Privacy Policy
Last updated: June 3, 2026
1. Overview
This Privacy Policy explains how Hash Camera collects, uses, stores, discloses, and deletes information in connection with the Hash Camera mobile application, website, and related server services. Hash Camera is designed to create timestamp-enhanced photo evidence records and to verify those records through QR codes and server records.
By using Hash Camera, you acknowledge that photos and related evidence metadata may be transmitted to and stored on Hash Camera servers when you create a server evidence record.
2. Information We Process
When you create an evidence record, Hash Camera may process the photo you capture, capture time, server receipt time, evidence ID, photo hash, signed QR code metadata, device model identifier, membership or plan status, retention period, optional Bitcoin blockchain anchor height and hash, upload usage, and related technical records required to operate the service.
Hash Camera transmits the device model identifier only, such as an iPhone model identifier. Hash Camera does not transmit the user-customized device name.
When you verify a photo or QR code, Hash Camera processes the QR content, signed payload, evidence ID, or other verification information required to locate and compare the corresponding server record.
For authentication, abuse prevention, and rate limiting, Hash Camera may process email addresses, keyed hashes of email addresses, session tokens, IP-derived rate-limit identifiers, complaint or report identifiers, and related timestamps.
3. Photos and Evidence Records
Photos used to create evidence records are uploaded to Hash Camera servers and stored in Cloudflare R2. The app may also save a QR-marked copy to your device photo library if you grant the necessary device permission. Hash Camera does not delete, modify, or manage photos stored in your device photo library.
Server evidence records are used to verify whether a Hash Camera record exists, compare the server-stored photo and metadata, and return verification results. Verification results are informational and should be reviewed together with the server-stored image and other relevant evidence.
4. Account Sign-In and Purchases
If you use Sign in with Apple, the app sends the Apple identity token to the Hash Camera API for server-side verification before a Hash Camera session is issued. Hash Camera may process the Apple user identifier and profile information provided by Apple.
If you use email sign-in, Hash Camera uses your email address to send one-time verification codes. On Hash Camera servers, email addresses are stored in encrypted form and are looked up using a keyed hash. Authentication sessions are stored as server-side session records.
If paid plans or in-app purchases are enabled, Hash Camera may process purchase status and plan information to determine upload limits, storage limits, and retention periods.
5. Local Device Data
The app stores local history, thumbnails, settings, and related app data on your device. You may clear local app data from the Settings screen. Clearing local data does not delete photos already saved to your device photo library and does not delete server evidence records unless you separately request deletion of those server records.
6. How We Use Information
Hash Camera uses information to provide evidence capture, upload, QR generation, QR verification, server record lookup, account authentication, upload quota enforcement, retention enforcement, abuse prevention, complaint deletion, content safety review, account restriction, service maintenance, security monitoring, and customer support.
Hash Camera does not use your information for third-party advertising tracking.
7. Retention
Evidence retention depends on the plan that applies at the time of upload. Current retention periods are 7 days for Free, 180 days for Pro, and 3 years for Business, unless a different period is stated in the app, App Store listing, or other published plan terms.
Hash Camera runs server-side scheduled cleanup to delete expired server evidence photos and related server records. Cleanup is performed by the server infrastructure and does not require the app to be opened on a user's device.
Authentication records, rate-limit records, safety reports, admin action logs, and operational records may be retained for as long as reasonably necessary to provide the service, prevent abuse, comply with legal obligations, resolve disputes, and enforce the Terms of Service.
8. User Deletion Controls
You may delete server-stored evidence records from the app history detail screen. Deleting a server evidence record removes the server-stored evidence photo and related server record. It does not delete photos already saved to your device photo library and does not reverse monthly upload usage.
You may delete your account from the app Settings screen. Account deletion removes your account, active sessions, server-stored evidence photos, related server records, and monthly usage records from Hash Camera servers. It does not delete photos already saved to your device photo library. Hash Camera may retain limited records where reasonably necessary for fraud prevention, legal compliance, dispute resolution, security, or enforcement of the Terms of Service.
9. Complaints, Reports, and Safety Removal
If a Hash Camera evidence record is verified in the app, the verification result screen may provide a complaint button. When the complaint button is confirmed, Hash Camera deletes the server-stored evidence photo and related server record immediately, without manual review. This action does not delete any photo from a user's device photo library and does not reverse monthly upload usage.
Hash Camera may maintain a safety report record that includes the evidence ID, reported account ID, reporter account ID if signed in, IP-derived rate-limit identifier, reason, status, admin notes, and related timestamps.
Hash Camera may delete server-stored photos and related records, restrict verification, suspend sessions, or block accounts without prior notice if content is found or reasonably suspected to involve infringement, secretly recorded or non-consensual imagery, privacy violations, violent or graphic content, child safety risks, sexual exploitation, fraud, forged evidence, impersonation, scams, illegal activity, or other misuse of the service.
10. Service Providers and Infrastructure
Hash Camera uses service providers and infrastructure vendors to operate the service, including Cloudflare Workers, Cloudflare D1, Cloudflare R2, and email delivery services. These providers process information on behalf of Hash Camera for hosting, storage, delivery, authentication, security, and operational purposes.
11. Security
Hash Camera uses technical and organizational measures intended to protect information, including HTTPS transport, server-side authentication, encrypted email storage, keyed hashes for email lookup, server-signed QR payloads, access controls, and rate limiting. No method of transmission or storage is completely secure, and Hash Camera cannot guarantee absolute security.
12. International Processing
Hash Camera and its service providers may process and store information in countries or regions other than where you reside. Data protection laws in those locations may differ from those in your jurisdiction.
13. Children and Sensitive Content
Hash Camera is not intended to be used to upload child sexual abuse material, sexual exploitation content, secretly recorded imagery, or other illegal or harmful content. Such content may be removed and may result in account restrictions or other action where appropriate.
14. Your Choices and Requests
You may use in-app controls to delete server evidence records, delete your account, clear local app data, and manage device permissions. For privacy questions, access requests, deletion requests, or other privacy-related inquiries, contact [email protected].
15. Changes to This Policy
Hash Camera may update this Privacy Policy from time to time. The updated version will be posted on this page with a revised "Last updated" date. Material changes may also be communicated through the app or website where appropriate.