Privacy Policy

1. Introduction

Vanishd, LLC ("Vanishd," "we," "us," or "our") operates the Vanishd platform and related services. This Privacy Policy describes how we collect, use, and protect your personal information when you use our services.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

• Email address: Required for all accounts. Used for account recovery, billing notifications, and important service updates.
• Authentication identifiers: Depending on your chosen login method, this may include:
  • Internet Identity Principal (ICP blockchain identifier)
  • GitHub account ID (via OAuth)
  • Google account ID (via OAuth)
• Payment information: Processed securely by Stripe. We store only your Stripe customer ID, not your payment card details.

2.2 Data You Submit

When you use our attestation service, you submit cryptographic hashes representing data erasure claims. Important: We do not receive, store, or have access to your actual data. We only process and store:

• One-way cryptographic hashes (SHA-256) of credential identifiers
• Timestamps of erasure claims
• Optional metadata you choose to include (encrypted if sensitive)

2.3 Usage Data

We automatically collect:

• API usage statistics (request counts, rate limit events)
• Receipt creation and verification counts
• Service access logs for security monitoring

3. Authentication and Identity

We support multiple authentication methods to provide flexibility while maintaining security:

• Internet Identity: A decentralized identity system on the Internet Computer blockchain. Your ICP Principal is a cryptographic identifier that we use to authenticate your canister calls.
• OAuth (GitHub, Google): We receive only the information necessary for authentication (user ID, email, profile name). We do not access your repositories, contacts, or other account data.
• Email Magic Links: Single-use, time-limited links sent to your verified email address. Tokens expire after 15 minutes and cannot be reused.

Identity Mapping: For OAuth users, we create a deterministic internal identifier derived from your email address. This allows us to provide consistent service regardless of which authentication method you use.

4. How We Use Your Information

We use your information to:

• Provide, maintain, and improve our services
• Process payments and prevent fraud
• Send service notifications and billing updates
• Respond to support requests
• Enforce our Terms of Service
• Comply with legal obligations

5. Data Storage and Security

5.1 Blockchain Storage

Attestation records (receipts) are stored through our canister on the Internet Computer. These records are designed to be tamper-evident and publicly inspectable when anchored, but they are not a pay-once-forever storage guarantee. They contain only cryptographic hashes, not your actual data. The blockchain is operated by independent node providers worldwide.

5.2 Account Data

Account information is stored in our canister (smart contract) on the Internet Computer using Enhanced Orthogonal Persistence, which provides:

• Automatic data persistence without manual database management
• Cryptographic isolation between users
• Principal-based access control

5.3 Security Measures

We implement industry-standard security practices including encryption in transit (TLS), secure session management, rate limiting, and regular security audits. For details on our security practices and findings, see our Security Findings documentation.

6. Data Sharing

We share your data only:

• With service providers: Stripe (payments), Resend (email), Vercel (hosting). These providers process data only as directed by us.
• For legal compliance: When required by law, subpoena, or government request.
• For protection: To protect our rights, property, or safety, or that of our users or the public.

We do not sell your personal information to third parties.

7. Data Retention

• Production receipts: Retained according to your selected plan, from 7 days up to 10 years, then expired and purged
• Test receipts: Automatically expired and purged after 24 hours
• Account data: Retained while your account is active. Deleted upon account deletion request.
• Payment records: Retained as required for tax and legal compliance (typically 7 years)

8. Your Rights

Depending on your jurisdiction, you may have rights to:

• Access: Request a copy of your personal data
• Correction: Request correction of inaccurate data
• Deletion: Request deletion of your account and associated data
• Export: Export your data in a portable format (available in Settings)
• Opt-out: Opt out of marketing communications

Note: Anchored attestation records are intended to be tamper-evident, but account deletion removes only your account data. Receipt retention, export, and long-term accessibility still depend on your selected retention window and ongoing service operation.

9. Auditor Tier and Verification

The Auditor tier is designed for third-party auditors, compliance teams, and verification services. It is a separate product class from receipt-generation tiers. Key points:

• Auditors receive read-only verification access
• Auditor accounts cannot switch to receipt-generating tiers (and vice versa) to prevent conflicts of interest
• Verification activity is logged for security monitoring
• Identity on file is required for Auditor tier accounts

10. International Data Transfers

The Internet Computer blockchain operates globally through independent node providers. Your attestation data may be processed in various jurisdictions. Our service providers (Stripe, Vercel) also operate internationally. By using our services, you consent to such international data transfers.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or through the service. Continued use after changes constitutes acceptance of the updated policy.

12. Contact

For privacy-related questions or to exercise your rights, contact us at hey@vanishd.io