Privacy Policy
Effective date: 30 June 2026. XSeal is operated by Website Holding.
XSeal is built so that your documents stay yours. This policy explains exactly what we collect, what we never collect, and the rights you have over your data.
What we never collect
We do not receive, transmit, or store the contents of the files you seal. When you seal a file, its SHA-256 hash is computed and only that digest leaves your browser. The bytes of your document are never sent to or held by XSeal.
What we store
- Seal records: the SHA-256 hash, the file name and size you provide, the UTC timestamp, and the Seal ID and signature.
- Account data: your email address and a securely hashed password, if you create an account to keep a seal history.
- Operational logs: minimal request logs used to keep the service secure and reliable.
- Support messages: if you use the contact form, the name, email, topic and message you send, so we can reply.
Data retention
Seal records and account data are kept for as long as your account is active, so your seal history stays verifiable; you can delete individual seals at any time, and closing your account removes your account data. Support messages are kept while we handle your request and for a reasonable period afterwards. Operational logs are rotated on a short cycle. We keep only the minimum needed to run the service and meet our legal obligations.
Third-party processors
We share data only with the processors that help us run XSeal:
- Website Holding — our operator and merchant of record, which handles accounts, billing and support.
- Cloud hosting (Amazon Web Services) — the application and database run on AWS infrastructure in the EU.
- Payment processing — card payments are handled by Website Holding's payment provider; we never see or store full card numbers.
Cookies
We use a single, strictly necessary session cookie to keep you logged in. We do not use advertising or third-party tracking cookies.
Payments
Paid plans are billed by Website Holding as merchant of record. Card details are handled by the payment processor and are never stored by XSeal.
Your rights
Under the GDPR you can request access to, correction of, or deletion of your account data and seal history. You can delete individual seals from your dashboard at any time, or contact us to close your account.
Contact
Questions about privacy? Reach us via the contact page and we will respond promptly.