How we handle your media

Last updated 7 June 2026

Your photos, documents and private files are yours. Here's plainly what happens to them when you use Ensiglo — and, just as importantly, what doesn't.

The short version: for everyday sealing we don't keep your file — only an irreversible summary that can't be turned back into it. For private sends, your file is encrypted on your device and we never see its contents. We never sell your media and never use it to train anything.

Sealing a photo

When you seal a photo, the check that later proves it's genuine is built on your device. We receive only a small, irreversible fingerprint — a one-way summary that lets us recognise the original later but cannot be used to rebuild or view your photo. The photo itself does not need to be uploaded to us, and we do not keep it.

Sealing a document

To seal or verify a document, the file is processed briefly so we can place the mark and build its fingerprint. By default we keep only that irreversible fingerprint — not the document, and not its contents. The working copy is held only for as long as the operation takes and is then discarded. (Organisations that specifically need us to retain an original for audit can opt in to a separate, consented arrangement; that is never the default.)

If you upload a password-protected document, any password you provide is used only to open it for that single operation, in memory, and is never stored or logged.

Private (end-to-end encrypted) sends

Private sends are designed so that we cannot see the contents — by design, not just by promise:

Your file is encrypted on your device before it leaves it.
The key needed to open it is split. One part is a secret you share directly with your recipient (in person, another app, a call) — it never reaches our servers. Without it, what we hold is meaningless.
The encrypted file travels directly between you and your recipient over your normal channel; we don't store it.

Be aware of the honest limits: once someone is allowed to open a file, controls like "view once" and expiry are strong deterrents but not guarantees — anyone viewing something can still screenshot or photograph their screen, and once a file has been shared we cannot un-share it. The identity mark shown on a private file is there to discourage leaks, not to make them impossible. We tell you this up front so you can decide what to send.

What travels with a sealed file

A sealed file carries a visible mark and tamper-evidence so that anyone can check it came from you and hasn't been altered since you sealed it. Verifying is free and needs no app. How that protection works is proprietary; what it proves is simple — see our Terms for exactly what a verification does and doesn't mean.

What we keep

Seal records — an identifier, timestamps, the fingerprint, and your @handle if you chose to show it. Not your file.
Verification activity — when a seal is checked, we record the event (counts, approximate city-level location, time) so we can show you that your content was verified. We never tie this to your file's contents.
Account & billing basics — see our Privacy Policy.

What we never do

We never sell your media or personal data.
We never use your media to train models.
We never log the contents of your files.
We can't read your private (end-to-end encrypted) sends.
Even under a lawful request, we can't hand over the contents of a private send — we never hold the key.

For the full detail on personal data and your rights, see our Privacy Policy. Anything unclear? [email protected].

    Questions? [email protected]

    Ensiglo is a product of DB Island Inc., Wyoming, USA · © 2026 DB Island Inc.

How we handle your media Privacy Terms Cookies