Privacy Policy

Last Updated: February 24, 2026

1. Overarching Principle

Bit-Sign is a privacy-first platform. We minimize data collection to only what is necessary to operate the signing and identity verification service. We do not sell, rent, or share your personal data with third parties for marketing purposes.

2. Data We DO NOT Collect

  • We do not collect or store your private keys or wallet credentials.
  • We do not collect or store the plaintext of your encrypted documents.
  • We do not store passwords for any linked identity provider.
  • We do not sell or share your data with third parties for advertising.

3. Data We Collect and Process

When you use Bit-Sign, we collect and process the following:

  • HandCash handle and profile: Used for wallet authentication, payment processing, and identity root creation.
  • OAuth profile data: When you link Google, X (Twitter), LinkedIn, Discord, Microsoft, or GitHub, we receive your display name, email address, and profile picture from the respective provider. This data creates identity strands that strengthen your on-chain identity level.
  • Document metadata: File names, timestamps, and document hashes used for on-chain inscriptions and sealing.
  • Signature data: Your drawn or uploaded signatures, stored in your vault for reuse.
  • Co-sign requests: Handle or email addresses of recipients you invite to co-sign documents.
  • Photos and media: Profile photos and media captured via the phone camera linking feature, stored in your vault.

4. Identity Providers (OAuth)

Bit-Sign integrates with the following identity providers via OAuth 2.0:

  • HandCash — Wallet authentication and BSV transactions
  • Google — Name, email, profile picture
  • X (Twitter) — Username, display name, profile picture
  • LinkedIn — Name, email, profile picture
  • Discord — Username, email, avatar
  • Microsoft — Name, email
  • GitHub — Username, email, avatar

We only request the minimum scopes required (basic profile and email). We store OAuth tokens securely to maintain your linked status. You may unlink any provider at any time, which removes the stored token and associated profile data.

5. Data Storage

User data is stored in a self-hosted database. Document content is processed in the browser where possible. Encrypted attestations and identity inscriptions are written to the Bitcoin blockchain and are permanent.

6. On-Chain Data

Data inscribed on the Bitcoin blockchain is permanent and immutable. This includes identity roots, identity strands, document seals, and attestation records. Once inscribed, neither Bit-Sign nor any party can delete or modify these records. You should consider this carefully before sealing or inscribing any data.

7. Cookies

We use essential, secure, HTTP-only cookies to maintain your authentication session. No tracking, analytics, or marketing cookies are used. No third-party cookie services are integrated.

8. Data Retention and Deletion

Off-chain data (vault items, profile information, OAuth tokens) may be deleted upon request. On-chain data (inscriptions, seals, identity strands) cannot be deleted due to the immutable nature of the blockchain. To request deletion of your off-chain data, contact us at the address below.

9. Contact

For privacy inquiries, contact: bitsignonline@gmail.com