Privacy Policy

Effective date: March 28, 2026

1. Who We Are

ProofDrop (“ProofDrop,” “we,” “us,” or “our”) operates the website and services available at proofdrop.pro (the “Service”). ProofDrop provides AIVS (AI Verifiable Signature) proof bundle verification infrastructure for AI teams. This Privacy Policy explains what information we collect, how we use it, and your rights regarding your data.

2. Information We Collect

2.1 Account Information

When you create an account, we collect your email address and, if you sign in via Google OAuth, your Google profile name and profile photo URL. We do not receive your Google password. We do not collect payment card details directly — payments are processed by Stripe, Inc.

2.2 AIVS Bundle Data

When you submit an AIVS proof bundle for verification, we store the bundle structure (including the content hash, operation metadata, and signatures) and a timestamped verification result. AIVS bundles are designed to contain hashes of content, not content itself. We strongly recommend that you do not include personally identifiable information (PII), confidential data, or sensitive personal data in bundle metadata fields. ProofDrop is not responsible for any sensitive information you choose to include in bundle payloads.

2.3 Usage and Technical Data

We collect standard server logs including IP addresses (truncated), browser user agent strings, request timestamps, and HTTP response codes. This data is retained for up to 90 days for security, debugging, and abuse prevention purposes. We use this data in aggregate to understand how the Service is used; we do not sell or share this data with third-party advertisers.

2.4 Cookies and Session Data

We use a single authentication session cookie (“next-auth.session-token”) to maintain your logged-in state. We do not use third-party advertising cookies or tracking pixels. We may use a strictly necessary analytics cookie from our hosting provider (Vercel) to measure aggregate traffic. You may disable cookies in your browser, but this will prevent you from signing in.

3. How We Use Your Information

  • To provide, operate, and maintain the Service
  • To authenticate your identity and maintain your session
  • To store and associate AIVS receipts with your account
  • To process subscription payments through Stripe
  • To send transactional emails (sign-in magic links, billing receipts)
  • To detect and prevent fraud, abuse, and security incidents
  • To comply with applicable law and legal process

We do not sell your personal information. We do not use your data to train AI models. We do not share your data with third parties for marketing purposes.

4. AI-Specific Data Practices

ProofDrop is used by teams that operate AI systems. We take specific care with AI-related data:

  • We do not process, analyze, or read the content of your AI interactions. AIVS bundles are stored as structured JSON. We verify hashes; we do not interpret the underlying content those hashes represent.
  • We do not use submitted AIVS bundles for model training, inference improvement, or any AI/ML purpose.
  • Verification results (PASS/FAIL/ERROR) are computed deterministically from the bundle structure. No human reviewers inspect individual bundles except in response to a valid legal process or a reported security incident.

5. Data Sharing and Disclosure

We share your information only in the following circumstances:

  • Service providers: We use Vercel (hosting), Neon (database), Stripe (payments), Resend (transactional email), and Google (OAuth). Each processes only the data necessary to provide their respective service.
  • Public verification: Receipt IDs and verification results are publicly accessible via /receipt/[id] URLs. This is a core function of the Service. Do not submit bundles to ProofDrop if you do not wish the verification result to be publicly accessible.
  • Legal process: We may disclose information if required by law, court order, or valid legal process from a government authority.
  • Business transfers: If ProofDrop is acquired or merges with another company, your information may be transferred as part of that transaction. We will notify you before your information is transferred and becomes subject to a different privacy policy.

6. Data Retention

  • Account data: retained while your account is active, deleted within 30 days of account deletion request
  • AIVS receipts (Free tier): retained for 12 months
  • AIVS receipts (Starter tier): retained for 12 months
  • AIVS receipts (Pro tier): retained per your configured retention period (default 36 months)
  • Server logs: retained for 90 days
  • Stripe payment records: retained per Stripe's data retention policy and applicable financial regulations

7. Security

We implement industry-standard security measures including TLS encryption in transit, encrypted-at-rest database storage, bcrypt-hashed session tokens, and Content Security Policy headers. AIVS receipt data is protected by hash verification — any tampering with stored records is detectable by re-running verification against the original bundle. No security measure is perfect. If you discover a security vulnerability in ProofDrop, please contact us at security@proofdrop.pro.

8. International Transfers

ProofDrop infrastructure is hosted in the United States (Vercel, Neon — US East region). If you access the Service from the European Economic Area, United Kingdom, or other regions with data transfer restrictions, your data will be processed in the United States. By using the Service, you consent to this transfer.

9. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you
  • Correction: Request correction of inaccurate data
  • Deletion: Request deletion of your account and associated personal data
  • Portability: Request your receipt data in a machine-readable format
  • Objection: Object to processing of your personal data

To exercise these rights, email privacy@proofdrop.pro. We will respond within 30 days.

10. Children's Privacy

The Service is not directed to children under 16. We do not knowingly collect personal information from children under 16. If you believe a child has provided personal information to us, please contact us and we will delete it.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page and updating the effective date. For significant changes, we will send an email notification to your registered address. Continued use of the Service after changes constitutes acceptance of the updated policy.

12. Contact Us

For privacy-related questions, data requests, or concerns, contact us at: privacy@proofdrop.pro