Privacy Policy

We store: hash, timestamp, status, Merkle-proof. No content.

We collect minimal data: account info (email/phone for verification), consent metadata (hash, timestamp, status, involved parties), technical logs (IP address, device type, app version), Merkle-proof for verification. We NEVER collect the content of your consent.

We use data for: consent verification, providing technical proof, detecting abuse, improving service, fulfilling legal obligations. All your data is end-to-end encrypted. Server has no access to private keys or consent details.

We do NOT share your data with third parties. Exceptions: legal obligation (court order), security threats (T&S review), business transfer (with same privacy guarantees). Never for marketing, advertising or data-selling.

Legal basis: consent (GDPR Art. 6.1.a), legitimate interest (service improvement, security), legal obligation (compliance, law enforcement).

Everything encrypted (AES-256, E2EE). Append-only database (WORM principle). No access to private keys. Regular security audits. 2FA mandatory for accounts. SOC 2 Type II compliant (in progress).

We use minimal cookies: session cookies (required for login), analytics cookies (opt-in, anonymous). No tracking cookies, no third-party advertising cookies.

Data is stored in EU datacenters (Amsterdam, Frankfurt). No transfer to countries outside EU/EEA. GDPR compliant. For international users: same privacy guarantees.

Blurline is not for persons under 16 years. We do not knowingly collect data from children. Upon discovery: immediate deletion of account and data.

Your rights under GDPR: access (request all data), rectification (modify data), erasure (right to be forgotten), restriction (pause data processing), portability (data portability), object (against processing). Email privacy@blurline.nl

Retention: consent events 7 years (legal obligation), evidence files 2 years, technical logs 30-90 days, accounts after deletion: 30 days grace period. After retention: permanent deletion.

We may update this policy. For material changes: email notification 30 days in advance. Last update date at top of document. By using after changes you accept new policy.

Privacy questions? Email privacy@blurline.nl. Data Protection Officer: info@helolinks.com. Complaint with supervisor: Dutch DPA (autoriteitpersoonsgegevens.nl).