Privace policy - Written in Stone

Privacy Policy

Effective date: 6th of October 2025

1. Introduction

WrittenInStone provides tools to create verifiable proofs of digital work, such as timestamps, checksums, and verification links. This Privacy Policy explains what data we process, why, and how you can exercise your rights.

2. Who we are and how to contact us

The data controller is WrittenInStone. If you have privacy or data protection questions, please contact us securely via our contact page .

3. What we collect

We collect only what is necessary to provide and improve the service.

Category	Example	Purpose
Account information	Email, username, authentication provider	To create and maintain your account
Usage and logs	IP address, browser type, timestamps, request metadata	To operate, secure, and monitor system performance
Verification data	Hashes or checksums of uploaded files	To provide immutable proofs of authenticity
Originals	Files or attachments needed to create fingerprint and extract metadata	Store originals if you enable this premium feature
Support or contact data	Messages, issue reports	To respond to your requests

4. How and why we use information

Contract performance: to provide timestamping, verification, and related services.
Legitimate interests: to maintain security, prevent fraud, and improve system accuracy.
Consent: for specific optional features, like newsletters or user research.
Legal obligations: to comply with applicable law and requests from public authorities.

5. Metadata and improvement systems

Anonymized metadata and user-provided verification data may be processed by automated tools, including similarity detection or internet search systems, to:

identify duplicated or altered content across sources;
improve algorithmic accuracy of verification and fraud detection;
analyze service performance in aggregate.

These operations do not expose your personal information or file contents. They are carried out under our legitimate interest in improving reliability and user trust.

6. Retention

Account data is kept while your account is active or as required by law.
Log data is retained for up to 24 months for security monitoring.
Verification data (hashes) may be stored indefinitely to maintain proof integrity.
Contact or support data is removed once no longer needed.

7. Sharing and transfers

We use reputable infrastructure and service providers that comply with EU data protection standards. If data is processed outside the EEA, we apply safeguards such as Standard Contractual Clauses. We do not sell or trade personal data.

8. Your rights

Under GDPR and similar laws, you may request access, correction, deletion, restriction, or portability of your data. You may also object to processing based on legitimate interest.

To exercise your rights, please use our contact form. We will reply within the time required by law.

9. Security

We use encryption (HTTPS/TLS), access controls, and regular updates to keep systems secure. No internet service is completely risk-free, so please keep credentials private and report suspected misuse promptly.

10. Intended users

This service is intended for adults and professionals. It is not marketed to children or minors.

11. Changes to this policy

We may update this policy as laws or services evolve. The latest version is always available on this page, with the effective date shown above.

12. Governing law

This policy complies with the EU General Data Protection Regulation (GDPR) and relevant U.S. state privacy laws. It is governed by the laws of [insert jurisdiction], unless mandatory local privacy regulations require otherwise.