मुख्य सामग्री पर जाएँ

Legal

गोपनीयता और डेटा सुरक्षा

अंतिम अपडेट: 27 मई 2026

सामग्री

  1. 1. Data controller
  2. 2. What data we collect
  3. 3. How we use your data
  4. 4. Legal bases
  5. 5. Who we share data with
  6. 6. International transfers
  7. 7. How long we retain your data
  8. 8. Your rights
  9. 9. Cookies and similar technologies
  10. 10. Data security
  11. 11. Confidentiality and internal access
  12. 12. Minors
  13. 13. Changes to this policy
  14. 14. Contact

At SecureStamp we take the privacy of our users very seriously. This policy describes how we collect, use, protect and share personal information when using the service available at securestamp.online.

1. Data controller

The data controller for personal data processing is:

Entity: SecureStamp

Contact: privacy@securestamp.online

Address: Ciudad Autónoma de Buenos Aires, Argentina

2. What data we collect

2.1 Data you provide directly

  • Account: name (optional), email address, password (hashed, never stored in plain text)
  • Billing: name, billing email. Credit card data is processed directly by Stripe and never stored on our servers
  • Domains: domains you register for verification, along with their public DNS records
  • Official channels: phones, handles, bots, links, domains and channels you declare for Signal or for your organization’s trust perimeter
  • Counterparties and policies: data you load into features such as VendorShield, including counterparty names, domains, emails, declared rules and monetary instructions represented as fingerprints or masks where applicable
  • Contact: name, company and message when filling out the Enterprise inquiry form
  • Waitlist: email and optional name for plugins under development

2.2 Automatically generated data

  • IP address (anonymized for analytics)
  • Browser type and operating system
  • Access date and time
  • Emails or domains verified through the plugin (only the sender’s domain/email address, never the email content)
  • Signal queries for channels, links, numbers or handles (only the normalized value or fingerprint needed to verify official-perimeter membership)
  • Action trust checks, receipts, verdicts and audit events needed to show history, evidence and service reports
  • Number of verifications performed

2.3 What we do NOT collect

  • The content, subject, attachments or body of your emails
  • Your email passwords or access to third-party accounts
  • Biometric data or sensitive information as defined by law

2.4 Chrome Extension for Gmail

The SecureStamp browser extension for Gmail (Chrome Web Store, ID libceamdlacklkcnedklmhcjeeffmnao) verifies sender authenticity and, optionally, lets you send signed or end-to-end-encrypted emails. The following describes, permission by permission, what data it collects, how it manages and stores it, and with whom it is shared. No section is omitted.

Browser permissions and why we request them

  • storage Preferences and minimal local state. Saves your preferences, usage counters and the last trust stamp shown. It never contains email content.
  • unlimitedStorage Private cryptographic key (Confidential Mail). Durably stores your private cryptographic key (a non-extractable CryptoKey kept in IndexedDB) required to read your end-to-end encrypted emails. This permission prevents the browser from evicting the key under storage pressure; if it were lost, you could no longer decrypt your emails. We do not store bulk data or email content — only the key and minimal metadata. The key never leaves your device and is never transmitted to our servers.
  • notifications Security alerts. Shows a notification when a blocked or high-risk sender is detected, warning you of a possible phishing attempt.
  • identity Google OAuth token. Uses chrome.identity to obtain a Google OAuth access token to call the Gmail API with the scopes described below. The token is issued by Google, held in memory during the session, and is not stored on our servers.
  • Host permissions (mail.google.com, googleapis.com, securestamp.online) — inject the SecureStamp button and stamp into the Gmail interface and enable communication with the Gmail API and the SecureStamp API.

Gmail API permissions (OAuth scopes)

  • gmail.metadata Read headers only. Allows reading the From, To and Subject headers of the opened email: the sender to compute the trust score, and the full envelope (sender/recipients/subject) to verify the integrity of the ES256 notarial seal. This scope grants no access to the body or attachments of the email.
  • gmail.send Send only at your request. Allows sending signed or encrypted emails only when you explicitly request it (when using the signed-send / Confidential Mail feature). The extension never sends email automatically or without your action.

Data collected by the extension

  • Sender email and domain: read from the opened email (via gmail.metadata) to check whether the sender is authenticated and whether the domain holds an active trust stamp.
  • User email address: to associate verifications with your SecureStamp account when you are signed in.
  • Local verification state: a cache of recent results in chrome.storage.local (maximum 7-day TTL) to avoid repeated API calls.

