Overview/Privacy Policy

Privacy Policy

Last updated: January 1, 2026 · Version 1.0

1. Overview

This Privacy Policy describes how From The Hart Trading LLC (“we,” “us,” or “Company”) collects, uses, and safeguards information in connection with the Doc Intelligence Engine (“Service”) available at docs.unykorn.org. By using the Service you acknowledge this policy.

2. Information We Collect

2.1 Agreement Session Data

When you generate an agreement session, the following is stored in Cloudflare KV (a globally-distributed edge key–value store) for the duration of the session TTL:

  • A randomly generated session_id (no personal information)
  • A SHA-256 hash of the canonical agreement payload (not the plaintext)
  • Agreement metadata fields: type, governance tier, jurisdiction, expiry settings
  • OTP verification state (OTP is stored only as a hashed value; the plaintext is never persisted)
  • Ed25519-signed certificate data if a signing ceremony is completed
  • IPFS CID if the certificate is anchored to the distributed ledger

2.2 Party Names and Titles

Names and entity identifiers entered into the agreement form are included in the canonical payload and its derived hash. We do not independently validate, cross-reference, or share these identifiers.

2.3 OTP Delivery

In production mode (PROD=true), a one-time password may be delivered via third-party communication channels. We do not store OTPs in plaintext; only a salted SHA-256 hash with a 300-second TTL is retained.

2.4 Verification Tool

Certificate verification performed via the Verify Certificate tool is entirely client-side. Certificate files you upload are never transmitted to our servers; all hash and signature computations occur in your browser’s JavaScript engine.

2.5 Log Data

Cloudflare may log edge request data (IP address, user agent, timestamp) as part of its infrastructure operations. Refer to Cloudflare’s Privacy Policy for details.

3. Use of Information

Data we collect is used solely to:

  • Facilitate secure, cryptographically-verifiable agreement signing ceremonies
  • Detect tampering or unauthorized session access
  • Provide IPFS-anchored audit trails for compliance purposes
  • Improve the reliability and security of the Service

We do not sell, rent, or share session data with third parties for advertising or marketing purposes.

4. Data Retention

  • Sessions: Expire per the TTL specified at session creation (default: 24 hours).
  • OTPs: Hard-coded 300-second TTL in Cloudflare KV; automatically purged.
  • Signed Certificates: Retained indefinitely for audit trail integrity unless deletion is explicitly requested.
  • IPFS Records: IPFS content is immutable by design; CID records stored in KV are retained indefinitely.
  • System Keys: Ed25519 signing key pair is stored permanently in Cloudflare KV; rotation requires explicit administrator action.

5. Security

The Service employs multiple security controls including Ed25519 asymmetric cryptography, RFC 8785 deterministic JSON canonicalization, SHA-256 integrity hashing, rate-limited OTP verification (max 5 attempts), timing-safe comparisons, and strict CORS whitelisting. Cloudflare Workers operate in isolated V8 environments. No certificate plaintext or private key material is transmitted to clients.

6. Your Rights

You may request deletion of session data associated with a known session_id by contacting us at the address below. Note that IPFS-anchored records are immutable and cannot be deleted.

7. Children

The Service is not directed to individuals under 18 years of age. We do not knowingly collect data from minors.

8. Changes to This Policy

We may update this Privacy Policy. Material changes will be reflected in the “Last updated” date above. Continued use of the Service constitutes acceptance.

9. Contact

Questions or deletion requests: From The Hart Trading LLC, docs.unykorn.org. For legal inquiries, reference the applicable jurisdiction stated in your agreement.

Terms of Service → Compliance Disclosures → Back to Overview