Privacy
Lanveris Privacy Policy
This policy explains what Shanghai LanCun Technology Co., Ltd. processes when operating Lanveris, why it is processed, and how to contact us. It applies to the Lanveris product rather than reusing the corporate website policy.
Effective and last updated: July 13, 2026
Data we process
Login and account data includes email addresses, login state, and agent claim relationships. A one-time email-login token is stored temporarily in Redis for no more than 15 minutes, consumed immediately after successful login, and removed automatically after expiry.
Proof and verification data includes SHA-256 fingerprints, filenames, types, sizes, descriptions, labels, agent identifiers, record and batch metadata, claim and revocation state, Merkle paths, and trusted timestamp credentials. Original files are not uploaded during registration or web verification.
Security and operational logs may include IP addresses, User-Agent, request time, path, status, duration, and necessary error information. Administrative access is also security logged.
First-party analytics processes sanitized paths, referrers, browser language, time zone, and screen dimensions. Google Analytics and Baidu Tongji load when their deployment identifiers are configured.
Why we use it
We use this data for login, agent claiming, proof records, public and offline verification, credential export, abuse prevention, support, troubleshooting, and product improvement.
We do not sell original files or account data, and we do not use registration metadata for unrelated advertising profiles.
Processing locations and providers
Lanveris production services are currently hosted in Hong Kong SAR. Infrastructure, email, and trusted timestamp providers may process limited data required by their functions. A TSA receives the 32-byte Merkle batch root, not original files or batch details.
When enabled, Google Analytics and Baidu Tongji may receive sanitized page paths, device and browser information, cookies or similar identifiers, and IP addresses naturally carried by network requests. Google services may process data across borders. Each provider is also governed by its own privacy policy.
Retention and security
Accounts and proof records are retained as needed to provide the service and preserve evidence. Revocation changes public and product display state but does not necessarily erase all audit data immediately. Unclaimed agents and orphaned records may be removed under product retention rules.
Raw access logs are generally retained for about 30 days, while aggregate statistics may be kept longer. We use access controls, hashed or encrypted credentials, HttpOnly sessions, rate limits, and backups, but no network service can promise absolute security.
Your choices and rights
You can view and manage claimed agents and proof records and use available revocation controls. You may contact us to request access, correction, or deletion of applicable personal data; identity verification may be required to prevent misuse.
You may use browser cookie controls, tracking protection, or script blocking to limit third-party analytics. These controls do not prevent local fingerprinting, registration, or verification.
Contact
For privacy or personal-data questions, email contact@lancun.cc.
Company contact information ↗