Privacy Policy
TypedTrust is built on a simple principle: prove that humans wrote something, without compromising their privacy. This policy explains what data we collect, why, and what control you have over it.
The short version: We record how you type (timing patterns), not what you type. Your document content is hashed on your device and never sent to our servers in readable form.
1. Data Controller
The data controller for TypedTrust is:
Daniel Vecera
Prague, Czech Republic
Email: daniel@typedtrust.com
2. What Data We Collect
2.1 Keystroke Timing Patterns
When you use the TypedTrust editor, we record the timing intervals between keystrokes -- how fast you type, pauses between words, your rhythm. This data is used exclusively to generate a cryptographic verification proof that a human authored the content.
We do not record the actual characters you type. We cannot reconstruct your document from keystroke timing data.
2.2 Document Content Hashes
Your document content is hashed using SHA-256 on your device (client-side). Only the resulting hash is included in the verification proof. The hash is a one-way function -- your original text cannot be recovered from it.
Your document content is never transmitted to or stored on our servers.
2.3 Account Information
If you sign up for an account, we collect your email address for authentication and essential service communications. We do not collect your name, address, or other personal details unless you voluntarily provide them.
2.4 Verification Metadata
Each verification proof contains metadata such as:
- Total keystroke count and average typing speed (WPM)
- Number of paste events and percentage of typed vs. pasted content
- Writing session duration and number of thinking pauses
- Timestamps (session start and end)
3. How We Use Your Data
We use the collected data for the following purposes only:
- Generating verification proofs -- the core function of TypedTrust
- Account management -- if you create an account
- Service improvement -- aggregated, anonymized statistics to improve our algorithms
We do not use your data for advertising, profiling, or any purpose unrelated to the authorship verification service.
4. What We Do NOT Collect
- The actual text content of your documents
- Specific characters or words you type
- Browsing history or activity outside the TypedTrust editor
- Location data
- Device fingerprints for tracking purposes
5. Cookies
TypedTrust uses only essential session cookies required for the service to function (e.g., keeping you logged in). We do not use tracking cookies, advertising cookies, or any third-party cookies.
We do not currently use any third-party analytics services. If this changes, we will update this policy and notify you.
6. Data Storage and Security
Data is stored on servers located within the European Union. We use industry-standard encryption in transit (TLS) and at rest. Access to personal data is limited to the minimum necessary for service operation.
Verification proofs are encoded in the URL fragment (after the # symbol) and are not transmitted to our servers when you share a verification link -- they remain entirely client-side.
7. Data Sharing
We do not sell, rent, or share your personal data with third parties. The only exceptions are:
- Legal obligations -- if required by law or valid legal process
- Service providers -- infrastructure providers (hosting, email) who process data on our behalf under strict data processing agreements
8. Data Retention
Account data is retained for as long as your account is active. If you delete your account, your personal data will be removed within 30 days. Anonymized, aggregated statistics may be retained indefinitely.
Keystroke timing data used for proof generation is not stored after the proof is created -- it exists only in the browser session during writing.
9. Your Rights Under GDPR
As a data subject under the EU General Data Protection Regulation (GDPR), you have the following rights:
- Right of access -- request a copy of all personal data we hold about you
- Right to rectification -- request correction of inaccurate personal data
- Right to erasure -- request deletion of your personal data ("right to be forgotten")
- Right to data portability -- receive your data in a structured, machine-readable format
- Right to restriction -- request that we limit how we process your data
- Right to object -- object to processing of your personal data
- Right to withdraw consent -- withdraw consent at any time where processing is based on consent
To exercise any of these rights, email us at daniel@typedtrust.com. We will respond within 30 days.
You also have the right to lodge a complaint with a supervisory authority. For the Czech Republic, this is the Office for Personal Data Protection (UOOU, uoou.cz).
10. Legal Basis for Processing
We process your data on the following legal bases:
- Contractual necessity (Art. 6(1)(b) GDPR) -- processing keystroke timing to provide the verification service you requested
- Consent (Art. 6(1)(a) GDPR) -- where you have given explicit consent, such as email communications
- Legitimate interest (Art. 6(1)(f) GDPR) -- service improvement through anonymized, aggregated analytics
11. Children's Privacy
TypedTrust is not directed at children under 16. We do not knowingly collect personal data from children. If you believe we have inadvertently collected such data, please contact us and we will delete it promptly.
12. Changes to This Policy
We may update this policy from time to time. Significant changes will be communicated via email (if you have an account) or a prominent notice on our website. The "last updated" date at the top reflects the most recent revision.
13. Contact
For questions, concerns, or data requests:
Daniel Vecera
Email: daniel@typedtrust.com
Prague, Czech Republic