Data the extension does NOT collect

  • The body, attachments or any other content of your emails (the Subject header is read only transiently to verify the notarial seal; it is never used for analytics or stored locally)
  • Your Google passwords or any other account passwords
  • Full mailbox history or Gmail labels
  • Data from other websites or browser tabs

How this data is managed and stored

  • Transmission: the extension sends only the sender email/domain to the SecureStamp API (https://securestamp.online/api) over HTTPS with TLS 1.3. Gmail API calls go directly to Google’s servers.
  • Server storage: verification records (sender email/domain, timestamp, trust result) are stored in AWS DynamoDB in the us-east-1 region, encrypted at rest with AES-256. Records are retained for 90 days in aggregated form and then permanently deleted.
  • Local storage: the result cache in chrome.storage.local (7-day TTL) and the private cryptographic key in IndexedDB reside exclusively on your device and are never transmitted to any server.
  • OAuth token: issued and managed by Google; held in memory during the session to call the Gmail API and not stored on our servers.

How this data is shared

  • Sender data is never sold or shared with third parties for advertising, marketing or any other purpose.
  • Data is only transmitted to SecureStamp servers (AWS us-east-1) solely to compute the sender trust score, and to Google’s Gmail API for the sender-read and signed-send operations you request.
  • SecureStamp’s use of information received from Google APIs adheres to the Chrome Web Store Limited Use policy, including its Limited Use requirements.

User controls

  • You can disable or uninstall the extension at any time from chrome://extensions. Uninstalling automatically removes all locally stored data (including the cryptographic key).
  • You can revoke the extension’s OAuth access from your Google Account security settings.
  • To request deletion of verification records stored on our servers, email privacy@securestamp.online.

2.5 Outlook Add-in (Office Add-in)

The SecureStamp add-in for Outlook (available on Microsoft AppSource and via manifest URL) operates with the ReadWriteItem Office API permission. Below is an exact description of what data is accessed in each mode.

Read mode — sender verification

  • Sender name and email address: read from the open message header (item.from). Sent to the SecureStamp API to compute the trust score.
  • Message internet headers: read via item.internetHeaders.getAsync() to detect the X-SecureStamp field, which indicates whether the sender digitally signed the email.
  • User email address: retrieved from the Office.js mailbox object to associate the verification with your SecureStamp account.

Compose mode — stamp insertion

  • The add-in writes an HTML identity block at the top of your outgoing email via item.body.prependAsync().
  • The add-in does NOT read the body of the email you are composing, nor does it transmit it to any server.
  • It does not access recipients (To, CC, BCC) in any mode.

What the add-in does NOT collect

  • The body, subject or attachments of emails you read or compose
  • Recipient lists (To, CC, BCC)
  • Previous emails, folders or calendar data
  • Office 365 credentials or Microsoft session tokens

How this data is managed and stored

  • Transmission: only the sender email and domain are sent to https://securestamp.online/api over HTTPS with TLS 1.3. The add-in loads its UI from https://securestamp.online/outlook/taskpane.html.
  • Server storage: identical to the Chrome extension — DynamoDB us-east-1, AES-256 encryption at rest, 90-day aggregated retention.
  • No local Office storage: the add-in does not use Office RoamingSettings or CustomProperties to store personal data.

How this data is shared

  • Data is never sold or shared with Microsoft or any third party for advertising or other purposes.
  • It is used solely on SecureStamp servers to compute the sender trust score.

User controls

  • The add-in can be uninstalled by the user from Outlook Settings → Add-ins, or by an IT administrator from the Microsoft 365 Admin Center.
  • To delete server-side records: privacy@securestamp.online.

2.6 On-device AI analysis and anonymous telemetry

The extensions include an AI classifier that runs locally on your device (an embedded WebAssembly model). The analysis of email content to detect phishing, scam, or spam signals happens entirely in your browser: the message body is never transmitted to SecureStamp or any server for that analysis.

Optionally, to improve model quality, the extension may send an anonymous, content-free report to /api/ml/report containing only: four numeric scores between 0 and 1 (scam, obscene, commercial, personal), the resulting risk level (safe / suspicious / dangerous), the message length as a number, the source client (gmail, outlook…), the locale, and the model version. No email text, phrases, subjects, addresses, or user identifiers are sent.

Likewise, product events sent to /api/events contain only the plan tier, the event name, and the risk level — never email addresses or sender data. The AI model is downloaded from /api/ml/model/latest and runs locally; SecureStamp never receives what the model analyzes.

3. How we use your data

  • Service delivery: verifying domains, official channels and counterparties; processing trust requests; issuing PostalStamps, Trust Receipts and Action Receipts
  • Account management: authentication, password recovery, plan administration
  • Billing: processing payments, sending invoices, managing subscriptions
  • Communications: service notifications, security alerts, plan updates
  • Security: fraud detection, abuse prevention, anomalous pattern analysis
  • Product improvement: aggregated and anonymized service usage analysis
  • Legal: compliance with legal obligations and requirements of competent authorities

We do not use personal data for third-party advertising and do not sell data to any third party.

