← FactonHub

Privacy Policy

Last updated: April 2025

1. Overview

FactonHub ("we", "us", or "our") operates a zero-knowledge digital evidence vault. This Privacy Policy explains what personal data we collect, how we use it, and your rights regarding that data. By using FactonHub, you agree to the practices described below.

2. Zero-Knowledge Architecture

FactonHub is built around a zero-knowledge principle for documents. When you seal a file:

• Your original file is processed entirely in RAM and never written to our servers' permanent storage.
• Only a cryptographic SHA-256 hash fingerprint is anchored to the blockchain.
• If you opt into encrypted document storage, your file is encrypted with AES-256-GCM using a key derived specifically for your account before upload. FactonHub operators cannot decrypt or access the original file.
• AI systems integrated into FactonHub have no access to your documents, hashes, or personal identifiers.

3. Data We Collect

We collect the minimum data necessary to provide the service:

• Account data: Email address, hashed password (stored by Supabase Auth), account creation date.
• Seal records: Cryptographic fingerprints (SHA-256, SHA-3-256), blockchain transaction IDs, GPS coordinates, timestamp, vault type, and optional description you provide.
• Billing data: Subscription tier. Payment processing is handled by Stripe; we do not store card numbers.
• Usage data: Request logs (IP address, endpoint, HTTP status code) retained for up to 30 days for security and abuse prevention.

4. How We Use Your Data

• To authenticate your account and secure access to your vault.
• To anchor evidence fingerprints to the blockchain on your behalf.
• To generate and deliver PDF evidence certificates via email.
• To enforce usage limits based on your subscription tier.
• To detect and prevent fraud, abuse, and security threats.
• To comply with applicable law, court orders, or law enforcement requests.

5. Data Retention

Seal records (fingerprints, blockchain anchors) are retained indefinitely to preserve the integrity of immutable proof. You may delete your account at any time, which permanently removes all personal data, seal records, and encrypted documents from our systems.

6. Third-Party Services

• Supabase: Authentication and database hosting. Data processed in EU/US regions.
• Blockchain technology: Transaction IDs and hashes are written to a public, immutable blockchain. They cannot be deleted.
• Google Cloud (Cloud Run, Secret Manager): API hosting and key management.
• Stripe: Payment processing. Governed by Stripe's own Privacy Policy.

7. Your Rights (GDPR / UK GDPR)

If you are in the EU, UK, or another jurisdiction with data protection laws, you have the right to:

• Access: Request a copy of the personal data we hold about you.
• Rectification: Correct inaccurate personal data.
• Erasure (Right to be Forgotten): Delete your account and all associated personal data via Profile → Delete Account.
• Portability: Request export of your data in a machine-readable format.
• Object: Object to certain types of processing.

Note: Blockchain transactions are immutable by design and cannot be deleted — this is inherent to the technology and not within our control.

8. Cookies & Tracking

FactonHub does not use tracking cookies or third-party advertising pixels. We use session tokens (stored in secure local storage) solely to maintain your authenticated session.

9. Data Security

We implement industry-standard security measures including TLS encryption in transit, AES-256-GCM encryption at rest for stored documents, HKDF-derived per-record encryption keys, rate limiting, and JWT-based authentication. No system is 100% secure; we encourage you to use a strong, unique password.

10. Children's Privacy

FactonHub is not intended for users under 18 years of age. We do not knowingly collect personal data from minors. If you believe a minor has created an account, please contact us immediately.

11. Changes to this Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or an in-app notice. Continued use of FactonHub after changes constitutes acceptance of the updated policy.

12. Contact

For privacy inquiries, data access requests, or complaints, contact us at: [email protected]

If you are in the EU/UK and are not satisfied with our response, you have the right to lodge a complaint with your local supervisory authority (e.g., ICO in the UK, or your national DPA in the EU).