Legal

Privacy Policy

Last updated: 31 May 2026 — This policy explains what data Trustetch collects, why, and your rights. It is written with India's Digital Personal Data Protection Act, 2023 (DPDP) and the GDPR in mind.

01 Who we are

Trustetch ("we") is the data fiduciary/controller for personal data processed through the Service. Contact: hello@trustetch.com.

02 What we collect

DataWhy
Media you seal (photo / video)To create and serve the proof you requested. You choose what to submit.
Proof metadata (hashes, time, device info, optional geolocation)To form the tamper-evident record. Hashes reveal nothing about content.
Account / contact details (email, name, company)To provide accounts, support, and respond to enquiries.
Identity data (if you use optional identity binding)To bind a verified identity to a proof. We store a label or tokenized reference — never raw Aadhaar/passport numbers.
Usage + technical data (IP, request logs)Security, rate-limiting, abuse prevention, and service operation.
Payment dataHandled by our payment processor (e.g. Razorpay / Stripe). We do not store full card details.

03 How we use it

To provide the Service, create and verify proofs, operate and secure our systems, communicate with you, process payments, and comply with law. We do not sell your personal data, and we do not use your media to train AI models. Trustetch uses no AI in creating or verifying a proof.

04 Sharing

We share data only with: infrastructure and payment providers acting on our behalf; timestamp authorities and the public Bitcoin network (which receive only a one-way hash, never your media or its content); and authorities where legally required. A proof's public verification page shows only what you chose to make verifiable.

05 Retention

Proof records and any media you chose to store are retained to keep the proof verifiable, for as long as your account is active or as needed for the proof's purpose, unless you request deletion. Note: the Bitcoin anchor (a one-way hash) is permanent and public by design and cannot be deleted — but it contains no personal data and cannot be reversed to reveal content.

06 Your rights

Subject to applicable law, you may request access to, correction of, or deletion of your personal data, withdraw consent, or lodge a complaint. Under DPDP you may also nominate a representative. To exercise rights, email hello@trustetch.com.

07 Security

We use encryption in transit (TLS), cryptographic signing, access controls, and keep the signing key isolated. No system is perfectly secure; we work to protect your data and will notify you and authorities of breaches as required.

08 International transfers

Your data may be processed on servers in or outside your country. Where required, we apply appropriate safeguards.

09 Children

The Service is not directed to children under the age set by applicable law, and we do not knowingly collect their data without verifiable parental consent.

10 Changes

We may update this policy; material changes are posted here with a new date.

This document is a template provided for convenience and is not legal advice. Have a qualified lawyer/DPDP consultant review it before relying on it commercially, and register a Grievance Officer if DPDP applies to you.