Privacy Policy

Effective date: 29 March 2026
Last updated: 29 March 2026

This Privacy Policy explains how EviWrite ("EviWrite", "we", "us", or "our") handles personal data, technical data, and evidential records in connection with the EviWrite website, public materials, verification surfaces, authorised service relationships, and related operations.

This page is written to make the data position clear. In EviWrite’s case, that requires stating not only what we do process, but also what we generally do not process.

1. What EviWrite is

EviWrite operates as an independent evidential and verification layer for digital records.

It is not positioned as a general consumer file-hosting platform and does not treat broad content retention or mass personal-data collection as its default operating model.

That distinction matters because privacy analysis should begin with what a service actually does, not what people assume software usually does.

2. EviWrite’s general data posture

EviWrite is designed to operate on a narrower data basis than systems whose primary function is storing or publishing underlying customer content.

In general terms, EviWrite’s role focuses on things such as:

• hashes, fingerprints, and other evidential representations;
• timestamps and chain-related anchoring data;
• receipt records and verification states;
• limited metadata relevant to evidential records;
• audit, integrity, and service-operation logs;
• authorised account, partner, or institutional service information where needed.

EviWrite does not generally position itself as storing the full file contents of users’ works as a standard public-service model.

3. Information EviWrite may process

Depending on context, EviWrite may process information such as:

3.1 Public website and technical use data

When someone visits the public website, EviWrite may process technical information such as:

• IP address;
• request headers and browser information;
• device or connection characteristics;
• page requests and route usage;
• referrer information;
• timestamps;
• security, rate-limiting, and abuse-prevention signals;
• infrastructure and access logs.

This is used to operate, secure, and protect the site and its public services.

3.2 Contact and communications data

If someone contacts EviWrite, we may process:

• name;
• email address;
• organisation;
• message content;
• related correspondence;
• any other information voluntarily included in the enquiry.

3.3 Authorised institutional and partner information

Where authorised institutions, licensees, or approved third parties interact with EviWrite, we may process limited information relevant to:

• account administration;
• service delivery;
• relationship management;
• integration and operational support;
• audit and security;
• receipt or verification administration.

3.4 Evidential and operational record data

EviWrite may process evidential and operational data such as:

• hashes or fingerprints;
• timestamps;
• receipt IDs and proof-related records;
• blockchain anchoring and status data;
• verification states;
• limited metadata supplied through authorised channels;
• internal operational logs relevant to service integrity and auditability.

4. Information EviWrite generally does not seek to hold

As part of its operating model, EviWrite generally does not seek to become the main repository for:

• full underlying file contents of customer works as a routine public-service function;
• broad consumer profiles;
• unnecessary behavioural tracking data;
• large collections of unrelated personal data;
• marketing-style identity enrichment.

That does not mean zero personal data can ever arise. It means EviWrite is designed to keep its role bounded.

5. Source of information

EviWrite may obtain information:

• directly from public visitors or people who contact us;
• from authorised institutions, licensees, or approved third parties;
• from service-operation, security, and infrastructure events;
• from public verification interactions;
• from supporting providers used to operate EviWrite systems.

In many cases, EviWrite receives evidential records or related data through authorised channels rather than directly from every underlying end user.

6. Why EviWrite processes information

EviWrite may process information for purposes including:

• operating the public website;
• protecting the security and availability of the site;
• rate limiting, abuse prevention, and threat detection;
• delivering evidential, anchoring, receipt, and verification functions;
• administering authorised institutional or partner relationships;
• maintaining auditability, integrity, and service logs;
• responding to enquiries;
• complying with legal obligations;
• establishing, exercising, or defending legal claims;
• protecting EviWrite, its users, partners, and systems.

7. Cookies and related technologies

EviWrite’s public site is designed to minimise unnecessary cookie dependence.

As a general rule:

• ordinary public reading does not require non-essential cookies set by EviWrite;
• cookies may be used in narrower ways where authorised users log in to restricted-access areas;
• EviWrite may still use non-cookie technical controls such as IP-based rate limiting, request analysis, and abuse-prevention mechanisms.

