Privacy Agreement

01What We Do Not Have

PRUF does not collect, store, process, or retain Personally Identifiable Information. This is enforced by system architecture, not by internal policy.

Biometric Data. No face images, fingerprints, voiceprints, or iris scans are stored anywhere in our systems. Raw biometric data is processed entirely on your device and destroyed before any network transmission occurs.

Direct Identifiers. No full legal names, physical addresses, email addresses, telephone numbers, social security numbers, government ID numbers, or external financial account numbers.

Tracking Data. No browsing history, search history, third-party website interaction logs, advertising identifiers, cross-app tracking tokens, or behavioral profiles.

Advertising Data. PRUF does not serve advertisements. There is no advertising infrastructure. There is no data collection for advertising purposes. Zero Ads is a structural covenant, not a feature toggle.

AI Training Data. PRUF does not use, license, sublicense, sell, or process any user-generated content for artificial intelligence training, machine learning model development, or any derivative computational purpose. Your content belongs to your hash.

02Your Biometrics

2.1Face Verification

When you verify as human, the following occurs entirely on your device:

Your device camera captures a face image. A cryptographic hash is generated from that image. The hash is a one-way mathematical transformation — it cannot be reversed back into a face. The original face image is then overwritten and destroyed in device memory. Only the hash is transmitted to PRUF's servers.

We receive a string of characters. We have no ability to reconstruct a face or any biometric data from this string. There is no master key, administrative override, or backdoor that allows PRUF or any third party to reverse a hash into biometric data. This is a mathematical constraint, not a policy decision.

2.2Camera Verification

PRUF's camera system uses your device's sensors to verify that photographed subjects exist in three-dimensional space. This prevents AI-generated images and deepfakes from entering the system. PRUF does not receive or store the sensor data used for this verification — only the binary result (verified or not verified) is recorded as metadata on the photo.

03Your Content

Content you post belongs to your hash. PRUF does not claim ownership, license rights, or derivative rights over your content. We do not monetize or derive insights from user content.

Content moderation is performed by automated AI review before publishing, with human escalation for ambiguous cases and appeals. See Terms of Service for moderation details.

If your account is deleted, your content is removed. If your account is permanently suspended, your content access is revoked.

04Your Storage

4.1Local Storage

Verified photos are stored locally on your device in an encrypted vault. Local storage is free. PRUF does not access, sync, or back up local vault content.

4.2Published Content

When you publish a photo or letter to the PRUF network, your content is split into fragments and stored across PRUF's infrastructure. These fragments are identified solely by cryptographic hashes — not by your identity, your handle, or any personal information. The fragments and the instructions for reassembling them are stored in separate systems. A breach of any single system would not expose your content, because no single system contains both the pieces and the order in which they belong.

Published content is associated with your hash — not with you as a person. PRUF cannot determine who created a piece of content without external information, because PRUF does not know who any hash belongs to.

If your account is deleted, your published content is removed from PRUF's infrastructure. If your account is permanently suspended, your content remains but your access is revoked.

05Law Enforcement and Legal Compliance

5.1What We Can Provide

PRUF Systems Inc. is a Delaware corporation and complies with all valid legal processes issued by authorized government agencies. Upon receipt of a valid subpoena, court order, or warrant, we will disclose the data we possess — which is limited to cryptographic hashes, transaction records between hashes, and public content posted by hashes.

5.2What We Cannot Provide

We cannot provide — because we do not possess:

• The real name of any user
• The face of any user
• The email, phone number, or physical address of any user
• Raw biometric data of any kind

Law enforcement may use the information we provide to identify individuals through independent investigative means. PRUF can confirm that a specific hash was associated with specific actions. PRUF cannot confirm who the hash is.

06Data Breach

If PRUF's systems are breached, the attacker obtains cryptographic hashes tied to other cryptographic hashes. There are no names to steal. There are no faces to leak. There are no emails to harvest. There are no passwords to crack. The vault is empty by design.

We will notify affected users through the PRUF network and public channels within 72 hours of discovering a breach, in compliance with applicable law.

07Your Rights

7.1Right to Deletion

You may request account deletion at any time through the app settings. Upon deletion, your content is removed and your hash is retired. Anonymous transaction records may remain for system integrity.

7.2Right to Data Export

You may request a complete export of all data associated with your hash.

08Changes to This Agreement

Updated terms will be published at pruf.network/privacy with a changelog. Because we have no email addresses, changes will be announced through the PRUF network and in-app notification. Continued use after updates constitutes acceptance.