User Privacy Agreement
How We Handle Your Data
Last Updated: January 5, 2026
The Hasht Paradox
We protect your creative privacy BY recording your creation process. Our audit trails aren't surveillance - they're your shield. Every timestamp, every log entry, every hash becomes evidence that YOU created your work. The data we collect IS the product we deliver.
1. Our Philosophy
Hasht exists to prove human creative involvement. This requires collecting and preserving evidence of your creative process. Unlike services that collect data to monetize you, we collect data to protect you.
Your audit trail is not a privacy violation - it's your proof of creation.
2. What We Collect
2.1 Identity Information
- Name: For your Creator Crest and proof documents
- Email: For account access and notifications
- Company/Organization: Optional, for professional creators
- Password: Stored as a secure hash, never in plain text
2.2 Creation Evidence
- File Hashes: Cryptographic fingerprints of your work (SHA-256)
- Timestamps: Precise moment each hash was created
- Creation Logs: Your documented creative process
- Snapshots: Visual progress captures (if you use this feature)
- Metadata: Descriptions, titles, project information
2.3 Activity & Security Logs
- IP Addresses: Logged with each action for verification
- Timestamps: When you logged in, created proofs, etc.
- User Agent: Browser/device info for security
- Actions: What you did and when (login, hash creation, exports)
2.4 Generated Data
- Creator Crest: Your unique visual identifier
- Crest ID: Unique hash-based identifier
- Digital Signatures: RSA signatures on your proofs
- Proof Documents: Generated PDFs and hash packages
3. Why We Collect It
| Data Type | Purpose |
|---|---|
| Identity | Link proofs to you, create your Crest |
| File Hashes | Prove specific content existed at specific time |
| Timestamps | Establish "first to claim" priority |
| IP Addresses | Verify authenticity, prevent fraud |
| Activity Logs | Document your creative process |
4. Data Retention
Permanence is the Point
Evidence that can be deleted isn't evidence. Your hashed rights are designed to persist indefinitely because their value depends on their permanence.
4.1 What We Keep Forever
- File hashes and their timestamps
- Digital signatures and proof packages
- Creator Crests and Crest IDs
- Creation logs and activity records
4.2 What You Can Control
- Your account email and password
- Profile information (name, company)
- Future creation activity (you can stop using the service)
4.3 Deletion Limitations
Because our service provides evidence, we cannot delete:
- Hashed rights once created (they're timestamped proof)
- Audit logs (they verify the system's integrity)
- Your Creator Crest (it's linked to existing proofs)
We will provide full data export upon request.
5. Data Security
- Encryption: All data transmitted over HTTPS
- Password Security: Bcrypt hashing with salt
- Access Controls: Role-based access to admin functions
- Cryptographic Integrity: RSA signatures prevent tampering
- Backup: Regular database backups for evidence preservation
6. Your Rights
6.1 Access
You can view all data associated with your account through your dashboard, including your Crest, all hashed rights, and activity logs.
6.2 Export
You can export your complete proof package including PDFs, hash files, and JSON data at any time.
6.3 Correction
You can update your profile information. However, existing proofs cannot be modified (that would undermine their evidentiary value).
6.4 Portability
Your hash proofs are designed to be verifiable externally. You can take your proof packages anywhere.
7. Third-Party Sharing
We do NOT sell your data. We may share data only:
- With your consent: When you explicitly authorize it
- For legal compliance: When required by law or court order
- To verify proofs: When you share proof links for third-party verification
- With service providers: Essential services (hosting, email) under strict agreements
8. Cookies & Tracking
We use essential cookies only:
- Session cookies: Keep you logged in
- Security cookies: Prevent cross-site attacks
We do NOT use advertising cookies, tracking pixels, or third-party analytics that profile you.
9. Children's Privacy
Hasht is not intended for users under 18. We do not knowingly collect data from minors. If you believe a minor has registered, contact us for removal.
10. Changes to This Policy
We may update this privacy agreement. Material changes will be communicated via email or dashboard notification at least 30 days before taking effect.
11. Contact
Questions about privacy? Contact us at:
privacy@hashedright.com
By using Hasht, you acknowledge that audit trails and evidence preservation are core features of our service, not privacy violations. Your data protects your creative rights.