Privacy Policy for PoH Service

Last Updated: May 23, 2025

Welcome to the Proof of Humanity (PoH) Service ("Service", "we", "us", "our"). We are committed to protecting your privacy and handling your data in an open and transparent manner. This Privacy Policy details how we collect, use, and safeguard your information.

1. Information We Collect

We collect different types of information depending on your interaction with our Service:

a. For Business Clients using our Dashboard:

  • Account Information: When you register for a business account, we collect your business name, contact email address, and a securely hashed password.
  • API Key Information: We store information related to the API keys you generate, such as a key prefix, a hash of the full key, its status, and creation date. The full API key is displayed to you only once upon creation and is not stored by us in its original form.
  • Usage Data (Future): We may collect aggregated, anonymized data about your API key usage for service improvement, billing, and analytics displayed on your dashboard.

b. For End-Users undergoing PoH Verification:

  • PoH Username: End-users provide a username to associate with their Proof of Humanity verification.
  • WebAuthn Credentials: During the WebAuthn ceremony, cryptographic public key credentials (attestations) are generated. We store these public key credentials, which are linked to the PoH username. **Crucially, raw biometric data (like your fingerprint or face scan image) never leaves your device and is not transmitted to or stored by us.** The WebAuthn process uses these on-device biometrics to create a secure digital signature.
  • Human Verification Status: We store a boolean flag indicating whether a PoH username has successfully completed the verification.

c. Website Visitors:

We may collect standard anonymous analytics data (e.g., page views, browser type) to improve our website experience, using privacy-respecting analytics tools if implemented.

2. How We Use Your Information

  • To provide, maintain, and improve our PoH Service.
  • To manage business accounts, process API calls, and facilitate dashboard functionalities.
  • To communicate with business clients regarding their account or service updates.
  • To prevent fraud, secure our platform, and enforce our terms.
  • For billing and invoicing (when payment features are implemented).

3. Data Security

We implement appropriate technical and organizational measures to protect your data against unauthorized access, alteration, disclosure, or destruction. This includes secure password hashing, HTTPS for data transmission, and regular security reviews.

4. Data Sharing and Disclosure

We do not sell your personal information. We may share information under the following limited circumstances:

  • With your consent.
  • With service providers who assist us in operating our Service (e.g., database hosting, payment processors), under strict confidentiality agreements.
  • If required by law, subpoena, or other legal process.
  • To protect our rights, property, or safety, or that of our users or the public.

5. Your Data Rights (Placeholder)

Details on how you can access, update, or delete your information will be provided here.

6. Cookies

Our Business Dashboard uses essential session cookies to maintain your login state. We do not use tracking cookies for advertising purposes on our core service pages.

7. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any significant changes by posting the new policy on this page and updating the "Last Updated" date.

8. Contact Us

If you have any questions about this Privacy Policy, please contact us at privacy@yourpohservice.com (Replace email).