Legal

Privacy Policy

Effective Date: June 17, 2026  ·  Last Updated: June 17, 2026  ·  Issued by NextGenRails™
THE SHORT VERSION We never store the ISO 20022 messages you submit — they are hashed and discarded. We keep limited account data (your email and access-code records) to run your purchase, and we use a small set of providers for payments, hosting, and bot-protection. We do not run advertising or third-party analytics trackers, and we do not sell your data.
Table of Contents
  1. Who We Are & Scope
  2. Information We Collect
  3. What We Never Retain
  4. How We Use Information
  5. Third-Party Providers
  6. How We Share Information
  7. Data Retention
  8. Security & Your Access Code
  9. Your Rights & Choices
  10. International Transfers
  11. Children's Privacy
  12. Changes to This Policy
  13. Contact

Who We Are & Scope

20022validator.com ("the service," "we," "us," or "our") is operated by NextGenRails™. The service accepts ISO 20022 financial messages and issues cryptographically signed receipt artifacts that prove a message's validation state. This Privacy Policy explains what personal information we collect, how we use and protect it, and the choices you have. It works alongside our Terms of Service, including the Zero Retention Policy described there.

This policy does not cover third-party websites we link to, which maintain their own privacy practices.

Information We Collect

2.1 — Messages you submit

When you submit an ISO 20022 message for validation, it is read into memory, hashed field-by-field (SHA-384) into a Merkle commitment, and used to compute your signed receipt. ISO 20022 messages can contain sensitive financial information (such as party names, account identifiers, and amounts). The receipt records only the cryptographic commitment and minimal metadata (such as the detected message type and field count) — not the message itself. We keep no copy of your submitted message and cannot reconstruct it. See Section 3.

2.2 — Account & purchase data

When you purchase a pack or subscription, we store records needed to deliver and manage your access, including your email address, your Stripe customer and subscription identifiers, your plan/tier, usage counts, status, and timestamps. Access codes are stored only as a one-way hash, not in plain text. This account data is stored using Netlify Blobs.

2.3 — Payment data

Payments are processed by Stripe. We do not collect, see, or store your full payment card number, CVV, or bank details — Stripe handles those directly under its own privacy policy. We retain only transaction and customer references for fulfillment and reconciliation.

2.4 — Security & abuse-prevention data

To protect the service from automated abuse, the submission and re-evaluation forms use Cloudflare Turnstile, which receives your IP address and a challenge token to confirm you are human.

2.5 — Web fonts & server logs

The site serves fonts via Google Fonts, which may receive your IP address when your browser requests them. Our hosting provider (Netlify) processes connection data such as IP addresses to deliver and secure the site.

2.6 — Analytics

We do not run third-party advertising or behavioral-analytics trackers on this site, and we do not build advertising profiles about you.

2.7 — Communications

If you email us, we receive your email address and the contents of your message and use them to respond to your request.

What We Never Retain

Consistent with the Zero Retention Policy in our Terms, NextGenRails™ does not store, log, or archive the content of any ISO 20022 message you submit. Submitted content exists only in memory for the duration of receipt computation and is discarded immediately afterward. Because we keep no copy, we cannot reproduce, recover, or provide your submitted message in response to any request or legal process. You are solely responsible for retaining your own messages and issued receipts.

How We Use Information

Third-Party Providers

We share personal data only with the service providers ("sub-processors") that make the service work, and only as needed for them to perform their function:

ProviderPurposeData involved
Stripe, Inc.Payment & subscription processingEmail, payment details, customer/subscription IDs
Netlify, Inc.Hosting, serverless functions & account-data storage (Blobs)Account/access-code records, email, connection logs
Cloudflare, Inc.Turnstile human-verificationIP address, challenge token
Google LLC (Fonts)Serving web fontsIP address

To the extent the service anchors cryptographic proofs to a public blockchain, only hashes are anchored — never your message content or personal data.

How We Share Information

We do not sell your personal information, and we do not use it for cross-context behavioral advertising. Beyond the providers listed above, we may disclose information if required by law, regulation, or valid legal process, or where necessary to protect the rights, property, or safety of NextGenRails™, our users, or others. If NextGenRails™ is involved in a merger, acquisition, or sale of assets, information may transfer as part of that transaction, subject to this policy.

Data Retention

You may request deletion of your personal data at any time (see Section 9). Requests are processed within 30 days.

Security & Your Access Code

Data is transmitted over encrypted connections (HTTPS/TLS). Access codes are stored as one-way hashes.

YOUR ACCESS CODE IS YOUR CREDENTIAL. Anyone who has it can consume your receipt entitlement. Keep it confidential and do not share it. If you lose it, contact us with your purchase confirmation and we can help recover or replace it.

No method of transmission or storage is perfectly secure. While we take reasonable measures to protect your information, we cannot guarantee absolute security.

Your Rights & Choices

Depending on where you live, you may have the right to access, correct, delete, export, or restrict the processing of your personal data, and to object or withdraw consent. To exercise any of these, email ngr.admin@proton.me. We will respond within the timeframe required by applicable law, and within 30 days for deletion requests.

California residents: we do not sell or share your personal information as defined by the CCPA/CPRA, and we will not discriminate against you for exercising your rights.

You may also lodge a complaint with your local data protection authority. For the full disclosure covering all NextGenRails™ properties, see nextgenrails.net/legal.

International Transfers

NextGenRails™ operates from the United States, and our providers process and store data in the United States and other countries. If you access the service from outside the United States, your information will be transferred to and processed in the United States, which may have data-protection laws that differ from those where you live.

Children's Privacy

The service is intended for business and professional use and is not directed to children. We do not knowingly collect personal information from anyone under 16. If you believe a minor has provided us information, contact us and we will delete it.

Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be posted to this page with a revised "Last Updated" date. Continued use of the service following any modification constitutes acceptance of the revised policy.

Contact

For privacy questions or to exercise your data rights, contact NextGenRails™ at:

ngr.admin@proton.me
NextGenRails™ — Principal Steward
20022validator.com

This Privacy Policy is provided for transparency and does not constitute legal advice.