4. Legal bases

  • Contract performance: data necessary to deliver the contracted service
  • Consent: marketing communications (you may withdraw consent at any time)
  • Legitimate interest: service security, fraud prevention, product improvement
  • Legal obligation: response to requirements from competent authorities

5. Who we share data with

5.1 Service providers

  • Amazon Web Services (AWS): cloud infrastructure, DynamoDB database, Cognito authentication, email sending (SES). Servers in us-east-1 region (Virginia, USA)
  • Stripe: payment processing. Payment data subject to Stripe’s privacy policy
  • Vercel: web application hosting

5.2 Legal disclosure

We may disclose information when required by law, court order or competent governmental authority, or when necessary to protect rights, property or safety of SecureStamp, its users or third parties.

5.3 Business transfer

In the event of a merger, acquisition or asset sale, data may be transferred to the acquirer, who will be required to comply with this policy or notify you before any material changes.

6. International transfers

Some of our providers process data outside Argentina (primarily in the USA). These transfers are carried out with adequate safeguards under applicable data protection law and under data processing agreements with each provider.

7. How long we retain your data

  • Active account data: while the account is active
  • Cancelled account data: 90 days after cancellation (to fulfill legal obligations), then permanent deletion
  • Verification records: 90 days in aggregated form, then deleted
  • Billing data: 10 years per Argentine tax obligations
  • Waitlist data: until the corresponding plugin launches or until you request deletion

8. Your rights

Under applicable data protection law, you have the right to:

  • Access: request what personal data we hold about you
  • Rectification: correct inaccurate or incomplete data
  • Erasure: request deletion of your data (“right to be forgotten”)
  • Portability: receive your data in a structured, machine-readable format
  • Objection: object to processing based on legitimate interest
  • Consent withdrawal: revoke consent given for specific uses

To exercise these rights, contact privacy@securestamp.online. We respond within a maximum of 30 business days.

9. Cookies and similar technologies

9.1 Strictly necessary cookies

We use session cookies for authentication and service operation. These cookies cannot be disabled without affecting site functionality.

9.2 Analytics cookies

We use first-party analytics (no Google Analytics) to understand how the service is used, in aggregated form without identifying individual users.

9.3 No advertising cookies

We do not use advertising cookies or third-party tracking for advertising purposes.

10. Data security

We implement technical and organizational measures to protect your data:

  • Encryption in transit (TLS 1.3) and at rest (AES-256)
  • Two-factor authentication available for all accounts
  • Internal access restricted by role (principle of least privilege)
  • Regular security audits
  • Anomaly monitoring and automatic alerts

In case of a security breach affecting your data, we will notify you within 72 hours of detection.

11. Confidentiality and internal access

Access to user personal data is restricted exclusively to staff and systems that need that information to deliver the service. All internal access is recorded in audit logs. SecureStamp staff is subject to confidentiality obligations and cannot access the content of user emails under any circumstances.

An organization’s data (domains, authorized senders, configuration) is confidential and is not shared with other users or organizations on the service.

Private Signal, VendorShield and Action Trust data —such as counterparties, declared channels, policies, monetary-instruction fingerprints, receipts and audit events— is used to deliver the service, show history and generate verifiable evidence. It is not used to assert fraudulent intent or certify the truth of message content.

Notarial records (seals and verification)

When a seal is issued, SecureStamp keeps a notarial record designed to minimize data: we never store the message body. The record contains a cryptographic hash of the envelope (headersHash = SHA-256 of sender, recipients, subject, and metadata), recipients stored as HMACs (not in clear), the sender domain, the trust score and level, and timestamps. It lets a third party verify origin and integrity without SecureStamp retaining the content.

SecureStamp Signal (channel trust)

In Signal we store only the normalized fingerprint of the queried channel (e.g. telegram:brand), never the content of the forwarded message. Each Trust Receipt is a signed, dated voucher.

Action Trust and VendorShield

For Action Trust and VendorShield, SecureStamp may store verdicts, safe next steps, receipt IDs, challenge states, declared counterparties and protected-operation metrics. Sensitive monetary instructions are compared using fingerprints and masks; they are not stored in plaintext unless an explicit encrypted feature is enabled for your organization.

Confidential Mail (end-to-end encryption)

For confidential email, content is encrypted on your device (E2EE). SecureStamp stores only public keys in the directory and minimal quota data; it cannot decrypt or read the content of confidential messages.

12. Minors

The service is not directed at children under 13. We do not intentionally collect data from minors. If we become aware that data has been collected from a minor without parental consent, we will delete it immediately.

13. Changes to this policy

We may update this policy periodically. Material changes will be notified by email at least 15 days in advance. The current policy will always be available at securestamp.online/hi/privacy.

14. Contact

Privacy & data: privacy@securestamp.online

Security: security@securestamp.online

Legal: legal@securestamp.online

गोपनीयता और डेटा सुरक्षा | SecureStamp