authAspect← Back

Privacy Policy

Effective date: [DATE] · Version 0.2
⚠️ DRAFT — not legal advice. A working document reflecting how the product is built and standard practice for a SaaS of this kind. It must be reviewed and finalised by qualified counsel before public reliance. Bracketed […] items are placeholders to complete.
Contents
  1. Who we are & scope
  2. Information we collect
  3. How & why we use it
  4. Legal bases (EEA/UK)
  5. Cookies & similar tech
  6. How we share it
  7. Blockchain anchoring
  8. International transfers
  9. Retention
  10. Security & self-custody
  11. Your rights & choices
  12. US state privacy rights
  13. Children
  14. Changes & contact

1. Who we are & scope

authAspect ("authAspect", "we", "us", "our") provides software that seals invisible provenance credentials into your creative work and helps you prove, resolve, and defend ownership. authAspect operates on a shared platform alongside our sister product ScanAspect; identity, the provenance registry, resolution (qr-x.co), and billing are shared platform services. This Policy covers personal data we process as a controller for authAspect's website, app (app.authaspect.com), and services. Where we process content you submit purely on your instructions, we act as your processor and your own privacy commitments to your audience also apply. ScanAspect publishes its own notice for its surfaces. [Legal entity, registered address, and any group companies: TBD.]

2. Information we collect

a. Information you give us

b. Information collected automatically

c. Information from third parties

3. How & why we use it

4. Legal bases (EEA/UK)

Where the GDPR/UK GDPR applies, we process personal data on these bases: performance of a contract (to provide the service you request); legitimate interests (to secure, improve, and market the service, balanced against your rights); consent (e.g. certain cookies and marketing, which you may withdraw); and legal obligation (to comply with law).

5. Cookies & similar technologies

We use strictly necessary cookies to run the site and keep you signed in, and — subject to your consent where required — analytics cookies to understand usage. You can control non-essential cookies through our cookie banner and your browser settings. [Cookie banner + full cookie table: TBD. Analytics provider: TBD.]

6. How we share it

We do not sell your personal data. We share it only as follows:

RecipientPurpose
PolarPayments & Merchant-of-Record (billing)
CloudflareHosting, edge delivery, security, and data storage
Public blockchains (e.g. OpenTimestamps/Bitcoin, EAS)Tamper-evident timestamps of content hashes (see §7)
Analytics / email providersProduct analytics & transactional/marketing email [providers TBD]
Professional advisers & authoritiesLegal, accounting, or where required by law or to investigate abuse
A buyer / successorIn a merger, acquisition, or asset sale (with notice)

These recipients are bound to appropriate confidentiality and data-protection obligations. A full sub-processor list is available on request. [Sub-processor page: TBD.]

7. Blockchain anchoring — please read

To make provenance tamper-evident, we anchor a cryptographic hash (and Merkle roots of registry batches) to one or more public ledgers. These anchors are public and permanent by design and cannot be edited or deleted by us or anyone else. We anchor only hashes — never your media, name, email, or other personal data — so a public anchor does not expose your content or identity and, on its own, cannot be reversed into either.

8. International transfers

We and our providers may process data in countries other than yours, including the United States. Where we transfer personal data out of the EEA/UK, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses (and the UK Addendum) or an adequacy decision. [Data-hosting regions: TBD.]

9. Data retention

We keep personal data only as long as needed for the purposes above: media is not retained by default; registry records (hashes, signed claims, anchors) are retained to preserve provenance — that is their purpose; account data is kept while your account is active and for a reasonable period after closure, subject to legal requirements; blockchain anchors are permanent (§7). We may keep aggregated or de-identified data indefinitely.

10. Security & self-custody

We use encryption in transit and at rest, access controls, and reasonable technical and organisational measures. No method is perfectly secure. If you enable self-custody, your signing key is generated in your browser and stored under your control; we never receive your private key.

11. Your rights & choices

Depending on where you live, you may have the right to access, correct, delete, port, and restrict or object to our processing of your personal data, and to withdraw consent. You can also opt out of marketing at any time via the unsubscribe link or by emailing us. To exercise a right, contact privacy@authaspect.com; we will verify your request and respond within the time the law allows. You may lodge a complaint with your local data-protection authority. Note: we cannot remove data already anchored to a public blockchain, but such anchors contain only a hash — no media or personal data (§7).

12. US state privacy rights (California & others)

If you are a California resident (CCPA/CPRA) or in another US state with a privacy law, you have rights to know, access, correct, delete, and to opt out of "sale" or "sharing" of personal information and of targeted advertising. We do not sell your personal information, and we do not share it for cross-context behavioural advertising. We do not use or disclose sensitive personal information beyond permitted purposes. You may exercise rights (including via an authorised agent) at privacy@authaspect.com, and you have a right to appeal a decision. [Categories of personal information collected/disclosed in the last 12 months, per statutory buckets: TBD.]

13. Children

The service is not directed to, and may not be used by, anyone under 18. We do not knowingly collect data from children. We have zero tolerance for unlawful content, including child sexual abuse material, which is removed and reported to authorities.

14. Changes & contact

We may update this Policy; we will revise the date above and, for material changes, provide additional notice. Contact us at privacy@authaspect.com. [Postal address, Data Protection Officer / EU-UK representative: TBD.]