Privacy Policy - Content Proof

Last updated: June 16, 2025

Introduction

Content Proof is committed to protecting your privacy and being transparent about how we handle your information. This Privacy Policy explains what data we collect, how we use it, and your rights regarding your personal information.

Information We Collect

1. Account Information

When you sign in with Google, we collect:

• Email address: Your Gmail address for identity verification
• Basic profile information: Name and profile picture from your Google account
• Authentication tokens: Temporary tokens to maintain your session

2. Signature Metadata

When you sign files, we store:

• File hash: SHA-256 fingerprint of your file (not the file itself)
• Timestamp: When the signature was created
• Signature data: Cryptographic signature for verification purposes
• Public key identifier: Reference to the key used for signing

3. Usage Information

We may collect:

• Access logs: When you use our service and which features you access
• Performance data: How long operations take and any errors encountered
• Analytics data: Aggregated usage patterns to improve our service

What We Don't Collect

Files and Content

• Your files: We never store the actual files you upload
• File contents: Files are processed locally in your browser when possible
• Personal documents: No access to your personal files or Google Drive

Sensitive Information

• Passwords: We don't have access to your Google password
• Financial information: No payment processing data
• Browsing history: No tracking of your activity outside our service

How We Use Your Information

1. Service Provision

• Authentication: Verify your identity for secure access
• Signature creation: Generate cryptographic signatures tied to your Gmail identity
• Verification: Enable others to verify signatures you've created

2. Service Improvement

• Performance optimization: Identify and fix technical issues
• Feature development: Understand how users interact with our service
• Security enhancement: Detect and prevent abuse

3. Communication

• Service updates: Important changes to our service
• Security notifications: Alerts about your account security
• Support responses: Answers to your questions and issues

How We Share Your Information

With Third Parties

We only share information with:

Google: Your authentication is handled by Google OAuth. Google's privacy policy applies to this interaction.

Vercel: Our hosting provider processes data according to their privacy policy and security standards.

Upstash: Our Redis provider stores session and signature metadata with enterprise-grade security.

Public Information

Some information is intentionally public:

• Signature verification data: Anyone with a QR code can verify signatures
• Signer identity: Gmail addresses are included in signature data for verification
• Public keys: Available publicly for signature verification

We Never Sell Data

We do not sell, rent, or trade your personal information to third parties for marketing purposes.

Data Security

Encryption

• Data in transit: All data is encrypted using TLS/SSL
• Data at rest: Stored data is encrypted using industry-standard methods
• Authentication: Secure OAuth 2.0 implementation with Google

Access Controls

• Limited access: Only authorized personnel can access user data
• Audit logging: All data access is logged and monitored
• Regular reviews: Access permissions are reviewed regularly

Security Practices

• Vulnerability scanning: Regular security assessments
• Incident response: Procedures for handling security incidents
• Data minimization: We collect only necessary information

Data Retention

Signature Data

• Retention period: Signature metadata is retained for 1 year by default
• Extended retention: Users can request longer retention for important signatures
• Automatic deletion: Old signatures are automatically deleted after the retention period

Account Information

• Active accounts: Retained while your account is active
• Inactive accounts: Deleted after 2 years of inactivity
• Account deletion: Immediately deleted when you request account closure

Legal Requirements

We may retain data longer if required by law or for legitimate business purposes such as fraud prevention.

Your Rights and Choices

Data Access

You have the right to:

• View your data: Request a copy of all data we have about you
• Signature history: Access a list of all signatures you've created
• Account information: Review your profile and authentication data

Data Control

You can:

• Delete signatures: Remove individual signatures you've created
• Close your account: Delete all your data from our systems
• Opt out: Disable analytics tracking (where applicable)

Data Portability

• Export signatures: Download your signature data in standard formats
• QR codes: Keep copies of your QR codes for offline verification
• Verification records: Export verification history for your records

Cookies and Tracking

Essential Cookies

• Session cookies: Required for authentication and basic functionality
• Security cookies: CSRF protection and secure session management

Analytics (Optional)

• Usage analytics: Aggregated data to improve our service
• Performance monitoring: Error tracking and performance optimization
• Opt-out available: You can disable analytics tracking

No Advertising

We do not use cookies for advertising or tracking for marketing purposes.

International Data Transfers

Our service operates globally, and your data may be processed in:

• United States: Primary data processing location
• European Union: Backup and redundancy systems
• Data protection: All transfers comply with applicable privacy laws

Children's Privacy

Content Proof is not intended for children under 13. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us immediately.

Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices or for legal reasons. We will:

• Notify users: Email notification of significant changes
• Version history: Maintain previous versions for reference
• Effective date: Clearly indicate when changes take effect

Contact Information

Privacy Questions

If you have questions about this Privacy Policy or our privacy practices:

Email: seansoreilly@gmail.com

Response time: We aim to respond within 48 hours

Data Requests

For data access, deletion, or portability requests:

Email: data@contentproof.app

Processing time: Most requests processed within 30 days

Security Issues

To report security vulnerabilities:

Email: security@contentproof.app

Response: Critical issues addressed within 24 hours

Legal Compliance

Applicable Laws

This Privacy Policy is designed to comply with:

• GDPR: European Union General Data Protection Regulation
• CCPA: California Consumer Privacy Act
• PIPEDA: Canada Personal Information Protection and Electronic Documents Act

Data Protection Officer

For GDPR-related inquiries, contact our Data Protection Officer: Email: dpo@contentproof.app

Jurisdiction

This Privacy Policy is governed by the laws of [Your Jurisdiction], and any disputes will be resolved in the courts of [Your Jurisdiction].