Privacy Policy

Your Data, Your Control

Last updated: February 2026

1. Controller

Libris Ventures LLC, a limited liability company organised under the laws of Wyoming, USA ("Libris Ventures", "we", "us"), is the data controller for the processing described in this policy.

2. What We Collect

Data we store

  • SHA-256 hash — the cryptographic fingerprint of your file (64 hexadecimal characters). This is not personal data; it cannot be reversed to reconstruct your file.
  • Certificate reference number — a unique identifier (e.g. LV-AH-2026-XKW-MPD-RBT).
  • Registration timestamp — the date and time of registration.
  • OpenTimestamps proof — the cryptographic proof file linking the hash to the Bitcoin blockchain.
  • Registrant email (optional) — only if you choose to provide it.
  • Paddle transaction ID — a reference to the payment processed by Paddle.

Data we do NOT collect

  • Your file or digital asset. It is hashed entirely in your browser (or you hash it manually) and never transmitted to us.
  • Your legal name (unless you provide it voluntarily via email or in the Certificate form).
  • Payment card details (processed and held exclusively by Paddle).

3. Legal Basis (GDPR)

We process your data on the basis of contract performance (Article 6(1)(b) GDPR) — the data is necessary to deliver the AuthorHash certificate you purchased. Where you provide your email, processing is also based on legitimate interest (Article 6(1)(f)) for service delivery (sending confirmation emails and enabling magic-link certificate retrieval).

4. Payment Processing

Payments are processed by Paddle.com Market Limited, which acts as our Merchant of Record. Paddle collects and processes your payment information under its own privacy policy. We receive only a transaction ID confirming successful payment.

5. Data Retention

Certificate data (hash, reference, timestamp, proof) is retained indefinitely — the purpose of the service is to provide a permanent verifiable record. If you provided an email, it is retained alongside the certificate data to enable retrieval. You may request deletion of your email at any time; however, the certificate record itself must be retained to maintain the integrity of the registry.

6. Data Sharing

We do not sell your data. We share data only with:

  • Paddle — payment processing (Merchant of Record).
  • DigitalOcean — server hosting and infrastructure (data stored in US data centres).
  • Public blockchain — the SHA-256 hash is anchored to the Bitcoin blockchain. This is a core feature of the service. The hash alone cannot identify you or reveal your file contents.

7. Your Rights (GDPR)

If you are in the EEA/UK, you have the right to access, rectify, erase, restrict, and port your personal data, and to object to processing. Note that erasure of the certificate record (hash, reference, timestamp) would destroy the proof of existence — which is the service you purchased. We will explain this if you request erasure and work with you to find a reasonable solution.

To exercise your rights, contact us at the address below.

8. Cookies

We do not use tracking cookies or third-party analytics. Paddle may set cookies during the checkout process under its own cookie policy.

9. Contact

For privacy-related inquiries:
Libris Ventures LLC
Wyoming, USA
privacy@librisventures.com