Terms and Conditions
1. Nature of the Service (Electronic Evidence and Time-Stamping)
Veltia Trust provides an electronic evidence generation service through time-stamping. The service is designed to guarantee the integrity and date of existence of digital data in accordance with international technical standards.
The system exclusively processes cryptographic fingerprints (SHA-256 Hashes) sent by the Customer through our API. Veltia Trust does not store, view, or have access to the original documents or the personal data contained in them, ensuring maximum information privacy and security.
2. Identity Responsibility and Verification
Veltia Trust acts as a Trusted Third Party under the framework of Law 34/2002 (LSSI), in order to guarantee the integrity and temporal immutability of the sent hash.
The legal responsibility for the following rests exclusively with the Customer (the operator or contracting company):
- Verify and authenticate the identity of the signers or interested parties before making the Trust Event request.
- Obtain the express consent of the signer for the processing of their data and the acceptance of the electronic signature process.
- Guarantee the veracity of the data provided in the original contract associated with the Trust Event hash.
Veltia Trust does not assume any responsibility for identity theft or document falsification in the original files that originate the hash.
3. Regulatory Compliance and Technical Standards
Veltia Trust's time-stamping service is based on compliance with Regulation (EU) 910/2014 (eIDAS) and Law 6/2020 on electronic trust services.
Evidence Validity: To ensure maximum legal robustness, Veltia Trust uses Time Stamping Authorities (TSA) that operate under internationally recognized security standards.
Custody and Availability: Veltia Trust guarantees the Customer the generation and availability of the stamping receipt (time token) associated with the sent hash.
Integrity Proof: The Customer recognizes that the proof of integrity of the original document depends on the exact match between the hash of the document kept by the Customer and the time stamp issued by the Veltia Trust API.
Validity and Liability Limits: Veltia Trust guarantees the availability of the stamping receipts on its servers for a period of 12 months from their generation. The technical long-term validity of the stamp depends on the Time Stamping Authority (TSA) and the validity of its cryptographic certificates.
4. Payment Policy and Credit Consumption (Prepaid Model)
Access to the Veltia Trust service is managed through an electronic credit wallet model.
Automatic Charges: By activating the "Auto-Reload" functionality, the Customer authorizes Veltia Trust (through our secure payment processor, Stripe) to make automatic charges to the registered payment method when the credit balance drops below the configured threshold.
Refund Policy: Due to the digital nature and immediate execution of API requests, credits consumed in successful stamping operations are non-refundable under any circumstances.
Credit Validity: Purchased credits will remain active as long as the Customer's account remains active in the last 12 months.
5. Technical Specifications and Security
Hash Algorithm: The service exclusively uses the SHA-256 standard, guaranteeing total resistance to collisions and manipulations.
Evidence Format: The generated time stamps comply with the RFC 3161 standard, allowing their independent validation by third parties without the need for Veltia Trust's intervention.
Data Protection: Veltia Trust does not store personal data (PII) in its Trust Event records, complying with the data minimization principle of the GDPR.
6. Security and Access Restrictions (Whitelist)
Access Control: Veltia Trust allows the Customer to configure a white list (Whitelist) of authorized IP addresses to make requests to the API.
Customer Responsibility: It is the Customer's exclusive responsibility to keep their list of authorized IPs updated and to safeguard their access credentials (API Keys).
Preventive Blocking: Veltia Trust reserves the right to temporarily block any access that comes from an unauthorized IP or that presents suspicious traffic patterns that could compromise the integrity of the service.