The Idea Registry
The Idea Registry

Privacy Policy

The Idea Registry

Effective Date: March 1, 2026

Section 1

Institutional Commitment

The Idea Registry (“Registry”, “we”, “us”, or “our”) is committed to protecting the privacy, confidentiality, and integrity of personal information entrusted to us.

This Privacy Policy explains how we collect, use, store, disclose, and protect personal information in connection with the operation of our cryptographic evidence registry platform and associated services (“Services”).

The Registry operates in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs), as applicable.

By accessing or using the Services, you acknowledge that you have read and understood this Privacy Policy.

Section 2

Scope of This Policy

This Policy applies to:

  • Registered originators
  • Viewers accessing shared registrations
  • Authorized Referral Partners
  • Subscription holders
  • Verification portal users
  • Website visitors

This Policy does not apply to third-party services integrated into the Platform (including payment processors or blockchain networks), which operate under their own privacy policies.

Section 3

Categories of Personal Information Collected

The Registry collects only personal information reasonably necessary to provide its Services.

3.1 Account Information

When creating an account:

  • Full name
  • Email address
  • Encrypted authentication credentials (managed through Supabase Auth)

Passwords are not stored in plaintext.

3.2 Registration Data

When submitting a registration:

  • Encrypted idea content
  • Supporting materials uploaded by the user
  • Registration metadata
  • SHA-256 cryptographic fingerprint
  • Blockchain transaction identifiers

All idea content is encrypted prior to storage and is not publicly accessible.

3.3 Viewer Verification Information

When a viewer accesses a controlled disclosure link:

  • Full legal name
  • Email address
  • Phone number
  • Postal address (as provided by the viewer)
  • Live selfie captured via device camera
  • IP address
  • Device and browser metadata
  • Timestamp data

This information is collected for identity verification and evidentiary audit purposes.

3.4 Session Logging Data

During controlled disclosure sessions:

  • Session start and end times
  • Session duration
  • IP address
  • Browser and device metadata
  • HMAC-generated session identifier

3.5 Payment and Subscription Metadata

Payments are processed by third-party payment processors, including Stripe.

The Registry does not store full credit card details.

We may receive limited metadata including:

  • Payment status
  • Transaction identifiers
  • Subscription status
  • Billing references

3.6 Referral Partner Information

For Authorized Referral Partners:

  • Contact details
  • Referral identifiers
  • Commission records
  • Payment status
Section 4

Purpose of Collection and Use

Personal information is collected and used to:

  • Create and manage user accounts
  • Encrypt and securely store registrations
  • Generate cryptographic fingerprints
  • Anchor records to blockchain networks
  • Verify viewer identity
  • Log controlled disclosure sessions
  • Process payments and subscriptions
  • Operate the verification portal
  • Prevent fraud, abuse, and misuse
  • Comply with applicable legal obligations

The Registry does not sell, trade, or rent personal information.

Section 5

Encryption and Data Security

The Registry employs layered cryptographic safeguards designed to protect confidentiality and integrity.

5.1 Encryption of Idea Content

  • All registration and feedback content is encrypted using AES-256-CBC encryption prior to database storage.
  • Each text field is encrypted independently using a unique initialization vector.
  • No plaintext idea content is stored.

5.2 Cryptographic Fingerprinting

  • Before encryption, submission content is hashed using SHA-256 to generate a unique fingerprint.
  • Only this fingerprint and registration identifier are recorded on the blockchain.
  • No idea content or personal data is written to the blockchain.

5.3 Infrastructure Safeguards

We implement commercially reasonable technical and organisational measures including:

  • Encrypted data transmission (HTTPS)
  • Secure server-side key management
  • Role-based access controls
  • Secure API endpoints
  • Environment-based encryption key protection

No system can guarantee absolute security.

Section 6

Blockchain Transparency

When a registration or feedback record is anchored to the Polygon blockchain:

  • Only the SHA-256 fingerprint and registration identifier are recorded
  • No personal information is stored on-chain

Blockchain records are public, immutable, and permanent. Once recorded, they cannot be altered or removed by the Registry.

Section 7

Controlled Disclosure and Watermarking

When originators grant controlled access:

  • Viewer identity data is collected
  • Viewing sessions are logged
  • Dynamic watermark overlays may display viewer identity information

Viewer identity data is shared with the originator for evidentiary purposes.

The Registry is not responsible for actions taken by originators or viewers outside the Platform.

Section 8

Disclosure to Third Parties

We may disclose personal information:

  • To service providers necessary to operate the Platform
  • To payment processors
  • To cloud hosting providers
  • Where required by law, court order, or regulatory authority
  • To protect the rights, safety, or security of the Registry or its users

We do not sell personal information.

Section 9

Data Retention

Personal information is retained:

  • While an account remains active
  • As necessary for evidentiary preservation
  • As required by applicable law

Blockchain records are permanent and cannot be deleted.

If maintenance subscriptions lapse, platform access to encrypted content may be restricted, but blockchain timestamps remain independently verifiable.

Section 10

Cross-Border Data Storage

The Registry may utilise cloud infrastructure providers that store data in jurisdictions outside Western Australia or Australia.

By using the Services, you consent to cross-border data storage subject to reasonable safeguards.

Section 11

User Rights

Subject to applicable law, users may:

  • Request access to personal information held about them
  • Request correction of inaccurate information
  • Request account deletion (excluding immutable blockchain records)

Requests must be submitted to the contact email below.

Deletion of account data does not remove blockchain-anchored fingerprints.

Section 12

Cookies and Technical Tracking

The Platform may use cookies and session storage to:

  • Maintain authentication sessions
  • Store referral tracking data
  • Enhance security
  • Improve functionality

Users may adjust browser settings to disable cookies; however, certain Services may not function properly.

Section 13

Data Breach Response

In the event of a data breach involving personal information, the Registry will:

  • Assess the nature and impact of the breach
  • Notify affected individuals where required
  • Notify relevant regulatory authorities if required under Australian law
Section 14

Limitations

The Registry does not guarantee:

  • Absolute protection from cyber threats
  • Prevention of unauthorised reproduction of shared material
  • Any specific legal interpretation of Registry records

Users are responsible for safeguarding their devices and login credentials.

Section 15

Amendments

This Privacy Policy may be amended periodically.

The effective date will be updated accordingly. Continued use of the Services constitutes acceptance of revised terms.

Section 16

Contact

For privacy-related inquiries, data access requests, or correction requests, please contact:

contact@theidearegistry.com