Privacy Policy | Sealayer

1. Introduction

Sealayer, operated by Bright Bytes Technology LLC ("we", "us", "our"), is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website and services at sealayer.io (the "Platform").

By using the Platform you agree to the collection and use of information in accordance with this policy.

2. Data Controller

The data controller for the Platform is:

Bright Bytes Technology LLC
Dubai, UAE
Email: info@sealayer.io

3. Information We Collect

3.1 Account Information

Name, email address, company name, and country when you create an account or contact us.

3.2 Documents You Upload

Documents you upload for verification or issuance are stored securely on AWS S3 (Mumbai region). We generate SHA-256 hashes of your documents and anchor them to the Polygon blockchain for tamper-proof verification. Documents may be processed using OCR (Optical Character Recognition) to extract text content for analysis. Original documents are retained only as long as necessary for the service.

3.3 Usage Data

IP address, browser type, pages visited, and interaction data collected automatically through cookies.

3.4 Payment Information

Billing details are processed securely through Stripe. We do not store credit card numbers on our servers.

4. How We Use Your Information

To provide, maintain, and improve our document verification and issuance services.
To process transactions and send related information such as confirmations and invoices.
To send administrative messages, security alerts, and support communications.
To respond to your enquiries, comments, or questions.
To monitor and analyse usage trends to improve user experience.
To detect, prevent, and address fraud, security issues, and technical problems.

We do not use your data for advertising purposes. We do not sell your data to third parties.

5. Legal Basis for Processing (GDPR)

We process your personal data on the following legal bases:

Contract: Processing is necessary for the performance of our contract with you to provide the Services.
Legitimate interests: Processing is necessary for our legitimate interests, such as improving our platform, preventing fraud, and ensuring security.
Legal obligation: Processing is necessary to comply with a legal obligation to which we are subject.
Consent: Where you have given consent for specific processing activities, such as receiving marketing communications.

6. Data Retention

We retain your data for the following periods:

Data Type	Retention Period
Account data	Duration of account + 90 days
Uploaded documents	Duration of account + 90 days
Blockchain anchors	Permanent (immutable)
Billing records	7 years
Support tickets	3 years

7. Data Sharing

We do not sell your personal information. We may share data with trusted third-party service providers who assist us in operating our platform (e.g., cloud hosting, payment processing). These providers are contractually obligated to protect your data and use it only for the purposes we specify.

8. Data Security

We implement industry-standard security measures including encryption in transit (TLS), encryption at rest, access controls, and regular security audits. However, no method of electronic storage or transmission is 100% secure, and we cannot guarantee absolute security.

9. Your Rights (GDPR)

Under the General Data Protection Regulation (GDPR) and other applicable data protection laws, you have the right to:

Access the personal data we hold about you.
Request correction of inaccurate data.
Request deletion of your personal data.
Restrict processing of your data.
Data portability — receive your data in a structured, commonly used format.
Object to processing of your data.
Withdraw consent at any time where processing is based on consent.

We will respond to your request within 30 days. To exercise any of these rights, contact us at info@sealayer.io.

Note on blockchain data: Blockchain anchor records (SHA-256 hashes) cannot be deleted as they are permanently recorded on the Polygon blockchain. However, these hashes cannot be used to reconstruct document content.

10. International Transfers

Your information may be transferred to and processed in countries other than your country of residence, including the United Arab Emirates. We ensure appropriate safeguards are in place to protect your data in accordance with this policy.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Effective Date".

12. Contact Us

If you have questions about this Privacy Policy, contact us at info@sealayer.io or visit our contact page.