Last updated: 11 December 2025

1. Privacy Policy

This Privacy Policy explains how TimeBinder (ABN 95783170741) (“we”, “us”, “our”) collects, uses, stores and protects your information. TimeBinder is a digital timestamping service that allows users to generate cryptographic hashes of files locally on their device and anchor those hashes to the Bitcoin blockchain. By using TimeBinder, you agree to this Privacy Policy.

2. Files and Data We Do Not Collect

TimeBinder does not upload, collect or store your original files. Your documents, images, videos or other files never leave your device. Only cryptographic hashes and optional text you provide are processed.

3. Personal Data We Collect

We collect only the minimum data necessary to operate the service:

• Account information: email address, name (if provided), authentication details
• TimeBind metadata: file hash values, Merkle root, TimeBind reference data, blockchain transaction identifiers, TimeBind status
• Optional fields: reference or description text you choose to enter
• Billing information: processed securely by Stripe; we do not store credit card numbers
• Technical data: IP address, browser type, device information, security logs, essential cookies

4. How We Use Your Data

We process personal data for the following purposes:

• providing TimeBind services and generating Certificates
• managing accounts and authentication
• processing payments through Stripe
• enabling verification functions
• securing, maintaining and improving the platform
• complying with legal obligations
• communicating with you when necessary

5. Lawful Bases for Processing (GDPR Article 6)

We rely on the following lawful bases:

• Contractual necessity – creating your account, performing TimeBinds, generating Certificates, processing payments
• Legitimate interests – platform security, fraud prevention, service improvement, troubleshooting
• Consent – optional reference or description fields, and marketing communications if you opt in
• Legal obligations – tax, audit, regulatory and fraud-prevention requirements

6. Cookies

TimeBinder uses only the cookies that are strictly necessary for the operation of the website and platform, including authentication cookies, security cookies and preference cookies. These cookies do not require consent under the EU ePrivacy Directive.

If we introduce any non-essential cookies in the future, such as analytics, marketing or personalisation technologies, these will only be activated after you have provided explicit consent through a cookie banner. You will be able to reject non-essential cookies and change or withdraw your consent at any time. We do not use advertising cookies, tracking cookies or third-party marketing pixels.

6.1 Legal Basis for Cookies

Strictly necessary cookies are processed under our legitimate interests in providing a secure and functioning service. All other cookies, if introduced, will only be processed based on your explicit consent, in accordance with Article 6(1)(a) GDPR and the ePrivacy Directive.

6.2 Cookie Control

You can manage or delete cookies within your browser settings. If non-essential cookies are introduced in the future, you will be presented with a consent banner providing options to accept, reject or customise your cookie preferences. Consent may be withdrawn at any time without affecting the lawfulness of processing prior to withdrawal.

6.3 Cookie Consent Records

If we deploy a cookie consent banner, TimeBinder will securely store a record of your consent status for compliance purposes. These records contain no identifiable information beyond the consent preference itself.

6.4 Third-Party Scripts

No third-party analytics or tracking tools are activated unless they are essential to the security or functionality of the service. If any future functionality introduces optional scripts, they will only load after explicit consent is provided.

7. Blockchain Data and Public Permanence

For ASAP TimeBinds, the Merkle root hash is published on the Bitcoin blockchain and cannot be altered or removed. Hashes do not reveal file contents.
For Pooled TimeBinds, only the combined top-level hash is publicly stored.

8. Pooled TimeBind Verification Dependence

Verification of Pooled TimeBinds requires TimeBinder to maintain Merkle inclusion proofs. Independent verification may not be possible if you delete your account or if TimeBinder ceases operations.

9. International Transfers and Safeguards

We may transfer personal data outside Australia and the European Economic Area (EEA). When doing so, we apply safeguards such as:

• European Commission adequacy decisions
• Standard Contractual Clauses (SCCs)
• encryption in transit and at rest
• strict access controls

You may request details of these safeguards by contacting support@timebinder.io.

10. Data Retention

We retain personal data only as long as necessary for the purposes described:

• Account data – retained until your account is deleted or you request removal
• Billing records – retained for up to 7 years to comply with legal obligations
• Technical logs – retained for 90–365 days for security and troubleshooting
• TimeBind metadata – retained as long as needed to support verification or legal requirements

Blockchain entries cannot be deleted.

11. Security Measures

We implement technical and organisational measures including encryption, access controls, private blockchain nodes, server hardening and intrusion monitoring. No online service is entirely secure, and you should maintain secure copies of your original files and Certificates.

12. User Rights (GDPR/UK GDPR)

If you are located in the EU or UK, you have the right to:

• access your personal data
• correct inaccurate data
• request deletion (“right to erasure”)
• restrict or object to processing
• request data portability
• withdraw consent at any time
• lodge a complaint with your supervisory authority

13. How to Exercise Your Rights

You may exercise your rights by contacting support@timebinder.io. We respond within 30 days or sooner where legally required. Identity verification may be required. Some data (such as billing records and blockchain data) cannot be deleted where retention is mandatory or technically impossible.

14. Data Breach Notification

We maintain procedures to detect and assess personal data breaches. If a breach is likely to result in a risk to your rights or freedoms, we will notify the appropriate supervisory authority within 72 hours and, where required, notify affected individuals without undue delay.

15. Automated Decision-Making

TimeBinder does not use automated decision-making or profiling that produces legal or significant effects on users.

16. Children’s Privacy

TimeBinder is not intended for individuals under 18 years of age. We do not knowingly collect personal data from minors.

17. Third-Party Processors

We use reputable service providers to operate TimeBinder, including:

• Stripe for payment processing
• email delivery services for login links
• secure cloud infrastructure providers
All third-party processors operate under confidentiality and data-protection agreements.

18. Sharing of Data

We do not sell your data. We may share information only with:

• service providers acting on our behalf
• payment processors
• legal authorities when required
• entities involved in a business sale or reorganisation
• others when you explicitly consent

19. Account Deletion

You may delete your account at any time by contacting support@timebinder.io. Upon deletion, personal data will be erased where legally permitted. Billing records and blockchain information cannot be removed.

20. Changes to This Policy

We may update this Privacy Policy periodically. Updates will be posted on this page with a new “last updated” date. Continued use of TimeBinder after changes indicates acceptance of the updated Policy.

21. Contact Us

For privacy-related questions or requests, contact:

Email: support@timebinder.io
Website: https://timebinder.io