Privacy and Your Files
Privacy by Architecture
TimeProof is designed so that privacy isn’t a policy choice — it’s an architectural guarantee. Your files physically cannot reach TimeProof’s servers because the system never asks for them.
Here’s what happens when you timestamp a file:
- You select a file in your browser
- Your browser computes the SHA-256 hash locally (in JavaScript)
- Only the hash (64 characters) is sent to the server
- The hash is anchored on the Polygon blockchain
- Your file stays on your machine, untouched
There is no upload form, no file transfer, no cloud storage. The browser’s file reader and crypto APIs handle everything locally.
What TimeProof Sees
| Data | TimeProof Sees? | Why |
|---|---|---|
| File contents | Never | Hashed locally, not transmitted |
| File hash (SHA-256) | Yes | Required for blockchain anchoring |
| Filename | Yes | User-provided, for dashboard display |
| File size | Yes | Metadata only |
| File type / EXIF data | No | Not extracted or stored |
| Your wallet address | Yes | For authentication |
| Your email (optional) | Only if provided | For notifications, not required |
| Your IP address | In server logs | Standard web server logging |
Why Hashing Protects You
SHA-256 is a one-way cryptographic function. Given a file, you can compute its hash instantly. But given a hash, you cannot work backward to discover the file — not with any computer, not with any amount of time.
This means:
- The hash
e3b0c44298fc1c...on the blockchain reveals nothing about whether it represents a legal contract, a photograph, or a song - Even if someone knows the hash is a “document,” they can’t determine its contents
- Two files that differ by a single byte produce completely different hashes — there’s no “close match” analysis
Practical Example
Consider you timestamp a confidential contract. The blockchain records:
Hash: a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434aAn observer on the blockchain sees a 64-character hex string. They cannot determine:
- What type of file produced this hash
- How large the original file was
- Who the parties in the contract are
- What language the document is in
- Literally anything about the file’s contents
Filename Privacy
Filenames are transmitted to TimeProof for display in your dashboard (so you can identify your timestamps). However:
- Filenames are not stored on the blockchain — only the hash is
- You can use any filename — rename your file before timestamping if you want additional privacy
- Filenames are visible only to you (and your organization members, if applicable)
- Filenames appear on your certificates — but you control who sees those
If you’re timestamping sensitive documents and want to minimize metadata, you can rename files to generic names like document-001.pdf before hashing.
Blockchain Transparency
The Polygon blockchain is public. Anyone can see:
- That a transaction was submitted by TimeProof’s anchor wallet
- The hash or Merkle root that was anchored
- When the anchoring occurred (block timestamp)
They cannot see:
- Which user requested the timestamp
- The filename or file size
- The file contents
- Whether the hash represents one file or many (Merkle root batches)
The connection between a blockchain transaction and a specific user exists only in TimeProof’s database — it’s not on-chain.
Identity Verification Privacy
If you complete identity verification (for Legal-Grade packages):
| Data | Handled By | Stored By TimeProof? |
|---|---|---|
| Identity documents (passport, ID) | Stripe Identity | No — processed and stored by Stripe |
| Verification result (pass/fail) | Stripe → TimeProof | Yes — status only |
| Verification timestamp | Stripe → TimeProof | Yes |
| Identity hash (for JWS) | Computed locally | Yes — hashed, not raw data |
TimeProof receives a verification status from Stripe — not your actual identity documents. Your passport scan, selfie, and personal details remain with Stripe, governed by Stripe’s privacy policy.
The JWS identity attestation contains a hash of your identity — not the identity itself. Third parties can verify the attestation is genuine without learning your personal details.
Zero-Knowledge Verification
TimeProof’s verification model is designed so that third parties can verify a timestamp without learning anything about the file:
- You provide the file to the verifier (if you choose to)
- The verifier computes the SHA-256 hash
- The verifier checks the hash against the blockchain
- Result: The file existed before the blockchain timestamp — verified without TimeProof’s involvement
TimeProof doesn’t participate in verification. The verifier needs only the file and access to the public blockchain.
Cookies and Tracking
| Technology | Used? | Purpose |
|---|---|---|
| Session cookie | Yes | Authentication (HTTP-only, secure) |
| Tracking cookies | No | Not used |
| Analytics | Minimal | Basic usage metrics, no cross-site tracking |
| Advertising | No | No ads, no ad tracking |
| Third-party trackers | No | Not embedded |
The session cookie is functional — it keeps you signed in. It’s HTTP-only (JavaScript can’t read it) and secure (only sent over HTTPS in production).
Your Privacy Summary
| Concern | Answer |
|---|---|
| Can TimeProof see my files? | No — never transmitted |
| Can the blockchain reveal my files? | No — hash is one-way |
| Can TimeProof link me to a blockchain transaction? | Yes — in our database (not on-chain) |
| Can a blockchain observer identify me? | No — your identity isn’t on-chain |
| Can I use TimeProof anonymously? | Yes — only a wallet address is required |
| Is my email required? | No — it’s optional, for notifications |
| Does TimeProof sell data? | No |
Related Guides
- Security Architecture — how the system is technically secured
- Data Retention Policy — what’s stored and for how long
- File Size Limits — how client-side hashing works
- What Happens If TimeProof Goes Down? — service continuity
Use the live product for timestamping and verification.
The company site owns the technical reference. The app handles runtime workflows.