Privacy Policy
Effective: April 18, 2026 · Last updated: May 15, 2026
This Privacy Policy explains how Pruvstamp ("we", "us", "our") collects, uses, and protects your information when you use the Pruvstamp application and website (collectively, the "Service").
1. Information We Collect
Information you provide
Account information: email address, display name, authentication provider (Google or email). Payment information: processed and stored by Stripe; we do not store credit card numbers. Content: photos and videos you certify, upload, or list on the marketplace.
Information collected automatically
Device information: device model, operating system, StrongBox/Secure Enclave capability, device public keys for cryptographic attestation. Usage data: certification timestamps, file hashes (SHA-256 of your content), subscription status, bandwidth consumption. Technical data: IP address, request logs retained for security and abuse prevention.
Information from third parties
If you sign in with Google, we receive your email address and display name from Google. We receive payment event data from Stripe (subscription status, invoice events).
2. How We Use Your Information
We use your information to: provide and maintain the Service; process certifications and anchor hashes on the blockchain; manage your account and subscriptions; process marketplace transactions; send transactional emails (account linking, verification codes); detect and prevent fraud, abuse, and security incidents; comply with legal obligations.
We do not sell your personal information. We do not use your content for advertising. We do not use your content to train machine learning models.
Content scanning policy. Files that remain in your private library are not automatically scanned. Automated content analysis applies only when you make a file publicly accessible — by listing it on the marketplace or publishing it on your public channel. For private content, we rely on user reporting and law enforcement referrals.
Public files may be analyzed by third-party content-moderation services (image and video recognition) to detect prohibited content prior to publication. These services process file content but do not retain it. See § 3 for the list of third-party services we use.
3. Third-Party Services
We use the following third-party services to operate Pruvstamp. Each processes data according to their own privacy policies:
Supabase (authentication, database) — Stripe (payments, subscriptions, seller payouts) — Backblaze B2 (file storage) — Cloudflare (CDN, DNS, email routing) — Google (OAuth sign-in, Play Integrity attestation) — Resend (transactional emails) — Railway (backend hosting) — Vercel (web hosting) — Base/Ethereum (public blockchain for certification hashes).
4. Blockchain Data
Certification hashes are written to a public blockchain (Base, an Ethereum Layer 2 network). This data is public, permanent, and cannot be deleted or modified by anyone, including Pruvstamp. On-chain records contain only cryptographic hashes — not your files, personal information, or account details. However, if someone possesses your original file, they can verify its hash against the blockchain record.
5. Data Retention
Account data: retained while your account is active. Upon account deletion, personal information is immediately scrubbed (email replaced, display name cleared). The account record is retained in anonymized form for 30 days for audit purposes, then permanently purged.
Files: removed from our servers when no active retention reason exists (no cloud backup, no active share link, no public page, no marketplace listing).
Blockchain records: permanent and immutable. Cannot be deleted.
6. Your Rights
You may: access your account data via the app (Settings); delete your account at any time (Settings → Delete account), which triggers immediate PII removal and content cleanup; unlink email identities from your account; export your data by downloading your certified files before deletion. To exercise other data rights or for GDPR/privacy requests, contact us at contact@pruvstamp.com.
7. Data Security
We implement industry-standard security measures including: encrypted data in transit (TLS); encrypted data at rest (server-side encryption); hardware-backed key storage (StrongBox/Secure Enclave); row-level security on database tables; access controls and principle of least privilege. However, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.
8. Children
The Service is not directed to children under 18. We do not knowingly collect personal information from children. If we learn that we have collected information from a child, we will delete it promptly.
9. International Transfers
Your data may be processed in countries other than your country of residence, including the United States and the European Union, through our third-party service providers. By using the Service, you consent to such transfers.
10. Changes
We may update this Privacy Policy from time to time. Material changes will be communicated via the Service or email. Continued use after changes constitutes acceptance.
11. Contact
For privacy-related questions or requests, contact us at contact@pruvstamp.com.