Attesta LogoAttesta

Privacy Policy

Last Updated: January 6, 2025

1. Introduction

Attesta ("we", "our", "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Platform.

Please read this Privacy Policy carefully. If you do not agree with the terms of this Privacy Policy, please do not access the Platform.

2. Information We Collect

2.1 Information You Provide

  • Wallet Address: Your blockchain wallet address when you connect to the Platform
  • Agreement Content: Text and data you input when creating legal agreements
  • Party Information: Wallet addresses of co-signers you add to agreements
  • Signatures: Cryptographic signatures when you sign documents

2.2 Automatically Collected Information

  • Usage Data: Pages visited, features used, time spent on Platform
  • Device Information: Browser type, operating system, IP address
  • Blockchain Data: Transaction hashes, block numbers, timestamps
  • Cookies: Session data, preferences, analytics (see Section 8)

2.3 Third-Party Data

  • WalletConnect: Connection metadata when you link your wallet
  • OpenAI: Prompts sent for AI document generation
  • Blockchain Networks: Public on-chain data (ICP, Constellation, Ethereum)

3. How We Use Your Information

We use collected information for the following purposes:

  • Service Provision: Create, store, and verify legal agreements
  • AI Generation: Send prompts to OpenAI to generate document content
  • Blockchain Operations: Store hashes and signatures on-chain
  • Communication: Send notifications about agreement status (if enabled)
  • Analytics: Improve Platform performance and user experience
  • Security: Detect fraud, abuse, and security threats
  • Legal Compliance: Comply with laws and respond to legal requests

4. Blockchain and Public Data

IMPORTANT: Blockchain Data is Public

When you use Attesta, the following information is stored permanently on public blockchains:

  • Document content hashes (SHA-256)
  • Wallet addresses of all signers
  • Cryptographic signatures
  • Timestamps of signing
  • Transaction hashes
  • NFT metadata (if certificate minted)

This data is publicly visible and CANNOT be deleted or modified. Anyone can view this information on blockchain explorers.

5. Data Sharing and Disclosure

5.1 Third-Party Services

We share data with the following third parties:

  • OpenAI: Document prompts for AI generation (subject to OpenAI's privacy policy)
  • WalletConnect: Wallet connection metadata
  • Blockchain Networks: ICP, Constellation, Ethereum/Base (public data)
  • Thirdweb (Nexus): Payment processing for AI services (if enabled)
  • Vercel: Hosting and analytics (subject to Vercel's privacy policy)

5.2 Legal Requirements

We may disclose your information if required to:

  • Comply with legal obligations (court orders, subpoenas)
  • Protect our rights and property
  • Prevent fraud or abuse
  • Ensure user safety

5.3 Business Transfers

If Attesta is acquired or merged, your information may be transferred to the new entity. We will notify you via email or Platform notice before such transfer.

6. Data Storage and Security

6.1 On-Chain Storage

  • ICP Canisters: Full agreement content stored in canister stable memory
  • Constellation: Validation proofs stored on DAG
  • Ethereum/Base: NFT metadata and certificate references

6.2 Off-Chain Storage

  • Vercel: Application hosting and edge caching
  • Browser Storage: Local session data and preferences

6.3 Security Measures

We implement security measures including:

  • HTTPS encryption for all data in transit
  • Cryptographic hashing (SHA-256) for document content
  • Blockchain immutability for tamper-proof records
  • Regular security audits and updates

However, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security.

7. Your Data Rights

7.1 Access and Portability

You have the right to:

  • Access your agreements and data on the Platform
  • Export your data in machine-readable format
  • View all on-chain data via blockchain explorers

7.2 Correction and Deletion

Important Limitation:

Blockchain data is immutable and CANNOT be deleted or modified. This includes:

  • Document hashes
  • Signatures
  • Timestamps
  • Wallet addresses

We can delete off-chain data (full document content in ICP canister) upon request, but on-chain references will remain permanently.

7.3 GDPR Rights (EU Users)

If you are in the European Union, you have additional rights:

  • Right to be Forgotten: Limited due to blockchain immutability
  • Data Portability: Export your data in JSON format
  • Restrict Processing: Limit how we use your data
  • Object: Object to certain data processing activities
  • Lodge Complaint: File complaint with your data protection authority

7.4 Exercising Your Rights

Ÿ To exercise any of these rights, contact us at: attestahq@proton.me

8. Cookies and Tracking

We use cookies and similar technologies for:

  • Essential Cookies: Required for Platform functionality (wallet session)
  • Analytics Cookies: Understand usage patterns (Vercel Analytics)
  • Preference Cookies: Remember your settings (theme, language)

You can control cookies through your browser settings. Note that disabling essential cookies may limit Platform functionality.

9. International Data Transfers

Your data may be transferred to and processed in countries outside your jurisdiction, including:

  • United States (Vercel hosting, OpenAI processing)
  • Blockchain nodes globally distributed

We ensure appropriate safeguards are in place for international transfers, including standard contractual clauses and adequacy decisions.

10. Children's Privacy

Attesta is not intended for users under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected data from a child, please contact us immediately.

11. Data Retention

  • Blockchain Data: Retained permanently (immutable)
  • ICP Canister Data: Retained indefinitely unless deletion requested
  • Analytics Data: Retained for 24 months
  • Logs: Retained for 90 days

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of changes by:

  • Posting the new Privacy Policy on this page
  • Updating the "Last Updated" date
  • Sending email notification (for material changes)

Your continued use of the Platform after changes constitutes acceptance of the updated Privacy Policy.

13. Contact Us

If you have questions about this Privacy Policy or our privacy practices, contact us at:

Email: attestahq@proton.me
GitHub: https://github.com/winsznx/attesta
Data Protection Officer: attestahq@proton.me

14. Third-Party Privacy Policies

Please review the privacy policies of our third-party service providers:

  • OpenAI: https://openai.com/privacy/
  • WalletConnect: https://walletconnect.com/privacy
  • Vercel: https://vercel.com/legal/privacy-policy
  • Thirdweb: https://thirdweb.com/privacy