For more detail, see the Cookie Policy.

8. Verification, rate limiting, and abuse prevention

Certain public functions, especially verification-related routes, may be protected using technical measures that rely on IP address and other request characteristics.

This may include:

• rate limiting;
• traffic analysis;
• suspicious-pattern detection;
• bot and abuse prevention;
• protective access controls;
• logging relevant to service integrity.

These controls exist because public trust surfaces are attractive targets for misuse, scraping, distortion, and interference.

9. Legal basis

Depending on context and applicable law, EviWrite may process information where necessary for one or more of the following reasons:

• to perform a contract or take steps related to a contract;
• to comply with a legal obligation;
• for legitimate interests in operating, protecting, and improving EviWrite services and public surfaces;
• where consent is specifically required and obtained;
• to establish, exercise, or defend legal rights.

The applicable basis may vary by context.

10. Disclosure of information

EviWrite may disclose information where appropriate to:

• authorised service providers and infrastructure providers supporting the operation of EviWrite;
• professional advisers;
• authorised institutions or partners where relevant to the applicable workflow;
• regulators, courts, law-enforcement bodies, or public authorities where required by law or where EviWrite reasonably considers disclosure necessary and lawful;
• counterparties involved in the protection of EviWrite’s legal rights or service integrity.

EviWrite does not sell personal data to advertisers.

11. Government and disclosure requests

If EviWrite receives a request for access, preservation, or disclosure from a public authority, court, regulator, or similar body, EviWrite may review the validity, scope, and relevance of that request before responding.

A separate public page explains EviWrite’s general approach to such requests.

12. Supporting providers and infrastructure

EviWrite may use third-party providers for functions such as hosting, storage, content delivery, communications, security, or other operational support.

Where such providers process data on EviWrite’s behalf or in support of EviWrite’s services, EviWrite aims to use them in a way consistent with its service model and legal obligations.

A separate public page may identify categories of subprocessors or supporting providers at a higher level.

13. Data retention

EviWrite retains information only for as long as reasonably necessary for the relevant purpose, including for example:

• operating and securing the service;
• maintaining evidential, receipt, verification, and audit records;
• meeting legal, regulatory, tax, accounting, contractual, or dispute-related obligations;
• preserving records relevant to legal claims or investigations.

Different categories of data may be retained for different periods.

14. Security

EviWrite uses technical and organisational measures intended to protect the integrity, confidentiality, and availability of the data it processes.

No system can promise absolute security. What matters is whether the service is designed and operated with seriousness. EviWrite aims to be.

15. International aspects

Depending on the infrastructure and providers used, data may be processed in more than one jurisdiction.

Where that occurs, EviWrite aims to manage such processing in a manner consistent with its legal obligations and operational model.

16. Your rights

Depending on the law that applies, you may have rights relating to personal data, such as rights to:

• request access;
• request correction;
• request deletion in some circumstances;
• object to certain processing;
• request restriction;
• request portability where applicable;
• withdraw consent where processing depends on consent;
• complain to a supervisory authority.

These rights are not absolute and may depend on the nature of the data, the role EviWrite is performing, and the applicable legal framework.

17. Children

EviWrite’s public site and services are not directed to children as a general audience. EviWrite does not knowingly seek to collect broad personal data from children through its public site.

18. External links and third-party sites

EviWrite public pages may link to third-party websites or services. EviWrite is not responsible for the privacy practices of those external sites.

19. Changes to this Policy

EviWrite may update this Privacy Policy from time to time to reflect changes in law, infrastructure, service design, public pages, or operational posture.

20. Contact

For privacy-related enquiries, contact:

contact@eviwrite.com

Final point

EviWrite’s privacy posture is built on a simple idea: a service should not collect more just because it can, and a serious evidential system should be clear about the difference between underlying content, evidential representation, and public meaning.