Privacy Policy

Last updated: March 2026

ProveIT ("we", "us", "our") operates the ProveIT mobile application and the proveit-app.com website (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

1. Information We Collect

1.1 Information You Provide

• Account Information: When you create an account, we collect your email address, display name, and username.
• Captures: Photos and videos you take with the in-app camera are processed for verification. You choose which captures to verify and upload.
• Payment Information: If you subscribe to a paid plan, payment is processed by a third-party payment provider (e.g., Apple In-App Purchase, Stripe). We do not store your full payment card details; we may receive a transaction identifier and subscription status.
• Communications: If you contact us, submit feedback, or report content, we collect the information you provide.

1.2 Information Collected Automatically

• Device Information: Device model, operating system version, app version, unique device identifiers, and device capabilities.
• Capture Metadata: Timestamp of capture and, only if you enable location services, GPS coordinates at the time of capture.
• Cryptographic Data: SHA-256 hashes and perceptual fingerprints of your captures, used for verification and reverse-image lookup.
• Usage & Analytics Data: We may collect anonymous or pseudonymous analytics data including feature usage, session duration, crash logs, and performance metrics. This data helps us diagnose issues, understand usage patterns, and improve the Service. We may use first-party or third-party analytics tools (such as Firebase Analytics, Mixpanel, or similar services) for this purpose.
• Log Data: Our servers automatically record information such as IP addresses, request timestamps, referring URLs, and browser or app configuration. This data is used for security, debugging, and infrastructure monitoring.
• Push Notification Tokens: If you enable push notifications, we collect a device token to deliver notifications. You can disable notifications at any time in your device settings.

1.3 Information We Do Not Collect

• We do not access your device's photo library, contacts, or any data outside the ProveIT camera unless you explicitly grant permission for a specific feature.
• We do not use facial recognition or biometric analysis on your captures.
• We do not sell your personal data to third parties.

2. How We Use Your Information

• Verification: To cryptographically verify the authenticity and integrity of your captures.
• Account Management: To create and maintain your account, authenticate your sessions, process subscriptions, and enforce security policies.
• Public Attribution: If you opt in, your username may be displayed alongside your verified captures on the public verification page.
• Blockchain Registration: Verified capture hashes may be recorded on a public blockchain to provide an immutable proof of authenticity. Only cryptographic hashes are stored on-chain — not the image or video content.
• Content Moderation: To review reported content and enforce our Terms of Service.
• Analytics & Improvement: To diagnose issues, analyse usage trends, monitor performance, and improve the user experience.
• Communications: To send you transactional messages (e.g., email confirmation, password reset), and, where permitted, to inform you about new features, updates, or promotional offers. You can opt out of non-essential communications at any time.
• Security & Fraud Prevention: To detect, prevent, and respond to security incidents, fraud, or abuse.

3. How We Share Your Information

• Public Verification Pages: When you verify a capture, its metadata (timestamp, three-word code, verification status, and optionally your username) becomes publicly viewable.
• Blockchain: Cryptographic hashes of verified captures are stored on a public blockchain and are inherently public and immutable.
• Service Providers: We work with third-party service providers for hosting, authentication, storage, analytics, payment processing, email delivery, and other operational needs. These providers process data on our behalf under contractual confidentiality obligations.
• Business Transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change.
• Legal Requirements: We may disclose information if required to do so by law, regulation, legal process, or governmental request, or to protect our rights, privacy, safety, or property.

4. Cookies & Tracking Technologies

Our website may use cookies, local storage, and similar technologies to maintain session state, remember preferences, and gather analytics data. The mobile app may use device-level identifiers for analytics and push notifications. You can manage cookie preferences through your browser settings. Essential cookies required for the Service to function cannot be disabled.

5. Data Storage & Security

Unverified captures are stored only on your device in the app's private sandbox with hardware-level encryption. Verified captures are uploaded to our secure servers and stored in encrypted cloud storage. We use industry-standard security measures including TLS encryption in transit, AES-256 encryption at rest, role-based access controls, and regular security audits.

While we take commercially reasonable measures to protect your data, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security.

6. Data Retention

• Local captures: Stored on your device until you delete them or delete your account.
• Verified captures: Upon account deletion, verified captures are anonymised (personal identifiers removed) and may be retained for public verification purposes. Blockchain records are permanent and cannot be deleted.
• Account data: Retained until you delete your account. Upon deletion, your personal data is removed from our servers as described in Section 12 of our Terms of Service.
• Analytics data: Aggregated and anonymised analytics data may be retained indefinitely for product improvement.
• Log data: Server logs are retained for a limited period for security and debugging purposes, then automatically deleted or anonymised.

7. Your Rights

Depending on your jurisdiction (including under GDPR, CCPA, or other applicable data protection laws), you may have the right to:

• Access the personal data we hold about you.
• Request correction of inaccurate data.
• Request deletion of your account and personal data (subject to blockchain immutability and the retention of anonymised verified captures).
• Request portability of your data in a machine-readable format.
• Withdraw consent for optional features like location services, push notifications, or public attribution.
• Object to or restrict certain processing of your data.
• Lodge a complaint with a supervisory authority.

To exercise these rights, contact us at privacy@proveit-app.com. We will respond within 30 days or as required by applicable law.

8. Location Data

Location data is entirely optional. You can enable or disable location embedding in the app's settings at any time. When disabled, no GPS coordinates are captured or transmitted. When enabled, coordinates are embedded in the capture's metadata and stored with the verification record.

9. International Data Transfers

Your data may be processed and stored in countries outside your country of residence, including the United States. Where required by law, we ensure appropriate safeguards are in place (such as Standard Contractual Clauses) to protect your data during international transfers.

10. Children's Privacy

The Service is not intended for children under 13 years of age (or the minimum age required in your jurisdiction). We do not knowingly collect personal information from children under this age. If we become aware that we have collected data from a child below the applicable minimum age, we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page, updating the "Last updated" date, and where appropriate, notifying you via email or in-app notification. Continued use of the Service after changes constitutes acceptance of the revised policy.

12. Contact Us

If you have questions about this Privacy Policy, please contact us at privacy@proveit-app.com.