📜 Legal

Privacy Policy, Terms of Service & GDPR Compliance

🔒 Privacy Policy

Last updated: January 2025
📄
Files Never Stored

Your documents are processed in memory and immediately discarded.

🔐
Hash Only

We store only the SHA-256 hash — impossible to reverse.

🚫
No Tracking

No analytics, no advertising, no third-party cookies.

1. Data Controller

SBIX — ASN 30077
Email: privacy@sbix.io

2. Data We Collect

DataPurposeRetention
Email addressAccount & notificationsUntil deletion
Password (hashed)AuthenticationUntil deletion
File hash (SHA-256)CertificationPermanent
FilenameCertificate displayUntil deletion
IP addressSecurity7 days

3. Data We Do NOT Collect

  • ❌ Your actual files or documents
  • ❌ File contents in any form
  • ❌ Browsing history or behavior
  • ❌ Device fingerprints
  • ❌ Third-party tracking data

4. Third Parties

ServicePurposeData Shared
StripePaymentsEmail, payment info
Tezos NetworkBlockchainHash only (public)
Aleph.imDecentralized storageHash only (public)
FreeTSATimestampHash only

5. Cookies

We use only essential cookies:

  • session — Authentication (session)
  • sbix_theme — Theme preference (1 year)
  • sbix_lang — Language preference (1 year)

No analytics, advertising, or third-party tracking cookies.

6. Security

  • ✅ TLS 1.3 encryption
  • ✅ Passwords hashed with bcrypt
  • ✅ Ed25519 signatures
  • ✅ Rate limiting & DDoS protection

📋 Terms of Service

Last updated: January 2025

1. Acceptance

By using SBIX Certify, you agree to these Terms of Service. If you do not agree, please do not use our service.

2. Service Description

SBIX Certify provides document certification services including:

  • SHA-256 cryptographic hashing
  • Merkle tree proof generation
  • Ed25519 digital signatures
  • RFC-3161 TSA timestamps
  • Blockchain anchoring (Tezos, Aleph.im)
  • PDF certificate generation

3. User Responsibilities

  • Provide accurate registration information
  • Maintain the security of your account
  • Use the service only for lawful purposes
  • Not attempt to circumvent security measures
  • Not use the service for illegal document certification

4. Intellectual Property

You retain all rights to your documents. SBIX Certify does not claim ownership of any files you certify. We only store cryptographic hashes, not your actual files.

5. Service Availability

We strive for 99.9% uptime but do not guarantee uninterrupted service. Scheduled maintenance will be announced in advance when possible.

6. Pricing & Payments

  • Free Plan: 5 certificates per month
  • Pro Plan: €29/month, unlimited certificates
  • Payments processed securely via Stripe
  • Cancel anytime, no refunds for partial months

7. Limitation of Liability

SBIX Certify is provided "as is" without warranties. We are not liable for:

  • Indirect or consequential damages
  • Loss of data or profits
  • Service interruptions
  • Third-party blockchain network issues

Our maximum liability is limited to the fees you paid in the last 12 months.

8. Certificate Validity

Certificates provide cryptographic proof of document existence at a specific time. Legal validity may vary by jurisdiction. Consult legal counsel for specific legal requirements.

9. Termination

We may terminate accounts that:

  • Violate these terms
  • Engage in fraudulent activity
  • Abuse the service

You may delete your account at any time from your dashboard.

10. Changes to Terms

We may update these terms. Continued use after changes constitutes acceptance. Material changes will be notified via email.

11. Governing Law

These terms are governed by the laws of the European Union. Disputes will be resolved in EU courts.

12. Contact

SBIX — ASN 30077
Email: legal@sbix.io

🇪🇺 GDPR Compliance

Last updated: January 2025
🇪🇺
Fully GDPR Compliant

SBIX Certify complies with the European General Data Protection Regulation (EU) 2016/679.

Legal Basis (Article 6)

ProcessingLegal Basis
Account creationContract (Art. 6.1.b)
CertificationContract (Art. 6.1.b)
Email notificationsConsent (Art. 6.1.a)
Security loggingLegitimate interest (Art. 6.1.f)
PaymentsContract (Art. 6.1.b)

Your Rights

📋 Access

Request a copy of your data

✏️ Rectification

Correct inaccurate data

🗑️ Erasure

Request data deletion

⏸️ Restriction

Limit processing

📦 Portability

Export your data

🚫 Object

Object to processing

Data Retention

  • Account data: Until you delete your account
  • Certificates: Permanent (blockchain is immutable)
  • Server logs: 7 days
  • Payment records: 7 years (legal requirement)
⚠️ Important: Blockchain anchors are permanent and cannot be deleted due to the immutable nature of blockchain technology. However, no personal data is stored on-chain — only cryptographic hashes.

International Transfers

Your data is processed within the EU. Blockchain anchoring involves public networks (Tezos, Aleph.im) but only transmits cryptographic hashes, not personal data.

Data Protection Officer

For GDPR requests, contact:
Email: privacy@sbix.io
Response time: Within 30 days

Supervisory Authority

You have the right to lodge a complaint with your local data protection authority if you believe your rights have been violated.