Privacy Policy
Last updated: June 30, 2026
1. Who We Are
DocProof ("we", "us", "our") operates the document integrity proof service at docproof.app. For privacy inquiries: privacy@docproof.app.
2. What We Collect
When you create a proof, we store the following — and only the following:
- SHA-256 fingerprint of your file (a one-way hash — mathematically impossible to reverse)
- File name and file size (metadata only — not contents)
- UTC timestamp of proof creation
- Optional title and certificate note you provide at upload time
- Email address (optional) — used solely to deliver your PDF certificate
- Stripe payment metadata (session ID and payment status only — we never see card details)
✅ We never store, transmit, cache, or process the content of your uploaded file. The file is hashed in memory and immediately discarded.
3. How We Use Your Data
- To issue and maintain your proof record
- To deliver your PDF certificate by email (if provided)
- To enable public verification of proof integrity via Proof ID
- To process your payment via Stripe
We do not sell your data. We do not share your data with advertisers. We do not use your data for any purpose beyond the above.
4. Cookies and Analytics
We use Google Analytics 4 with IP anonymization to understand aggregate usage patterns (page visits, feature usage). No personal data is linked to analytics events. We use minimal session cookies required for CSRF anti-forgery protection on form submissions.
We do not use advertising cookies, tracking pixels, or any third-party remarketing tools.
5. Data Retention
Proof records are retained indefinitely unless you request deletion or a specific expiry was set at creation time. Email addresses are retained only as long as the associated proof record exists. If you delete your proof, your email is also deleted.
6. Your Rights (GDPR / Privacy)
You have the following rights regarding your data:
- Access — request a copy of your proof data by contacting us with your Proof ID
- Deletion — permanently delete your proof and all associated metadata using our data deletion tool — no questions asked, instant effect
- Portability — your proof metadata is available on your proof result page at any time
- Rectification — contact us to correct metadata errors
- Objection — contact us to object to any processing of your data
To exercise any of these rights, use the deletion tool or email privacy@docproof.app.
7. Third-Party Services
- Stripe — payment processing. We never receive your card number or full payment details. Subject to Stripe's Privacy Policy.
- Google Analytics 4 — anonymized, aggregate usage analytics only.
8. Security
Proof data is stored in an encrypted database. HTTPS is enforced for all connections. API keys are stored as irreversible SHA-256 hashes — we cannot recover your raw key. Even in the unlikely event of a server breach, your original file cannot be recovered from a hash.
9. Children's Privacy
DocProof is not directed at children under 16. We do not knowingly collect data from anyone under 16. If you believe a minor's data has been submitted, contact us immediately at privacy@docproof.app.
10. Changes to This Policy
We may update this policy. Material changes will be noted with an updated date at the top of this page. Continued use of the Service constitutes acceptance of the updated policy.
11. Contact
Privacy inquiries: privacy@docproof.app