Crovia Seal · Privacy
Your text never leaves your device.
Crovia Seal is designed with one principle: the server cannot read what you seal.
We don't store your conversations. We don't profile you. We can't, even if we wanted to —
the architecture makes it cryptographically impossible.
Last updated: May 2026 · Version 0.6 · Effective immediately
The one-sentence summary
Your browser computes a SHA-256 hash of the AI text locally and sends only the hash to our server.
We sign the hash. We never see, store, or have access to the original text.
What we collect
When you click Seal, your extension sends the following to seal.croviatrust.com/v1/sign:
| Field | What it is | Personal data? |
|---|
| output_hash | SHA-256 of the AI's text (computed in your browser) | No (one-way hash, irreversible) |
| output_length | Number of bytes of the AI text | No |
| input_hash | SHA-256 of your prompt (computed in your browser) | No (one-way hash) |
| generator | Which AI you used ("openai", "anthropic", etc.) | No |
| issuer_app | Extension version string ("crovia-seal-extension/0.6.0") | No |
| IP address | Standard HTTP request metadata, kept only for abuse protection | Yes, transient |
What is a SHA-256 hash?
A SHA-256 hash is a one-way mathematical fingerprint. From a 10,000-character AI answer you get a fixed 64-character string. You can compute the hash from the text, but you cannot recover the text from the hash. It's like a fingerprint — useful to match against, but you can't reconstruct the person from their fingerprint.
What we do NOT collect
- The AI text itself. Never. Not transiently, not in logs, not in memory. Your browser hashes it before anything leaves your device.
- Your prompts to the AI. Same — only the hash is sent.
- Your name, email, account, or any identifier. Crovia Seal does not require accounts.
- Tracking cookies or analytics. There are none.
- Your browsing history. The extension only runs cryptographic operations; it does not report visited URLs.
- Cross-site tracking. The passive detector scans pages locally for invisible Crovia seal markers. Nothing is reported back to any server.
What we store on our server
The server keeps an append-only log of seal receipts. Each receipt contains:
- The unique seal ID (e.g. sl_3cf9eddc...)
- The hashes (input_hash, output_hash) — not the text
- The byte length of the original text
- Generator metadata (e.g. "openai / chatgpt-web")
- UTC timestamp
- Our Ed25519 cryptographic signature
Receipts are public by design — anyone can fetch a seal by ID via GET /v1/seal/{id}. This is how third parties verify your seal.
Important: receipts are permanent
Seal receipts are intentionally immutable. Once issued, they cannot be deleted — that is the whole point of a cryptographic seal. If you want to keep a receipt private, do not share its seal ID. The receipt contains only hashes, never your text, so privacy is preserved by default.
Your rights under GDPR
Crovia Seal is built so that GDPR concerns rarely apply, because we don't process personal data in any practical sense. However:
- Right to access: use GET /v1/seal/{id} — receipts are public.
- Right to rectification: not applicable — receipts are cryptographic facts, not editable records.
- Right to erasure: the receipt does not identify you. There is no link between a seal ID and a person unless you publicly tie them together. We have no way to associate a receipt with an individual.
- Right to object: simply uninstall the extension. The seals you already issued continue to exist (and can be verified by others), but you stop generating new ones.
- Data portability: all your seals are stored locally in your browser (IndexedDB). You can export them via the extension popup.
The "Crovia Wall" feature
The Crovia Wall is a public page that shows recent seals issued by our server. It displays only:
- Seal IDs (e.g. sl_3cf9...)
- Hashes (irreversible)
- Timestamps
- Which AI generator was used
It does not and cannot show the AI text itself. If you want the public to be able to verify a specific seal against a text, you must explicitly publish that text yourself (e.g. on social media or a website).
Cryptographic anchoring (optional)
Seals can be optionally anchored to public timestamp authorities (OpenTimestamps / Bitcoin blockchain) for additional non-repudiation. This anchoring publishes only the hash, never your text. Anchoring is opt-in and does not change what data is processed.
Browser permissions explained
| Permission | Why we need it |
|---|
| <all_urls> | The passive detector scans pages for invisible Crovia seal markers (zero-width Unicode characters). Detection is 100% local; no page content is sent anywhere. |
| storage | Save your seal history locally in your browser (IndexedDB). |
| activeTab | Open the verifier page in a new tab. |
| seal.croviatrust.com | Call our signing service with hashes (never plaintext). |
| croviatrust.com | Open the verifier and "How it works" page. |
Open source, verifiable
The extension source code is public at github.com/crovia-trust/crovia-seal. The signing server source code is in the same repository. You can audit every line yourself. If we are lying about what we collect, the code will show it.
Contact
Questions, concerns, or suspected breaches: [email protected]