What we collect — and what we don’t
A plain-language account of every piece of data involved when you notarize content.
What is stripped from your file before processing
On every upload, NOC strips identifying metadata from your file before processing. After stripping, the file is re-encoded before the certificate mark is applied. No stripped data is ever stored or transmitted to any third party.
| Data type | What NOC does with it |
|---|---|
| GPS coordinates | Stripped before processing, never stored |
| Device identifiers | Stripped before processing, never stored |
| Software fingerprints | Stripped before processing, never stored |
| Capture timestamps | Stripped before processing, never stored |
| Creator-identifying fields | Stripped before processing, never stored |
| Embedded thumbnail previews | Stripped before processing, never stored |
What IS stored in your certificate
The following data is recorded in your certificate and anchored on a public blockchain. This information is public and permanent. When a certificate is issued, NOC records a small timestamped entry on a public blockchain — not your image, not your personal data, just a unique identifier and the moment of certification. This record is permanent and independently verifiable.
| Field | What it is | Who provides it |
|---|---|---|
| NOC ID | A randomly generated unique identifier for this certificate | NOC (generated at notarization time) |
| Creator name | The name you entered in the Creator Name field | You — can be a pseudonym, byline, or any name |
| Description | The description you wrote for the file — travels with the content and appears in all verification results | You |
| Provenance claim | Camera Captured, AI Generated, or Origin Unknown — determined from embedded origin data in your file | Derived automatically from your file’s existing metadata |
| Notarization timestamp | The date and time NOC processed the file (UTC) | NOC (server time) |
| Blockchain transaction | The on-chain transaction hash of the anchor | NOC |
What is NOT stored anywhere on NOC’s servers
| Data | Why it’s absent |
|---|---|
| Your IP address | Never logged against your certificate or account |
| Original filename | Never stored. Download files are named after the NOC ID (e.g. NOC-XXXXXX.jpg). Your original filename is never recorded or returned. |
| Original (pre-watermark) file | Deleted immediately after the pipeline completes |
| GPS / location | Stripped before processing (see above) |
| Device serial / camera model | Stripped before processing (see above) |
| Browser or device fingerprint | Not collected at any point |
| Email address on certificates | Your email is only used for account login — it never appears on a certificate or in a manifest |
How long NOC stores your watermarked file
NOC stores two copies of your processed file: a full-resolution watermarked copy and a permanent thumbnail. They have different retention periods.
| What | Kept for | Why |
|---|---|---|
| Full watermarked file (JPEG, PNG, WebP, MP4, MOV) | 24 hours from notarization time | Allows you to download all three versions (with seal, Sealed Copy, and watermark only). Deleted automatically after the window closes as a cost-management measure. |
| 200×200 thumbnail | Permanently | Used for the My Content page preview. Contains no sensitive data — it is a small, cropped, JPEG-compressed version of the watermarked file. |
| Original (pre-watermark) file | Deleted immediately after pipeline completes | NOC never retains your original file |
| Certificate record (NOC ID, creator name, description, provenance, timestamp) | Permanently (or until you delete the certificate) | Required to serve the certificate page and respond to watermark lookups |
| Blockchain anchor | Permanently — cannot be removed | Blockchain records are append-only by design. Even if you delete your certificate, the on-chain transaction remains. |
If you need a watermarked copy after the 24-hour window, re-notarize the file. Each notarization produces a new certificate with a new NOC ID.
What survives after platforms process your file
Platforms typically strip all metadata when a file is uploaded or re-shared. Here is what remains after common platform transformations.
| Transformation | Watermark survives? | C2PA manifest survives? |
|---|---|---|
| Platform re-compression (JPEG q=85) | ✓ Yes | ✗ Usually stripped |
| PNG re-save | ✓ Yes | ✗ Usually stripped |
| 10% edge crop | ✓ Yes | ✗ Stripped |
| Screenshot | ✓ Yes | ✗ Not present in a screenshot |
| Social media re-upload | ✓ Usually yes | ✗ Always stripped |
The watermark is designed to survive platform compression precisely because platforms strip metadata. The blockchain anchor and NOC certificate are the permanent record — the watermark is the permanent pointer back to them.
How your certificate is secured
- Public blockchain: A zero-value transaction anchors the NOC ID on-chain. Blockchain records are append-only and cannot be deleted or altered.
- C2PA manifest signing: Each certificate is signed with a cryptographic key. The signature covers the file content and the manifest assertions. Any modification to the file or manifest after signing will fail signature verification.
- Watermark integrity: The watermark is designed to survive compression, re-saves, and platform processing. Without our signing key, it cannot be removed or forged.
- Perceptual fingerprint: A perceptual fingerprint of your content is stored at certification time. Even screenshots or compressed copies can be matched back to the original certificate.
Third-party services used
| Service | What it receives | Why |
|---|---|---|
| Public blockchain | A transaction with your NOC ID in the data field | Immutable on-chain timestamp and anchor |
Questions? Contact us.