Privacy Policy

Human-Friendly Summary

CHECKHC is a hybrid Web3 service. We help you certify your digital creations using blockchain technology. Here's what you need to know:

• Some data is private: Your contact information and support queries stay with us and can be deleted.
• Some data is public by design: When you create a certificate, it's recorded on the Solana blockchain. This is public, permanent, and cannot be deleted by anyone.
• Your files have two options:
  • Permanent Storage (Irys/Arweave): Cannot be deleted - for maximum permanence
  • Flexible Storage (Pinata/IPFS): Can be deleted - designed for GDPR compliance
• You own your certificates: NFTs are minted directly to your wallet. We never control them.

Introduction

At CHECKHC, we are committed to protecting your privacy while providing transparent blockchain-based certification services. This policy explains how we handle your information in our hybrid Web2/Web3 environment.

CHECKHC combines traditional web services with decentralized blockchain technology to create immutable proofs of authenticity for your digital assets.

What Information We Handle (And Where It Lives)

Your Personal Data (What We Control)

This is traditional data that we collect and control on our servers:

• Contact email addresses (for support and communication)
• Support queries and correspondence
• Website analytics and usage patterns
• Technical information about your device and browser
• IP addresses and access logs

This data can be modified or deleted upon your request.

On-Chain Data (Public & Permanent)

When you create a certificate, certain information is recorded on the Solana blockchain:

• Your wallet address (pseudonymous identifier)
• Transaction hashes and timestamps
• NFT metadata (title, description, file hash)
• Certification records and proof data

Important: This information is public by design and cannot be deleted by anyone, including us. It is permanently recorded on the Solana blockchain and visible to anyone who knows your wallet address.

Off-Chain Data (Your Digital Assets)

Your actual files (images, documents) are stored using one of two options you choose based on your privacy and permanence needs:

Permanent Storage (Irys/Arweave)

Files are stored permanently and cannot be deleted by anyone. This creates true digital immortality for your content. Choose this option when you want maximum permanence and don't require the ability to delete your files.

Flexible Storage (Pinata/IPFS) - GDPR Compliant Option

This option is specifically designed to help users comply with data privacy regulations like GDPR. Files can be deleted upon your request, allowing you to exercise your right to erasure for the underlying personal data (your file). When you delete a file from this storage:

• The actual file content is permanently removed from IPFS
• The link between your certificate and the file is broken
• The on-chain certificate record on Solana remains (as it contains no personal data, only metadata)

This option provides the best balance between blockchain certification benefits and privacy compliance requirements.

How We Use Your Information

We use your information to:

• Process and certify your digital assets
• Create and mint NFT certificates directly to your wallet
• Provide customer support and technical assistance
• Analyze our forensic algorithms and improve certification accuracy
• Maintain and improve our platform
• Comply with legal obligations
• Communicate with you about service updates

Data Security

We implement comprehensive security measures:

• End-to-end encryption for data transmission
• Secure storage with encryption at rest
• Regular security audits and assessments
• Access controls and multi-factor authentication
• Secure API endpoints and rate limiting

Your Wallet Security: NFT certificates are minted directly to your wallet. We never hold or control your private keys. You maintain sovereign ownership of your certificates.

Your Rights in a Web3 World

Under GDPR and applicable privacy laws, you have the right to:

• Access your personal data
• Request correction of inaccurate data
• Object to processing of your data
• Request data portability
• Withdraw consent where applicable

Your Right to Deletion (And Its Limits on the Blockchain)

Your deletion rights depend on where your data lives:

What We Can Delete

• Personal data we control (emails, support queries, analytics)
• Files stored via our Flexible Storage option (Pinata/IPFS)

What Cannot Be Deleted (By Design)

• Transaction records on Solana blockchain (permanent and immutable)
• NFT certificates in your wallet (you own them, we cannot access them)
• Files stored via Permanent Storage option (Irys/Arweave)

GDPR Compliance: If you choose our Flexible Storage option, you can request complete deletion of your file content while maintaining the blockchain certificate. This satisfies GDPR requirements as the on-chain record contains no personal data, only cryptographic hashes and metadata.

This hybrid approach gives you the choice between maximum permanence or privacy compliance, depending on your specific needs.

Third-Party Services

We work with trusted blockchain and storage providers:

• Solana: Public blockchain for transaction recording
• Irys/Arweave: Permanent decentralized storage
• Pinata/IPFS: Flexible decentralized storage
• GoatCounter: Privacy-focused analytics (no cookies)

Contact Us

For privacy-related questions or to exercise your rights, contact us at:

Email: privacy@checkhc.net

General contact: contact@checkhc.net

Updates to This Policy

We may update this privacy policy to reflect changes in our practices or legal requirements. The latest version will always be available on our website.

Last updated: August 31, 2025