Logo HashPaper.
Last Updated: March 20, 2026

Privacy by architecture.
Not just by policy.

At HashPaper, we don't just promise not to read your data—we engineered our systems so that it is mathematically impossible for us to do so.

01. The Zero-Retention Guarantee

The core function of HashPaper is to calculate a SHA-256 cryptographic hash of your intellectual property. To guarantee total privacy, this calculation is performed in volatile server memory (RAM).

The microsecond the 64-character hash string is generated, the PHP session memory holding your raw text is permanently and irreversibly destroyed via the unset() command. Your text is never written to a hard drive, database, or cloud storage bucket.

02. Information We Collect

To provide our services, prevent fraud, and comply with Indian financial regulations, we collect the following minimal data points:

  • Transaction Metadata: Your IP address at the time of minting, browser user-agent, and timestamp.
  • Ledger Metadata: The Owner Alias you choose to provide (e.g., "Agn****"), the title of the document, and the resulting SHA-256 hash string.
  • Communication Data: If you contact our support or legal team, we retain your email address and the contents of your message to provide customer service.

03. Information We DO NOT Collect

We explicitly do not collect, read, scan, or store the contents of your intellectual property. We do not use third-party tracking pixels (like Meta Pixel or Google Analytics) inside the secure hashing engine (`app.php`) to ensure your keystrokes and pasted data are never monitored by advertising networks.

04. The Public Ledger & Anonymity

HashPaper operates a Public Ledger to allow third-party verification of your Priority Date. By minting a certificate, you consent to publishing the specific 64-character SHA-256 hash and your chosen Owner Alias to this public database. Because SHA-256 is a one-way cryptographic function, it is mathematically impossible for anyone to reverse-engineer your original text from the public hash.

05. Third-Party Payment Processors

We do not store your credit card, UPI ID, or bank account information on our servers. All financial transactions are processed securely through RBI-approved Payment Aggregators (e.g., Razorpay, Instamojo). When you initiate a payment, you are subject to the privacy policies and security architectures of those respective processors.

06. User Rights (DPDP Act, 2023 compliance)

In accordance with India's Digital Personal Data Protection Act, you have the right to request the deletion of your personal communication data (e.g., support emails).

Please note: Due to the immutable nature of our evidentiary service, we cannot delete or alter a SHA-256 hash from the Public Ledger once it has been minted, as doing so would destroy the legal validity of the registry for all users. The hash string itself does not constitute Personal Data under the DPDP Act.

07. Security Inquiries

If you are a security researcher, legal professional, or user with specific questions regarding our Zero-Retention architecture, please direct your inquiries to our engineering team at api@hashpaper.in.

End of Privacy Policy Document