Data Retention Policy
Data Categories
TimeProof handles several categories of data, each with different retention characteristics:
| Category | Stored By | Retention | Your Control |
|---|---|---|---|
| Blockchain anchors | Polygon network | Permanent | Cannot be deleted (immutable) |
| File hashes | Database + blockchain | Permanent | Blockchain copy is immutable |
| Filenames & sizes | Database only | While account active | Removed on account deletion |
| Merkle proofs | Database + certificates | While account active / permanent on cert | Download certificates for permanency |
| Account profile | Database | While account active | Editable and deletable |
| Credit balances | Database | While account active | Consumed or refunded |
| Payment records | Database + Stripe | Legal retention period | Subject to financial regulations |
| Session data | Server memory | Until session expires | Cleared on sign-out |
| Notification history | Database | While account active | Individually deletable |
| Your actual files | Your device only | You control this | Never sent to TimeProof |
What’s Permanent (Blockchain)
The following data is anchored on the Polygon blockchain and cannot be modified or deleted by anyone — including TimeProof:
- Transaction hash — the unique identifier of the anchoring transaction
- Merkle root (for batch timestamps) or individual file hash
- Block number — which block contains the transaction
- Block timestamp — when the block was mined (the provable timestamp)
- Wallet address — which wallet submitted the transaction (TimeProof’s anchor wallet)
This data is public and permanent. It’s the foundation of TimeProof’s trustless verification model.
What’s in the Database
TimeProof’s server database stores operational data needed for the dashboard and API:
Account Data
| Field | Retention |
|---|---|
| Wallet address | While account exists |
| Email (optional) | While account exists, editable |
| Display name (optional) | While account exists, editable |
| Identity verification status | While account exists |
| Notification preferences | While account exists |
Timestamp Records
| Field | Retention |
|---|---|
| Job metadata (ID, status, credit type) | While account exists |
| File records (name, hash, size) | While account exists |
| Merkle proof data | While account exists |
| Receipt data | While account exists |
| Transaction references | While account exists |
Financial Records
| Field | Retention |
|---|---|
| Payment history | Legal retention period |
| Credit balance transactions | Legal retention period |
| Stripe references | Per Stripe’s retention policy |
Financial records may be retained longer than account data to comply with tax and financial regulations.
What We Never Store
TimeProof’s architecture ensures we never have access to:
- Your file contents — hashed locally, never uploaded
- Your wallet private key — used only for signing in your browser/wallet
- Your identity documents — processed by Stripe Identity, not stored by TimeProof
- Your browsing history — no tracking across sites
- File contents recoverable from hashes — SHA-256 is a one-way function
Account Deletion
When you request account deletion:
Removed:
- Account profile (email, display name, preferences)
- Notification history
- Session data
- Organization memberships (if sole owner, org is also deleted)
Retained (immutable):
- Blockchain transaction records (cannot be deleted)
- Any certificates you’ve already downloaded (on your device, your control)
Retained (regulatory):
- Financial transaction records (for the legally required retention period)
Certificate Data Lifecycle
Certificates contain a snapshot of all verification data:
- Generation — certificates are created when timestamps are anchored
- Availability — downloadable from the dashboard while your account is active
- Your copy — once downloaded, the certificate is yours permanently
- Recommendation — download and back up certificates as soon as they’re ready
For Legal-Grade packages, the ZIP file contains everything needed for permanent independent verification:
- Detailed PDF certificate
- JWS identity attestation
- Merkle proof data
- Verification instructions
Data Backups
TimeProof’s database is backed up regularly to protect against data loss:
- Automated backups at regular intervals
- Point-in-time recovery for the database
- Geographically distributed backup storage
Backups protect against server failures and data corruption — but they’re secondary to the blockchain, which is the authoritative record for all timestamps.
Your Data Rights
You have the right to:
| Right | How |
|---|---|
| Access your data | View all data through the dashboard and API |
| Export your data | Download certificates, receipts, and activity history |
| Correct your data | Update email, display name, and preferences |
| Delete your account | Request account deletion through settings |
| Understand data usage | This page and the Privacy documentation |
Data Minimization
TimeProof follows a data minimization philosophy:
- We only collect data necessary for the service to function
- Files are never uploaded — only their hashes
- Identity verification is outsourced to Stripe (we store status, not documents)
- Optional fields (email, display name) are truly optional
- You can use TimeProof with nothing but a wallet address
Related Guides
- Privacy and Your Files — how your privacy is protected
- Security Architecture — technical security measures
- What Happens If TimeProof Goes Down? — service continuity
- Account Settings — managing your account data
Use the live product for timestamping and verification.
The company site owns the technical reference. The app handles runtime workflows.