercel Inc. each offer Standard Contractual Clauses to customers transferring personal data from the EEA.

8. Your rights

Depending on where you live, you may have the following rights with respect to your personal data. We will honor these rights to the extent required by applicable law and consistent with the evidentiary design of the Service.

Access
Request a copy of the personal data we hold about you.
Correction
Ask us to correct inaccurate personal data, subject to the immutability constraints of the ledger.
Deletion of logs
Request deletion of operational logs that identify you. Ledger entries are governed by Section 9.
Objection and restriction
Object to or restrict certain processing, including analytics.
Portability
Request an export of your ledger entries and metadata in a machine-readable format.
Withdraw consent
Where we rely on consent, withdraw it at any time without affecting prior processing.
Lodge a complaint
Complain to your local data-protection authority.
No discrimination (CCPA)
California residents will not be denied service for exercising privacy rights.

To exercise any right, email [email protected] from the address associated with the request and include enough detail for us to locate the relevant records. We respond within the timeframes required by applicable law, generally within thirty days.

9. Removal of ledger entries

The ledger is designed to be a tamper-evident record of proof-of-existence. We do not delete ledger entries in response to general deletion requests. We will consider removal only in the following narrow circumstances.

  • A valid and enforceable court order issued by a court of competent jurisdiction.
  • A submission determined, after review, to contain content or metadata that is unlawful under laws applicable to Orygn LLC.
  • A submission made without authorization from an Orygn-operated account or integration, where the fact of unauthorized submission can be substantiated.

Removal of a ledger entry is logged. The fact of removal, and a record of the root hash removed, may be preserved in an internal ledger to document the purge.

10. Children

BitSeal is not directed to children under the age of thirteen. We do not knowingly collect personal information from children. If you believe a child has provided personal information to us, contact us and we will take reasonable steps to delete it.

11. Security and breach notification

We use commercially reasonable measures to protect the data we process, including encryption in transit (TLS), encryption at rest through our cloud subprocessors, restricted access to signing keys held as Vercel environment variables, Neon connection strings held as server-only secrets that deny direct client access to the ledger, and a Cloudflare Turnstile layer in front of submission and verification endpoints.

If we learn of a personal-data breach affecting BitSeal, we will notify affected individuals and the relevant authorities within the timeframes required by applicable law, including seventy-two hours under Article 33 of the GDPR where feasible.

12. Changes to this policy

We may update this Privacy Policy to reflect changes in the Service or in applicable law. The effective date at the top of this page will be updated when we do. Material changes will be surfaced on the BitSeal homepage for at least thirty days before they take effect. Prior versions are available on request from the contact address below.

13. Governing law

This Privacy Policy is governed by the laws of the State of Texas, without regard to its conflict-of-laws provisions. Any dispute arising under it is subject to the dispute-resolution terms described in BitSeal's Terms of Service.

Contact

Privacy inquiries
[email protected]
Orygn LLC, a Texas limited liability company.