We never store the documents you submit — they are hashed and discarded. We keep limited account data (your email and access-code records) to run your purchase, and we use a small set of third-party providers for payments, hosting, bot-protection, analytics, and fonts. We do not sell your data.
1. Who We Are & Scope
StatutoryRegistry.com ("the Service," "we," "us," or "our") is operated by NextGenRails™. The Service issues cryptographic receipts that prove the state of a statutory or compliance document at a point in time. This Privacy Policy explains what personal information we collect, how we use and protect it, and the choices you have. It works alongside our Terms of Service, including the Zero Retention Policy described there.
2. Information We Collect
2.1 — Documents you submit
When you submit a document, it is read into memory, hashed field-by-field (SHA-384) into a Merkle commitment, and used to produce your signed receipt. The receipt records the cryptographic commitment and minimal metadata (such as field count and framework) — not the document itself. We keep no copy of your submitted document and cannot reconstruct it. See Section 3.
2.2 — Account & purchase data
When you purchase a pack or plan, we store records needed to deliver and manage your access, including your email address, the Stripe checkout session and price identifiers, your usage count and limit, and timestamps. This data is stored using Netlify Blobs and is keyed to your access code.
2.3 — Payment data
Payments are processed by Stripe. We do not collect, see, or store your full payment card number, CVV, or bank details — Stripe handles those directly under its own privacy policy. We retain only transaction and session references for fulfillment.
2.4 — Security & abuse-prevention data
The submission form uses Cloudflare Turnstile to confirm you are human; Turnstile receives your IP address and a challenge token.
2.5 — Usage analytics
We collect limited analytics about site usage, including the page visited, referring URL, browser/user-agent string, and an approximate location (country, region, and city) derived from your IP address. This data is stored in our analytics table hosted by Supabase. The IP-to-location lookup is performed by a third-party service, ipapi.co, which receives your IP address to return coarse location data. We do not use analytics for advertising, and we do not sell it.
2.6 — Web fonts & server logs
The site serves fonts via Google Fonts, which may receive your IP address when your browser requests them. Our hosting provider (Netlify) processes connection data such as IP addresses to deliver and secure the site.
2.7 — Communications
If you email us, we receive your email address and the contents of your message and use them to respond.
3. What We Never Retain
Consistent with the Zero Retention Policy in our Terms, NextGenRails™ does not store, log, or archive the content of any document you submit. Submitted content exists only in memory for the duration of receipt computation and is discarded immediately afterward. Because we keep no copy, we cannot reproduce, recover, or provide your submitted document in response to any request or legal process. You are solely responsible for retaining your own documents and issued receipts.
4. How We Use Information
- To issue and verify your cryptographic receipts and manage your usage entitlement;
- To process payments, deliver access codes, and manage plans via Stripe;
- To protect the Service against bots, fraud, and abuse;
- To understand and improve site usage through aggregate analytics;
- To respond to your support requests;
- To comply with legal obligations and enforce our Terms of Service.
5. Third-Party Providers
We share personal data only with the service providers ("sub-processors") that make the Service work, and only as needed:
| Provider | Purpose | Data involved |
|---|---|---|
| Stripe, Inc. | Payment & subscription processing | Email, payment details, session/customer IDs |
| Netlify, Inc. | Hosting, functions & account-data storage (Blobs) | Access-code records, email, connection logs |
| Cloudflare, Inc. | Turnstile human-verification | IP address, challenge token |
| Supabase, Inc. | Usage-analytics storage | Page, referrer, user-agent, approx. location |
| ipapi.co | IP-to-location lookup | IP address |
| Google LLC (Fonts) | Serving web fonts | IP address |
Any blockchain anchoring performed by the Service involves only cryptographic hashes of receipts or key material — never your document content or personal data.
6. How We Share Information
We do not sell your personal information, and we do not use it for cross-context behavioral advertising. Beyond the providers above, we may disclose information if required by law, regulation, or valid legal process, or to protect the rights, property, or safety of NextGenRails™, our users, or others. If NextGenRails™ is involved in a merger, acquisition, or sale of assets, information may transfer as part of that transaction, subject to this policy.
7. Data Retention
- Submitted documents: not retained — discarded immediately after processing.
- Account & access-code records: retained while your access is active and as needed for legal, tax, and accounting purposes.
- Analytics records: retained for operational analysis.
You may request deletion of your personal data at any time (see Section 9). Requests are processed within 30 days.
8. Security & Your Access Code
Data is transmitted over encrypted connections (HTTPS/TLS).
Your access code is your credential. Anyone who has it can consume your receipt entitlement, and lost access codes cannot be recovered. Keep it confidential and retain your own copy.
No method of transmission or storage is perfectly secure. While we take reasonable measures to protect your information, we cannot guarantee absolute security.
9. Your Rights & Choices
Depending on where you live, you may have the right to access, correct, delete, export, or restrict the processing of your personal data, and to object or withdraw consent. To exercise any of these, email ngr.admin@proton.me; we respond within the timeframe required by law, and within 30 days for deletion requests. California residents: we do not sell or share your personal information as defined by the CCPA/CPRA and will not discriminate against you for exercising your rights. For the full analytics disclosure covering all NextGenRails™ properties, see nextgenrails.net/legal.
10. International Transfers
NextGenRails™ operates from the United States, and our providers process and store data in the United States and other countries. If you access the Service from outside the United States, your information will be transferred to and processed in the United States, which may have data-protection laws that differ from those where you live.
11. Children's Privacy
The Service is intended for business and professional use and is not directed to children. We do not knowingly collect personal information from anyone under 16.
12. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be posted to this page with a revised "Last updated" date. Continued use of the Service following any modification constitutes acceptance of the revised policy.
13. Contact
For privacy questions or to exercise your data rights, contact NextGenRails™ at ngr.admin@proton.me.
This Privacy Policy is provided for transparency and does not constitute legal advice.
© 2026 NextGenRails™. All rights reserved.