Privacy Policy

This policy explains what personal information Ensiglo collects, why, and your choices. Ensiglo is operated by DB Island Inc. ("Ensiglo", "we", "us"), a Wyoming, USA company. Contact: [email protected].

1. Information we collect

• Account information — your email address, your chosen @handle, and your date of birth (used only to confirm you meet the minimum age).
• Seal & verification data — identifiers, timestamps, irreversible content fingerprints, and verification events (including IP address, approximate city-level location, device/browser information, and time). We do not store the contents of your files (see How we handle your media).
• Channel-verification data — when you link a website or social account, we record what you proved you control and when.
• Payment information — handled by our payment processor (Stripe). We do not receive or store your full card details; we keep a customer/subscription reference and your plan status.
• Technical & cookie data — an essential first-party device identifier and session cookie, and standard server logs. We do not run third-party advertising trackers.
• Communications — messages you send us.

2. If you verify someone else's seal

You don't need an account to verify, and most people who verify never create one. When anyone checks a seal, we record the verification event — including IP address, approximate city-level location, device/browser information, and the time — so we can show the sender that their content was checked, detect abuse, and keep the service secure. We rely on our legitimate interests (and the sender's) for this, and we keep it only for a limited period. We never link a verification to the contents of the file being checked, and we don't use it to build a profile of you or to advertise to you. If you're in a region with data-protection rights, the rights in the section below apply to this data too.

3. How we use it

• To provide, secure and improve the service (sealing, verifying, accounts, billing).
• To prevent fraud, abuse and misuse, and to enforce our Terms.
• To show you activity on your seals and to contact you about your account.
• To meet legal obligations and respond to lawful requests.

4. Legal bases

Where the GDPR, UK GDPR or South Africa's POPIA apply, we rely on: performance of our contract with you (to run the service), our legitimate interests (security, anti-abuse, product improvement), consent where we ask for it (e.g. optional features), and legal obligation.

5. How we share information

We do not sell your personal information. We share it only with:

• Service providers (subprocessors) who help us operate, each under contracts that limit their use of your data to providing their service to us:
  • Stripe, Inc. — payment processing (USA).
  • Google LLC — Google Workspace — sending transactional email such as sign-in codes (USA).
  • Google LLC — Google Cloud Platform — application hosting (USA).
  • Cloudflare, Inc. — content delivery, DNS and security/DDoS protection (USA).
• Authorities, where required by law or to respond to a valid legal request, or to protect rights, safety and the integrity of the service. For private (end-to-end encrypted) sends there is a hard limit on what we can ever provide: we hold only encrypted key material and delivery metadata (such as timing and gate state), never the content and never the secret needed to decrypt it. No legal request can compel us to produce something we do not hold — we can confirm a private send occurred and disclose its metadata, but we cannot disclose what it contained.
• A successor in the event of a merger, acquisition or asset sale, subject to this policy.

6. International transfers

We are based in the United States and our providers may process data in the US and other countries. Where required, we rely on appropriate safeguards (such as standard contractual clauses) for transfers out of your region.

7. Retention

We keep personal data only as long as needed for the purposes above: account data while your account exists; seal fingerprints while the seal is active; verification logs for a limited period for security and analytics; billing records as required by law. You can delete seals and close your account (see your rights below).

8. Security

We use technical and organisational measures including encryption in transit, access controls and data minimisation, and we deliberately avoid storing your files. No method of transmission or storage is 100% secure, and we cannot guarantee absolute security.

If a personal-data breach occurs that is likely to affect you, we will notify the relevant supervisory authority and affected users where the law requires (including under the GDPR and POPIA), without undue delay.

9. Your rights

Depending on where you live, you may have the right to access, correct, delete, export, restrict or object to our processing of your personal data, and to withdraw consent. To exercise these, email [email protected]. You also have the right to complain to your local data-protection authority.

10. California privacy rights (CCPA/CPRA)

If you are a California resident, you have rights under the California Consumer Privacy Act, as amended by the CPRA. In the period covered by this policy we collect the categories described in §1 — namely identifiers (such as email, @handle, device identifier and IP address), internet/network activity (verification and usage events), commercial information (your plan and purchases), approximate geolocation (city-level), and account credentials — for the business purposes in §3. We obtain them from you and from your use of the service.

We do not "sell" your personal information, and we do not "share" it for cross-context behavioural advertising, as those terms are defined under California law, and we have not done so in the preceding 12 months. We do not use or disclose sensitive personal information for purposes that would give you a right to limit it.

Subject to the law, you may request to know/access the personal information we hold about you, to delete it, and to correct it, and you have the right not to be discriminated against for exercising these rights. To make a request, email [email protected]; we will verify it (for example by confirming control of your account email), and you may use an authorised agent. Because we don't sell or share, no "Do Not Sell or Share My Personal Information" step is required — but you're welcome to contact us with any concern.

11. Children

Ensiglo is not for children under 13 (or the higher minimum age in your country). Private/sensitive sending is restricted to adults (18+). We don't knowingly collect data from children under these ages; if you believe we have, contact us and we'll delete it.

12. Cookies

We use only essential first-party cookies needed to run the site (your session and a device identifier). We do not use cookies for cross-site advertising.

13. Changes

We may update this policy. We'll change the "last updated" date above and, for material changes, take reasonable steps to notify you. Continuing to use Ensiglo after a change means you accept the updated policy.

14. Contact

DB Island Inc. (Ensiglo), Wyoming, USA — [email protected].