Privacy Policy

Last updated: March 2025

Kernel of Truth is built on a simple principle: your content is yours. We never see it, store it, or transmit it. This policy explains what we do collect and why.

What we collect

Account information

When you register, we collect your name, email address, and a hashed password. Your name is public and appears alongside your claims. Your email is never shown publicly. We use it only to send account-related messages such as password resets or security alerts.

Profile information (optional)

You may optionally add a bio, website URL, Twitter/X handle, Mastodon handle, and a profile avatar. Any field you fill in is visible on your public profile page. You can remove or change this information at any time from your profile settings.

Claim metadata

When you register a claim, we store:

  • The SHA-256 hash of your content (not the content itself)
  • A title and optional description you provide
  • The content type you select (text, document, image, or other)
  • The timestamp when the claim was submitted
  • Your user ID, which links the claim to your account

Your original content is never transmitted to our servers. Hashing happens entirely in your browser before anything is sent.

Technical logs

Our web server logs standard access information including IP addresses, request paths, and user agents. These logs are used for debugging, rate limiting, and security monitoring. We retain them for up to 30 days and do not share them with third parties except as required by law.

Login history

We record a short history of your sign-in events, including approximate IP address, browser type, and authentication method. This is visible to you in your account settings and helps you detect unauthorized access.

What we do not collect

  • The content of your files, text, or documents
  • Tracking cookies or advertising identifiers
  • Data from third-party analytics platforms
  • Payment information (we do not charge for the service)

How we use your data

We use the information we collect to:

  • Operate and maintain your account
  • Display your public profile and claims
  • Send transactional emails (password resets, security alerts)
  • Enforce rate limits and prevent abuse
  • Generate aggregate, non-identifying platform statistics

We do not sell your data. We do not use it for advertising. We do not share it with third parties except where required by law or to operate the service (for example, our hosting provider processes web traffic).

Claim permanence and deletion

Claims are designed to be permanent records. Once submitted, a claim cannot be altered or deleted, because the value of a provenance record depends on its immutability. You can request that your account be deactivated, which will hide your profile and claims from public view, but the underlying records are retained in our database to preserve the integrity of the timestamp chain.

If you need a claim removed for legal reasons (such as a valid DMCA takedown or court order), contact us and we will review the request.

Cookies and sessions

We use a single session cookie to keep you signed in. It contains only a session identifier and no personal information. We do not use third-party cookies.

Data retention

  • Account data is retained for as long as your account exists
  • Claim records are retained indefinitely (see permanence above)
  • Access logs are retained for up to 30 days
  • Login history is retained for up to 90 days

Security

Passwords are stored as bcrypt hashes. API keys are stored as SHA-256 hashes. We use HTTPS for all connections. We support two-factor authentication and passkeys for additional account security.

Children

This service is not directed at children under 13. We do not knowingly collect personal information from anyone under 13. If you believe we have inadvertently collected such information, contact us and we will delete it.

Changes to this policy

We may update this policy from time to time. Material changes will be noted at the top of this page with a revised date. Continued use of the service after changes are posted constitutes acceptance of the updated policy.

Contact

Questions about this policy? Email us at [email protected].