Privacy Policy

Last updated: December 16, 2025 | Effective: December 16, 2025

1. Introduction

DocuStamper ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you use our website and services.

This policy complies with the Singapore Personal Data Protection Act 2012 ("PDPA") and other applicable data protection laws including the EU General Data Protection Regulation ("GDPR") where applicable.

2. Data Controller

DocuStamper

Singapore

Data Protection Officer: [email protected]

3. Personal Data We Collect

3.1 Information You Provide

Data TypeExamplesPurpose
Account InformationName, email, passwordAccount creation and authentication
Billing InformationPayment method, billing addressProcess payments (via Stripe/PayPal)
DocumentsPDFs, images you uploadProvide document processing services
CommunicationsSupport tickets, feedbackRespond to inquiries, improve service
Tester ProgramName, company, use case descriptionEvaluate tester access requests
Launch NotificationsEmail addressNotify when service launches publicly
Tester FeedbackFeedback type, title, description, attachmentsImprove service, manage rewards program

3.2 Information Collected Automatically

Data TypeExamplesPurpose
Usage DataFeatures used, pages visitedImprove service, analytics
Device InformationBrowser type, OS, device typeOptimize user experience
Log DataIP address, timestamps, errorsSecurity, debugging, fraud prevention
CookiesSession, preferencesAuthentication, remember settings

3.3 Document Integrity Features

FeatureData CollectedStorage
Blockchain TimestampingDocument hash (SHA-512), timestamp, transaction IDPolygon blockchain (permanent, public)
Chain of CustodyEvent type, user ID, timestamp, IP address, geolocationOur secure database (encrypted)
Expiring StampsValidity dates, stamp configuration, verification statusOur secure database (encrypted)
Document VerificationDocument hash, verification timestamp, verifier IPOur secure database (encrypted)

Important: Blockchain Data Privacy

  • Only the document hash is recorded on the blockchain - never the document content
  • Blockchain records are permanent and cannot be deleted
  • Document hashes alone cannot be used to reconstruct your document
  • Transaction IDs are linked to your account for verification purposes

4. How We Use Your Data

We use your personal data for the following purposes:

  • Provide Services: Process documents, execute signatures, enable AI features
  • Account Management: Create and manage your account, authenticate access
  • Billing: Process payments, send invoices, manage subscriptions
  • Communication: Send service updates, respond to support requests
  • Security: Detect fraud, prevent abuse, protect our systems
  • Improvement: Analyze usage patterns to improve features
  • Tester Program: Manage access requests, process feedback, administer rewards
  • Launch Notifications: Send product launch announcements and promotional offers
  • Legal Compliance: Meet regulatory requirements, respond to legal requests

5. Legal Basis for Processing (GDPR)

For users in the European Economic Area, we process data based on:

  • Contract: To provide the services you requested
  • Consent: For optional features like marketing emails
  • Legitimate Interest: For security, fraud prevention, and service improvement
  • Legal Obligation: To comply with applicable laws

6. Data Sharing and Disclosure

We may share your data with:

6.1 Service Providers

ProviderPurposeData Shared
StripePayment processingBilling information
PayPalPayment processingBilling information
Cloud Hosting (AWS/Vercel)InfrastructureEncrypted data storage
Polygon NetworkBlockchain timestampingDocument hash only (not content)
IP Geolocation ServicesChain of custody trackingIP address (returns location data)

6.2 Other Disclosures

  • Legal Requirements: When required by law, court order, or government request
  • Safety: To protect the rights, safety, or property of users or the public
  • Business Transfers: In connection with a merger, acquisition, or sale of assets

We do NOT:

  • Sell your personal data
  • Share your data for advertising purposes
  • Read or analyze your document content except to provide requested services

7. Data Retention

Data TypeRetention Period
Uploaded documentsDeleted immediately after processing (not stored)
Document activity historyFilenames, hashes, timestamps only - Until account deletion
Account informationUntil account deletion + 30 days
Billing records7 years (legal requirement)
Security logs90 days
Tester access requestsUntil resolved + 1 year
Launch subscriber dataUntil unsubscribed + 30 days
Tester feedbackUntil account deletion
Blockchain timestampsPermanent (cannot be deleted from blockchain)
Chain of custody recordsUntil account deletion + 7 years (legal compliance)
Expiring stamp configurationsUntil expiration + 1 year

Note on Blockchain Data

Blockchain timestamps are permanent by design. Once a document hash is recorded on the Polygon blockchain, it cannot be deleted or modified. This is fundamental to blockchain's value as tamper-proof proof of existence. Account deletion will remove the association between your account and the blockchain record, but the hash itself will remain on the public blockchain.

8. Your Rights

Under PDPA, GDPR, and other applicable laws, you have the right to:

Access

Request a copy of your personal data

Correction

Update inaccurate or incomplete data

Deletion

Request deletion of your data

Portability

Receive your data in a portable format

Withdraw Consent

Opt out of optional data processing

Object

Object to certain types of processing

To exercise these rights, contact us at [email protected]. We will respond within 30 days.

9. Data Security

We implement appropriate security measures including:

  • Encryption in transit (TLS 1.3) and at rest (AES-256)
  • Secure password hashing (bcrypt)
  • Regular security assessments and monitoring
  • Access controls and audit logging
  • Secure cloud infrastructure (SOC 2 compliant providers)

For more details, see our Security & Trust page.

10. International Data Transfers

Your data may be processed in countries outside Singapore. We ensure appropriate safeguards are in place, including Standard Contractual Clauses for transfers to countries without adequate data protection laws.

11. Cookies and Tracking

We use cookies for:

Cookie TypePurposeRequired?
EssentialAuthentication, security, sessionYes
FunctionalPreferences, settingsOptional
AnalyticsUsage statistics (anonymized)Optional

You can manage cookie preferences through our cookie banner or your browser settings.

12. Children's Privacy

Our Service is not intended for children under 18. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us immediately.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or through the Service. The "Last Updated" date at the top indicates the latest revision.

14. Contact Us

For privacy-related questions or to exercise your rights:

Data Protection Officer

DocuStamper

Email: [email protected]

If you are not satisfied with our response, you may lodge a complaint with the Personal Data Protection Commission (PDPC) in Singapore or your local data protection authority.

Blockchain Timestamping|Chain of Custody|Expiring Stamps
Terms of Service|Security & Trust|Contact Us