Privacy Policy

Last updated: January 2026

What We Store

SoulProp is designed with privacy at its core. Here's exactly what we store:

Encrypted blobs Your file, encrypted. We cannot read it — ever.
Fingerprints SHA-256 hash of the encrypted data. Reveals nothing.
Timestamps When you sealed, from an independent authority.
Key hashes We store a hash to verify your key, not the key itself.

What We Don't Store

Your decryption key Given to you once. We never keep a copy.
Your seal key Given to you at purchase. We only store a hash.
Your original file Only the encrypted version exists on our servers.
Card numbers Payments handled by Square. We never see them.

What We Don't Collect

We don't require accounts, emails, or personal information to use SoulProp. We don't track you across the web. We don't sell data. We don't use analytics that profile individual users.

Zero-Knowledge Design

Your files are encrypted client-side before upload using XChaCha20-Poly1305. The encryption key is derived from random data and given only to you. We cannot decrypt your files. Even if compelled by law enforcement, we can only provide encrypted data that is useless without your key.

Data Retention

Sealed files are retained indefinitely to preserve your timestamp proof. You may request deletion of your sealed files by providing your key file as proof of ownership.

Third Parties

Square: Processes payments. See Square's privacy policy.
FreeTSA: Provides RFC 3161 timestamps. Receives only file fingerprints, not files.
Infrastructure: Hosted on secure servers with encrypted storage.

Cookies

We use only essential cookies for basic functionality (like remembering your seal codes locally in your browser). No tracking cookies. No third-party cookies.

Key Ownership

Your key file is the sole proof of ownership. Whoever holds the key controls access to the sealed files. We cannot recover, reset, or reissue keys — by design. This ensures that ownership remains entirely in your hands, not ours. If you lose your key, the seal remains intact but inaccessible. Back it up accordingly.