TaaS — Trust as a Service

Legal

Privacy Policy

Last updated: June 1, 2026

1. Overview

TaaS is a B2B API service operated by Cews Investments Corp ("Company", "we", "us"). This policy describes how we collect, use, and protect information in connection with our cryptographic certification API.

TaaS is a business-to-business service. Our customers are companies integrating the TaaS API into their applications. This policy covers the data we collect from those companies and their end users as processed through our API.

2. What we collect

Key principle

TaaS stores the SHA-256 hash of your event payload — not the payload itself. Your actual business data (user IDs, amounts, content) never leaves your infrastructure unless you explicitly enable server-side payload storage.

  • Account information (company name, email, billing address)
  • API usage logs (timestamps, endpoint, response codes — no payload content)
  • SHA-256 hash of certified payloads
  • RFC 3161 timestamp data
  • Certificate metadata (cert_id, issuance date, verification status)

3. How we use data

  • Issuing and verifying cryptographic certificates
  • Providing the dashboard and account management features
  • Billing and subscription management
  • Fraud detection and API abuse prevention
  • Service reliability monitoring

4. CCPA (California) rights

California residents have the right to know what personal information we collect, request deletion of their data, opt-out of the sale of personal information (we do not sell personal information), and non-discrimination for exercising these rights.

To exercise these rights, contact: [email protected]

5. Data retention

Certificate records (hashes and metadata) are retained indefinitely to support long-term verification — a core requirement of cryptographic certification services. Account data is retained for 90 days after account termination.

6. Contact

Cews Investments Corp · [email protected]