Privacy

We collect the minimum data necessary to operate Carat and to issue gemological certificates.

What we store

• For each submitted gem: a photo, a generated gem_id, the certificate hash, the lifecycle events, and the Telegram user id of the submitter (so we can route the resulting cert back).
• Standard hosting logs (IP, user-agent, timestamp) kept by Vercel for security and abuse mitigation, typically for 30 days.

What we do NOT do

• We do not sell or share submitter data with third parties.
• We do not run third-party advertising trackers, analytics SDKs, or social pixels on this site.
• We do not use cookies for behavioural tracking.

On-chain disclosure

When Phase 2 launches, certificate hashes and gem_id values are published on the Polygon blockchain. These records are public and immutable by design. No personally identifying information is published on-chain.

Your rights

Under Swiss FADP and EU GDPR, you may request access to, correction of, or deletion of data we hold about you, by emailing david@nataf.com. Note that on-chain records cannot be deleted — but on-chain data contains no PII.