Privacy Policy
Last updated: 1 March 2026
1. Data Controller
Christophe Bouriel
Sole trader — SIRET 101 490 506 00017
IMM Les Frênes, 126 rue des Frênes, 74350 Cruseilles, France
Contact: contact@etchproof.eu
2. Core Principle: Your Document Never Leaves Your Device
ETcH is designed from the ground up never to receive the content of your files. The SHA-256 hash of your document is computed locally in your browser using the Web Crypto API. Only this cryptographic fingerprint — a 64-character hexadecimal string — is transmitted to the server.
A SHA-256 hash is a one-way function. It is mathematically impossible to reconstruct the original document from its hash. Your content remains strictly confidential, including from ETcH.
Learn more about how hashing works →
3. Data Collected and Legal Bases
| Data | Purpose | Legal basis | Retention period |
|---|---|---|---|
| Email address | User identification, sending the confirmation link, delivering the proof artefact | Contract performance (Art. 6.1.b GDPR) | Duration of service relationship + 3 years |
| SHA-256 hash of the file | Anchoring on Ethereum, proof construction | Contract performance | Indefinite on-chain (see §4); included in ZIP artefact |
| IP address and user-agent at confirmation | Establishing the identity chain of the proof (probative value) | Legitimate interest (Art. 6.1.f GDPR) — the proof only has value if the identity of the person who triggered the act can be established | Permanently included in the ZIP artefact delivered to the user; server log: 1 year |
| Stripe PaymentIntent ID | Accounting and fiscal obligation | Legal obligation (Art. 6.1.c GDPR) | 10 years (French commercial and tax law) |
| Anchored session record (hash, email, Ethereum tx, confirmation log) | Service integrity, audit, user support | Legitimate interest + legal obligation (financial component) | Indefinite for anchored sessions |
| Expired pending sessions | None (automatic cleanup) | — | Anonymised or deleted within one year of expiry |
| Confirmation token | One-time identity verification | Contract performance | Deleted after use or on expiry (24 h) |
Email address
Purpose: User identification, sending the confirmation link, delivering the proof artefact
Legal basis: Contract performance (Art. 6.1.b GDPR)
Retention period: Duration of service relationship + 3 years
SHA-256 hash of the file
Purpose: Anchoring on Ethereum, proof construction
Legal basis: Contract performance
Retention period: Indefinite on-chain (see §4); included in ZIP artefact
IP address and user-agent at confirmation
Purpose: Establishing the identity chain of the proof (probative value)
Legal basis: Legitimate interest (Art. 6.1.f GDPR) — the proof only has value if the identity of the person who triggered the act can be established
Retention period: Permanently included in the ZIP artefact delivered to the user; server log: 1 year
Stripe PaymentIntent ID
Purpose: Accounting and fiscal obligation
Legal basis: Legal obligation (Art. 6.1.c GDPR)
Retention period: 10 years (French commercial and tax law)
Anchored session record (hash, email, Ethereum tx, confirmation log)
Purpose: Service integrity, audit, user support
Legal basis: Legitimate interest + legal obligation (financial component)
Retention period: Indefinite for anchored sessions
Expired pending sessions
Purpose: None (automatic cleanup)
Legal basis: —
Retention period: Anonymised or deleted within one year of expiry
Confirmation token
Purpose: One-time identity verification
Legal basis: Contract performance
Retention period: Deleted after use or on expiry (24 h)
Connection Data (French LCEN)
In compliance with Article 6-II of the French law on the Digital Economy (LCEN) and Decree 2011-219, ETcH retains connection data (IP address, timestamp, protocols used) for a minimum of 1 year from each operation. This data may be disclosed to judicial authorities upon lawful request.
4. Data on the Ethereum Blockchain
Anchoring on Ethereum is permanent and irreversible by design — this is precisely the value of the service. The hash of your document and the transaction timestamp are permanently recorded on the public Ethereum network.
This data does not constitute personal data: a SHA-256 hash is a cryptographic fingerprint that reveals nothing about the document's content. No third party can reconstruct your file from the hash recorded on the blockchain.
Accordingly, the right to erasure (Art. 17 GDPR) cannot apply to data inscribed on the blockchain. It does apply to ETcH's server-side data (email, IP address, session records), which can be anonymised upon request (see §6).
5. Sub-processors and Data Transfers
| Sub-processor | Role | Location | Safeguards |
|---|---|---|---|
| OVH | Server hosting | Switzerland (Zurich) | GDPR data processing agreement — adequate protection level |
| Stripe | Payment processing | USA / EU | Standard Contractual Clauses — Stripe Privacy Policy |
| Brevo | Transactional email delivery | France (EU) | GDPR sub-processor — data hosted in EU |
| Ethereum network | Blockchain anchoring | Worldwide (decentralised) | Public data by design — no personal data transmitted |
OVH
Role: Server hosting
Location: Switzerland (Zurich)
Safeguards: GDPR data processing agreement — adequate protection level
Stripe
Role: Payment processing
Location: USA / EU
Safeguards: Standard Contractual Clauses — Stripe Privacy Policy
Brevo
Role: Transactional email delivery
Location: France (EU)
Safeguards: GDPR sub-processor — data hosted in EU
Ethereum network
Role: Blockchain anchoring
Location: Worldwide (decentralised)
Safeguards: Public data by design — no personal data transmitted
No personal data is sold, rented or transferred to third parties for commercial purposes.
6. Your Rights
Under the GDPR, you have the following rights over your personal data held server-side by ETcH:
- Right of access — obtain a copy of all data held about you by ETcH.
- Right to rectification — have inaccurate data corrected.
- Right to erasure — request deletion or anonymisation of your server-side data (email, IP address, session records). Note: this right does not apply to data inscribed on the Ethereum blockchain (see §4).
- Right to data portability — receive your data in a structured, machine-readable format.
- Right to object — object to processing based on legitimate interest.
To exercise your rights: contact@etchproof.eu
You may also lodge a complaint with your national supervisory authority. In France: CNIL — — 3 Place de Fontenoy, TSA 80715, 75334 Paris Cedex 07.www.cnil.fr
7. Cookies
ETcH uses no tracking, advertising or analytics cookies. The only cookies that may be set are those strictly necessary for the service to function (Stripe payment session). No consent is required for these technical cookies.
8. Security
Data is transmitted over HTTPS (TLS). The server runs on a secured VPS with SSH key-only authentication, an active firewall and automatic security updates. Ethereum private keys are never exposed in logs or API responses.
9. Amendments
This policy may be updated. The date of the last update is shown at the top of this page. In the event of a material change, a notice will be published on the site.
For any data protection enquiry: contact@etchproof.eu