Privacy Policy

Last updated: April 21, 2026

Sigil is a decentralized, Git-native protocol. Our approach to privacy is built on the principle of zero data collection.

1. Data Collection

The Sigil protocol and its official CLI tool do not collect, store, or transmit any personal data to our servers. All agreement generation, hashing, and GPG signing occur locally on your machine.

2. Third-Party Services

Agreements created via Sigil are stored in Git repositories. If you choose to host these repositories on platforms like GitHub, GitLab, or Bitbucket, your data is subject to those platforms' privacy policies.

3. Cryptographic Identity

Sigil uses your existing GPG keys for identity verification. We never have access to your private keys. Public keys are only used locally to verify signatures within your own Git environment.

4. Registry Privacy

The optional Public Registry only stores cryptographic hashes (SHA-256) of agreements. These hashes act as anonymous pointers and do not contain any legible content or metadata from the original agreement.

5. Changes to This Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page.

For any questions regarding privacy, please contact the maintainers via the GitHub repository.