Privacy Policy

Effective April 18, 2026

ProofSelf is operated by Jorge Pintos Quisama, based in Somose Hegn 6, 2750 Ballerup, Denmark. This policy explains what data we collect, why we collect it, how we use it, how long we keep it, and your rights.

1. Who We Are

Jorge Pintos Quisama (“we”, “us”, “our”) is the data controller for ProofSelf, based at Somose Hegn 6, 2750 Ballerup, Denmark. Our servers are hosted on Google Firebase in the European Union (eur3) region. If you have questions about this policy, contact us at privacy@proofself.com.

2. Age Requirement

ProofSelf is for users aged 18 and older. We do not knowingly collect data from anyone under 18. If we learn that a user is under 18, we will delete their account and all associated data.

3. Data We Collect

Account data. When you sign up we collect your username, authentication method (Apple, Google, or email), chosen identity path, and language preference. Your email address is used for authentication and is stored by Firebase Authentication. It is not written to your public user profile.

Video content. When you submit a proof, we store the video you capture. We process your video to add the ProofSelf overlay. Raw uploads are deleted after processing. Retention depends on your subscription tier and is described in Section 7 below.

Video content and biometric considerations. Proof videos often contain your face, your voice, and may reveal your physical surroundings. We treat this content with care. ProofSelf does not run facial recognition, biometric identification, emotion analysis, voice analysis, or automated biometric profiling on your videos. We do not build or maintain a database of facial templates. Videos are stored so that you and your circle members can view them as part of the accountability service, and for no other purpose. We do not use your videos to train AI models.

Usage data. We record your daily streak, continuity streak, active standards, proof submission history, and interactions with in-app features.

Subscription and tier data. We record your subscription tier, tier history, subscription status, and any tier-related metadata required to operate the service.

Profile and verification data. If you add optional profile fields (company link, social link, verification link), we store that information. If you use any verification feature, we store the data required to display the verification result inside the app. ProofSelf does not audit, re-process, or independently verify the underlying financial or business data from third-party sources.

Circle and flagging data. We store your circle memberships, circle roles (member, creator), and any flags you submit or receive. Flag submissions are confidential. Flag metadata (who flagged whom, the reason category, and the review outcome) is retained for moderation integrity.

Device information. We collect app version, platform, and device model for debugging when you submit feedback. We do not store permanent device identifiers. We use ephemeral session tokens only.

Analytics (optional). If you consent, we collect anonymous usage events via Firebase Analytics and PostHog (screen views, feature usage, session duration). Analytics use an anonymized installation ID that resets on app reinstall. You can opt out at any time in Settings.

Social link (optional). You may add one social media link to your profile. You control its visibility: everyone, Your 5 members only, or hidden.

Support and feedback. If you contact support or submit feedback, we store your message, your email, and the device info you provide for debugging.

4. How We Use Your Data

We use your data to provide and improve the ProofSelf service:

• Authenticate your account and manage your subscription
• Process and store your proof videos
• Calculate and display your streaks and Proof Score
• Enable Your 5 and circle membership features
• Operate tier-based features and verification displays
• Operate the reporting and flagging system for content moderation
• Respond to feedback and support requests
• Detect and prevent fraud, abuse, and violations of our Terms
• If you consent, analyze anonymous usage patterns to improve the app

We do not sell your data. We do not use your data for advertising. We do not use your videos or your voice to train AI models. We do not share your proof videos with any party outside ProofSelf, except with your circle members as part of the service.

5. Lawful Basis (GDPR)

We process your data based on:

• Your consent — for analytics, optional profile fields, marketing-use opt-in for exported videos
• Performance of our contract with you — for account, video processing, streaks, Your 5, subscription management, and verification displays
• Our legitimate interest — for preventing abuse, operating the flagging and moderation system, and improving the service
• Compliance with legal obligations — where applicable under Danish and EU law

Because proof videos may contain facial images, we treat them with additional care. We do not process them for biometric identification or categorization purposes. Our processing is limited to the storage, overlay, and display operations required to deliver the service to you and your chosen circle members.

6. Data Sharing

We share data with the following service providers, solely to operate ProofSelf:

• Google Firebase — authentication, database, storage, analytics, hosting, in the EU region (eur3)
• RevenueCat — subscription management and purchase validation
• Apple — App Store, Sign in with Apple, payment processing
• Google — Google Play, Sign in with Google, payment processing (if applicable)
• PostHog — product analytics, only if you consent

We do not share your data with any other third parties.

Social links and external content. When you or another user taps a social link, you leave ProofSelf and are subject to that platform's privacy policy. We are not responsible for the privacy practices of third-party platforms.

Exported proof videos. When you export a proof video and share it outside ProofSelf (for example on social media), that video leaves our control and is subject to the privacy practices of the platform you share it on.

7. Data Retention

• Free tier proofs: Automatically deleted after a rolling 3-day window.
• Paid tier proofs: Retained according to the terms of your subscription tier, as stated at the point of purchase. Retention windows range from a limited rolling window to retention for the duration of your active subscription.
• Account data: Retained until you delete your account.
• Subscription records: Retained as required for accounting, tax, and legal compliance (generally 5 years under Danish law).
• Flag and moderation records: Retained for moderation integrity, typically for 12 months after the relevant account action, unless longer retention is required by law.
• Support and feedback submissions: Retained for product improvement purposes and may persist after account deletion in an anonymized form.

8. Account Deletion

You can delete your account at any time from Settings. When you request deletion, we delete all your data within 30 days, including:

• Your user profile and all profile fields
• All proof videos (Firestore records and Storage files, including any overlay-processed copies)
• Your circle memberships
• Your streak, