SECURITY
Security you can trust.
Your data is protected with GDPR-compliant infrastructure providers, with encryption in transit and at rest. Receipt records document access, review activity, and acknowledgement in a focused, file-ready format without over-claiming what that means.
Receipt is not an e-signature tool. It does not verify identity by default, and it doesnot assess understanding, consent, or intent.
Security posture
Receipt is designed to protect data by default while keeping a clear, auditable record model for operational use.
Protect data end to end
Data is encrypted in transit and encrypted at rest across our core infrastructure.
Use GDPR-compliant providers
Our infrastructure stack is built on providers aligned with GDPR requirements.
Minimise data
Record only what’s needed to evidence access and acknowledgement.
Make it exportable
A consistent record your team can store with the matter.
If you need identity verification, signing, or advanced compliance workflows, Receipt should sit alongside those tools, not pretend to replace them.
Encrypted end to end
Data is encrypted in transit and at rest across GDPR-compliant infrastructure providers. Protection is applied by default, not as an optional setting.
Mandatory network audit trail
IP address and user-agent are recorded for every access and acknowledgement event, giving your team a consistent forensic trail for investigations and compliance review.
Version-locked evidence
Every event is tied to a document hash and version, so you can prove exactly what was delivered, reviewed, and acknowledged.
What Receipt records
Receipt is built around a small set of facts. Typical fields include:
Fields
• Delivery time
• First open time
• Maximum scroll depth
• Time spent on page
• Acknowledgement status
• Acknowledgement submission time
• IP address and user agent
• Document hash and version
You control what you store and how long you keep it, align this with your internal policies and your Privacy notice.
What Receipt doesn’t do
No e-signatures
Receipt doesn’t replace signing workflows or identity verification tools.
No identity verification by default
It records access behaviour, not who someone “really is”.
No ‘understanding’ claims
Receipt never asserts comprehension, intent, consent, or agreement.
No analysis
No AI interpretation. No sentiment. No conclusions.
Data handling & retention
What you store (and for how long) should match your internal policies. Our Privacy page covers personal data and retention at a high level.