Photon by RocketShoes — Privacy Policy

RocketShoes Pty Ltd (ACN 626 345 542) Melbourne, Victoria, Australia Last updated: April 2026


1. Introduction

RocketShoes Pty Ltd ("RocketShoes", "we", "us", "our") operates Photon ("the App"), a personal timestamping application that lets individuals prove a file existed, unchanged, at a specific point in time by anchoring its cryptographic hash to the Bitcoin blockchain via OpenTimestamps.

This Privacy Policy explains how we collect, use, disclose, store, and protect personal information in connection with the App. We are committed to handling personal information in accordance with the Australian Privacy Principles (APPs) contained in the Privacy Act 1988 (Cth), and where applicable, the Privacy and Data Protection Act 2014 (Vic).

Further information about the APPs is available from the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au.


2. About the App and Who This Policy Covers

Photon is used by:

This policy covers personal information collected from those users. In the future Photon may support institutional plans (e.g., schools, training organisations, or companies provisioning accounts for their members); where that occurs, additional terms will apply and affected users will be notified.


3. What Personal Information We Collect

3.1 Account information

When you create or use a Photon account we may collect:

3.2 Two-factor authentication information

If you enrol a second factor for sign-in, we may collect:

This information is used only to authenticate you at sign-in.

3.3 Files and stamp records

When you stamp a file with Photon we collect and store:

3.4 Automatically collected information

When you use the App, we may automatically collect:


4. How We Collect Personal Information

We collect personal information:

We do not collect personal information from third parties except as described above.


5. Sensitive Information

We do not intentionally collect sensitive information (as defined in the Privacy Act 1988, including racial or ethnic origin, health information, political opinions, religious beliefs, or biometric data) through the App.

The files you upload may incidentally contain sensitive information (for example, a document that happens to include health or identity details). Where that occurs:


6. Why We Collect Personal Information

Primary purposes

Secondary purposes

Secondary uses are directly related to the primary purposes above. We may use contact details to:

You may opt out of non-essential communications at any time by contacting us at the address below.


7. Blockchain Anchoring — Public and Permanent Records

Photon's core function is to anchor evidence of your file's existence to the Bitcoin blockchain through the OpenTimestamps protocol. This section explains what that means for your data.

What is sent off-platform

What is NOT sent off-platform

Irreversibility

Once a Merkle root has been anchored to Bitcoin, that block record is permanent and cannot be altered or removed by us, by you, or by anyone else. This is a feature — it's what makes the proof durable — but it is important that you understand:

If you need confidentiality on the fact that a particular file was ever timestamped, do not stamp that file with Photon.


8. Disclosure of Personal Information

We do not sell, rent, or trade personal information. We may disclose personal information to:

Where personal information is disclosed to overseas recipients (including Google Cloud infrastructure, OpenTimestamps calendars, and the Bitcoin network), we take reasonable steps to ensure those recipients handle the information consistently with the APPs, noting that APP 8.1 obligations apply.


9. Data Isolation Between Users

Photon enforces per-user data isolation at multiple layers. Firestore and Firebase Storage security rules ensure that each user can only read and write data owned by their own account, identified by their Firebase Authentication UID. RocketShoes does not grant one user access to another user's files, filenames, or stamp history.


10. Security of Personal Information

We take reasonable steps to protect personal information from misuse, interference, loss, unauthorised access, modification, and disclosure. Our security measures include:

No method of transmission or storage is 100% secure. If you become aware of a security concern, please contact us immediately.


11. Retention and Destruction of Personal Information


12. Cookies and Local Storage

The App uses browser-based authentication tokens and local storage to maintain your session. These are managed by Firebase Authentication and are necessary for the App to function. Google reCAPTCHA may also set cookies as part of its abuse-prevention checks. No third-party advertising or tracking cookies are used.


13. Access, Correction, and Complaints

Access and correction

You have the right to access and correct personal information we hold about you. To make a request:

Data portability

You can download your uploaded files and .ots receipts directly from the App at any time while your account is active. Contact us for a broader data export in structured form.

Complaints

If you believe we have breached the APPs or the Privacy and Data Protection Act 2014 (Vic), you may lodge a complaint with us in writing. We will investigate and respond within 30 days. If you are not satisfied with our response, you may refer your complaint to:


14. Changes to This Policy

We may update this Privacy Policy from time to time. Where changes are material, we will notify users via the App or by email. Continued use of the App after notification constitutes acceptance of the updated policy.


15. Contact Us

For privacy-related enquiries, access requests, or complaints:

RocketShoes Pty Ltd ACN 626 345 542 Melbourne, Victoria, Australia Email: info@rocketshoes.io Website: rocketshoes.io