Privacy Policy
Last updated: March 22, 2026
1. Introduction
Proof of You Inc. ("PoY", "we", "us", "our") operates proofofyou.com and its associated services. This Privacy Policy explains what data we collect, how we use it, who we share it with, and your rights regarding your personal information.
We built Proof of You around a core principle: we should never need to see your biometric data to verify your humanness. Our zero-knowledge architecture reflects that commitment in every design decision.
2. What We Collect
Biometric Hash
When you enroll, a one-way SHA-256 hash is generated entirely on your device. We never receive or store your actual biometric data - no photos, no voice recordings, no fingerprints. Only the irreversible hash is transmitted to our servers. This hash cannot be reversed to reconstruct your biometric features.
Email Address
If you sign up for the waitlist or create an account, we collect your email address to communicate with you about the service, send verification confirmations, and (with your consent) share product updates.
Usage Data
We collect metadata about your interactions with the service, including:
- API calls and verification requests
- Content stamps (metadata only - we never access or store the content itself)
- Feature usage patterns and session duration
Device Information
We collect basic device information such as browser type and operating system version to ensure compatibility and diagnose technical issues.
IP Address
Your IP address is hashed for abuse prevention and rate limiting. We never store IP addresses in plaintext.
3. What We Do NOT Collect
We deliberately avoid collecting the following:
- Actual biometric data - no photos, videos, voice recordings, or fingerprint scans ever leave your device
- Personal identity documents - no government IDs, passports, or driver's licenses
- Location data - we do not track your geographic location
- Social media profiles - we never scrape or link to your social accounts
- Browsing history - we do not track your activity outside our service
- Financial information - all payment processing is handled by Whop.com; we never see your payment details
4. How We Use Your Data
We use the data we collect for the following purposes:
- Verify your humanness - compare biometric hashes to confirm you are a real person
- Issue PoY badges - generate and maintain your verification credentials
- Process content stamps - record proof-of-authorship metadata for your content
- Prevent fraud and abuse - detect duplicate accounts, bot activity, and impersonation attempts
- Improve the service - analyze usage patterns to make PoY faster, more reliable, and more useful
- Communicate with you - send account notifications, security alerts, and (with consent) product updates
5. Data Storage and Security
All user data is stored in encrypted Supabase PostgreSQL databases. Our security measures include:
- Encryption at rest - all data encrypted with AES-256
- Encryption in transit - all connections use TLS 1.3
- Row-level security - database policies ensure users can only access their own data
- Service key rotation - database credentials and API keys are rotated on a regular schedule
- Access controls - admin access requires multi-factor authentication
6. Your Rights
Regardless of where you are located, we provide every user with the following rights:
- Access your data - request a copy of all data we hold about you
- Delete your account - permanently remove your account and all associated data
- Export your data - download your verification history and stamps in a portable format
- Opt out of marketing - unsubscribe from promotional emails at any time
- Correct your data - update inaccurate information on your account
- Restrict processing - request that we limit how we use your data
To exercise any of these rights, contact us at privacy@proofofyou.com. We will respond within 30 days.
7. Biometric Data Specific Rights (BIPA Compliance)
Important: Proof of You does not collect biometric data as defined by the Illinois Biometric Information Privacy Act (BIPA), the Texas Capture or Use of Biometric Identifier Act (CUBI), or Washington state biometric privacy laws.
The SHA-256 hash we store is a one-way cryptographic function. It cannot be reversed, decoded, or used to reconstruct any biometric features - including facial geometry, voiceprints, or fingerprints.
Our zero-knowledge architecture is specifically designed so that biometric data never leaves your device. The hash that reaches our servers is mathematically irreversible and does not constitute a "biometric identifier" under these statutes.
Despite this, we still obtain written consent before enrollment, provide clear disclosure of our practices, and honor all deletion requests - meeting or exceeding the requirements of BIPA, CUBI, and comparable state laws.
8. Third-Party Services
We use the following third-party services to operate PoY:
- Supabase - database hosting and authentication infrastructure
- Netlify - website hosting and content delivery
- Whop.com - payment processing for paid plans
- Resend - transactional and marketing email delivery
Each of these providers maintains their own privacy policies and security practices. We select partners who meet our standards for data protection and only share the minimum data necessary for each service to function.
9. Children
Proof of You is not intended for users under the age of 13. We do not knowingly collect personal information from children under 13. If we learn that we have collected data from a child under 13, we will delete that information promptly.
Our Family Protection feature allows parents or guardians to provide oversight for minor users between the ages of 13 and 17, including the ability to review verification activity and manage account settings.
10. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will notify registered users via email at least 30 days before the changes take effect.
Your continued use of Proof of You after changes become effective constitutes your acceptance of the updated policy. If you do not agree with the changes, you may delete your account at any time.
11. Contact Us
If you have questions about this Privacy Policy or how we handle your data, please contact us:
- Email: privacy@proofofyou.com
- Data Protection Officer: dpo@proofofyou.com