20022validator.com ("the service," "we," "us," or "our") is operated by NextGenRails™. The service accepts ISO 20022 financial messages and issues cryptographically signed receipt artifacts that prove a message's validation state. This Privacy Policy explains what personal information we collect, how we use and protect it, and the choices you have. It works alongside our Terms of Service, including the Zero Retention Policy described there.
This policy does not cover third-party websites we link to, which maintain their own privacy practices.
When you submit an ISO 20022 message for validation, it is read into memory, hashed field-by-field (SHA-384) into a Merkle commitment, and used to compute your signed receipt. ISO 20022 messages can contain sensitive financial information (such as party names, account identifiers, and amounts). The receipt records only the cryptographic commitment and minimal metadata (such as the detected message type and field count) — not the message itself. We keep no copy of your submitted message and cannot reconstruct it. See Section 3.
When you purchase a pack or subscription, we store records needed to deliver and manage your access, including your email address, your Stripe customer and subscription identifiers, your plan/tier, usage counts, status, and timestamps. Access codes are stored only as a one-way hash, not in plain text. This account data is stored using Netlify Blobs.
Payments are processed by Stripe. We do not collect, see, or store your full payment card number, CVV, or bank details — Stripe handles those directly under its own privacy policy. We retain only transaction and customer references for fulfillment and reconciliation.
To protect the service from automated abuse, the submission and re-evaluation forms use Cloudflare Turnstile, which receives your IP address and a challenge token to confirm you are human.
The site serves fonts via Google Fonts, which may receive your IP address when your browser requests them. Our hosting provider (Netlify) processes connection data such as IP addresses to deliver and secure the site.
We do not run third-party advertising or behavioral-analytics trackers on this site, and we do not build advertising profiles about you.
If you email us, we receive your email address and the contents of your message and use them to respond to your request.
Consistent with the Zero Retention Policy in our Terms, NextGenRails™ does not store, log, or archive the content of any ISO 20022 message you submit. Submitted content exists only in memory for the duration of receipt computation and is discarded immediately afterward. Because we keep no copy, we cannot reproduce, recover, or provide your submitted message in response to any request or legal process. You are solely responsible for retaining your own messages and issued receipts.
We share personal data only with the service providers ("sub-processors") that make the service work, and only as needed for them to perform their function:
| Provider | Purpose | Data involved |
|---|---|---|
| Stripe, Inc. | Payment & subscription processing | Email, payment details, customer/subscription IDs |
| Netlify, Inc. | Hosting, serverless functions & account-data storage (Blobs) | Account/access-code records, email, connection logs |
| Cloudflare, Inc. | Turnstile human-verification | IP address, challenge token |
| Google LLC (Fonts) | Serving web fonts | IP address |
To the extent the service anchors cryptographic proofs to a public blockchain, only hashes are anchored — never your message content or personal data.
You may request deletion of your personal data at any time (see Section 9). Requests are processed within 30 days.
Data is transmitted over encrypted connections (HTTPS/TLS). Access codes are stored as one-way hashes.
No method of transmission or storage is perfectly secure. While we take reasonable measures to protect your information, we cannot guarantee absolute security.
Depending on where you live, you may have the right to access, correct, delete, export, or restrict the processing of your personal data, and to object or withdraw consent. To exercise any of these, email ngr.admin@proton.me. We will respond within the timeframe required by applicable law, and within 30 days for deletion requests.
California residents: we do not sell or share your personal information as defined by the CCPA/CPRA, and we will not discriminate against you for exercising your rights.
You may also lodge a complaint with your local data protection authority. For the full disclosure covering all NextGenRails™ properties, see nextgenrails.net/legal.
NextGenRails™ operates from the United States, and our providers process and store data in the United States and other countries. If you access the service from outside the United States, your information will be transferred to and processed in the United States, which may have data-protection laws that differ from those where you live.
The service is intended for business and professional use and is not directed to children. We do not knowingly collect personal information from anyone under 16. If you believe a minor has provided us information, contact us and we will delete it.
We may update this Privacy Policy from time to time. Material changes will be posted to this page with a revised "Last Updated" date. Continued use of the service following any modification constitutes acceptance of the revised policy.
For privacy questions or to exercise your data rights, contact NextGenRails™ at:
This Privacy Policy is provided for transparency and does not constitute legal advice.