Privacy

Draft — under review. This privacy notice was written for the private beta and is pending legal counsel review. It describes our intended practices and is not yet a final, legally binding policy.

Kirk Ledger is built to hold proof, not your plaintext. Files are encrypted in your browser before they reach us, and we store ciphertext, integrity proofs, and routing metadata only.

Zero-knowledge posture

Encryption happens on your device before any bytes leave it, and the decryption key is never sent to us. Neither Kirk Ledger nor our infrastructure providers (Cloudflare, Railway, Neon) can read your file contents. A consequence of this design is that if you lose your key, we cannot recover your file — there is no Kirk Ledger-held copy of the plaintext.

What we collect

Ciphertext of your sealed files (stored in Cloudflare R2 via a browser-direct upload), content hashes and other integrity proofs, the content type (MIME) stored as cleartext metadata, envelope identifiers, your public wallet identifier, timestamps, and basic technical data such as IP address and login metadata. When KYC-gated onboarding is enabled, identity documents are processed by Sumsub, and we receive only a verification outcome.

Sub-processors

We use Cloudflare (web hosting and encrypted storage), Railway (API hosting), Neon (database), Upstash (cache), Sentry (error telemetry), Base RPC providers (anchoring), and Sumsub (KYC, when activated). Each is bound by a data processing agreement.

The on-chain anchor and your rights

To prove a sealed envelope has not been tampered with, we commit a hash of its integrity proof to the Base blockchain. This anchor is permanent and cannot be deleted, altered, or erased by anyone, including us. If you delete your account or exercise an erasure request, we delete your encrypted blobs and account data, but the on-chain anchor and its non-identifying proof records remain — they contain only a hash and a wallet identifier, not your plaintext or ciphertext.

You may have rights to access, correct, delete, or port your data under GDPR, CCPA/CPRA, and similar laws, subject to the anchor carve-out above and our legal retention obligations. Email dev@kirkledger.com with the subject [PRIVACY REQUEST].