Account. Your email address (for magic-link sign-in and unlock notifications). For founding members from the SMS era: a SHA-256 hash of your phone number. We do not store passwords.
Privacy
Last updated: 2026-05-14
The Tower anchors SHA-256 hashes of your declarations to the Bitcoin blockchain. This page describes what data we collect, what we do with it, and — importantly — what we cannot undo.
Account. Your email address (for magic-link sign-in and unlock notifications). For founding members from the SMS era: a SHA-256 hash of your phone number. We do not store passwords.
Session. A random UUID in an HTTP-only Secure cookie on thetower.one. 30-day sliding expiry. We log the IP and user-agent of the issuing browser for audit; no other tracking.
Open entries. The plaintext you typed, its SHA-256 hash, category, tags. Visible on your dashboard.
Sealed / Time Capsule entries. Ciphertext that you encrypted in your browser with a key only you hold. The SHA-256 hash of your plaintext (which we cannot reverse). The inscription you chose (public-facing label). We never see your plaintext for these tiers.
Payments. Stripe processes your card; we receive a Stripe customer ID and payment-intent reference. We never see card numbers.
Paid text lookups. When you pay $5 to look up a hash by plaintext, we hold that plaintext in a staging table for up to 24 hours (then auto-deleted) so the webhook handler can complete the lookup.
Each entry's SHA-256 hash is batched (hourly) into a Merkle tree and committed to the Bitcoin blockchain via OpenTimestamps. This is permanent and public. Anyone, forever, can verify that a given hash existed at a given time. We cannot remove a hash from Bitcoin. No one can.
Hashes do not contain your content — only a one-way fingerprint of it. The plaintext is not recoverable from the hash. But: knowing a plaintext, anyone can hash it and check if it’s in The Tower. That’s the entire product.
Save your receipt at carve time. We offer a downloadable proof file on every carve. It contains the hash, the Merkle proof, the Bitcoin anchor, and the verification math. If The Tower ever disappears, that file plus a Bitcoin block explorer is enough to prove your timestamp.
Supabase — database and authentication infrastructure. US-hosted via AWS. Privacy policy.
Stripe — payment processing. Privacy policy.
Resend — transactional email (magic-link, tomb unlock notifications). Privacy policy.
DigitalOcean — server hosting. Privacy policy.
OpenTimestamps + Bitcoin network — the anchor. The Bitcoin network is public infrastructure, not a processor — we publish your hash there and anyone can read it.
Email + account row: until you delete your account, then within 7 days.
Sessions: 30 days from last use, then automatically purged.
Magic-link tokens: consumed once, then retained as a replay-prevention record indefinitely (hash only, no email content).
Open entries: indefinitely while your account exists. Hash on Bitcoin: forever.
Sealed / Tomb ciphertext: indefinitely while your account exists. Without your key it’s unrecoverable. Hash on Bitcoin: forever.
Paid text lookup plaintexts: 24 hours, then auto-purged.
Email auth@thetower.one to request:
Access to the data we hold about you.
Correction of an email address.
Deletion of your account. We can delete your account data; we cannot delete hashes already anchored on Bitcoin.
A copy of your entries for export.
If you’re in the EU, UK, or California, you have additional rights under GDPR / UK GDPR / CCPA respectively. Email us with your jurisdiction noted and we’ll respond within 30 days.
The Tower is not intended for children under 13. If you are under 13, do not create an account.
We’ll notify you at least 14 days before material changes to this policy. Changes take effect on the date shown at the top of this page.