← Back to App
// Legal Document
Privacy Policy
Effective Date: March 1, 2026 · Last Updated: March 12, 2026 · Version 1.0
SIGIL is built on one principle: your records belong to you, and only you. This Privacy Policy explains what information we collect, why we collect it, how it is stored, and the rights you hold over your data. We have written this document to be clear and readable — not to obscure what we do.
// 01
Who We Are

SIGIL is a secure legal evidence messaging application. We provide a platform for creating tamper-proof, cryptographically sealed records that can be used as evidence, legal documentation, or permanent communications.

SIGIL is operated by its creator and is currently in active development. For all privacy-related inquiries, contact information is provided at the end of this document.

// 02
Information We Collect

We collect only the minimum information necessary to provide the service. This falls into two categories:

Information you provide directly:

  • Your email address, used solely to create and authenticate your account via one-time passcode
  • The title, body, and classification of messages you compose and seal
  • Recipient email addresses you enter when sending sealed messages
  • Optional notes you add when delivering a sealed record

Information generated automatically:

  • A unique record identifier (SGN-XXXXXX) for each sealed message
  • A cryptographic hash generated at the moment of sealing
  • Timestamp of when the record was created
  • Record status (sealed or sent)
// 03
How We Use Your Information

Your information is used exclusively to operate SIGIL. Specifically:

  • Your email is used to authenticate you via a one-time passcode — we do not store passwords
  • Your sealed records are stored in your personal vault, accessible only to you
  • Recipient emails are used solely to deliver the sealed message you explicitly choose to send
  • Cryptographic hashes are used to verify the integrity and immutability of your records
We do not sell your data. We do not use your data for advertising. We do not share your data with third parties for any commercial purpose whatsoever.
// 04
Data Storage and Security

Your account and sealed records are stored using Supabase, a secure cloud database provider. All data is protected by row-level security — meaning your records are technically inaccessible to any other user on the platform, including us.

Authentication is handled entirely through Supabase's secure auth infrastructure using one-time passcodes. We do not store passwords at any point.

Outbound email delivery for sealed messages is handled through Resend, a transactional email provider. Message content is transmitted securely over HTTPS at all times.

Important note on message content: In the current version of SIGIL (v1.0), message bodies are stored as plain text in the database. Full AES-256 client-side encryption is being implemented and will be active in an upcoming release. Until then, treat your sealed records accordingly.
// 05
Data Retention

Your sealed records are retained indefinitely for as long as your account exists. This is by design — the tamper-proof nature of SIGIL depends on records not being silently deleted or altered over time.

If you close your account, you may request deletion of all associated data. Records that have already been delivered to recipients exist independently in those recipients' inboxes and are outside our control once sent.

// 06
Third-Party Services

SIGIL uses the following third-party services to operate. Each has their own privacy policy:

  • Supabase — Database and authentication infrastructure (supabase.com/privacy)
  • Resend — Transactional email delivery (resend.com/legal/privacy-policy)
  • Netlify — Web hosting and serverless functions (netlify.com/privacy)

These providers are bound by their own privacy policies and data processing agreements. We have selected providers with strong security and privacy practices.

// 07
Your Rights

You have the following rights over your personal data:

  • Access — You may request a full export of your data at any time
  • Correction — You may request correction of inaccurate account information
  • Deletion — You may request deletion of your account and all associated records
  • Portability — You may request your data in a portable format
  • Objection — You may object to any processing of your data beyond what is strictly necessary to operate the service

To exercise any of these rights, contact us using the information below. We will respond within 30 days.

// 08
Cookies and Tracking

SIGIL does not use advertising cookies or tracking pixels. The only cookies or local storage we use are those strictly necessary to maintain your authenticated session — specifically, Supabase's authentication tokens that keep you signed in.

We do not use Google Analytics or any third-party analytics platform. We do not track you across websites.

// 09
Children's Privacy

SIGIL is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from minors. If you believe a minor has created an account, please contact us immediately and we will delete the account and all associated data.

// 10
Changes to This Policy

We may update this Privacy Policy from time to time as SIGIL evolves. When we make material changes, we will update the "Last Updated" date at the top of this document and, where appropriate, notify users by email.

Your continued use of SIGIL after any change constitutes your acceptance of the updated policy. We encourage you to review this page periodically.

// Contact
Privacy Inquiries

For any questions, requests, or concerns regarding this Privacy Policy or your personal data, please contact us directly. We are committed to responding promptly and transparently.

Email: leidamargaretha.rosenbrook@gmail.com
Response time: Within 30 days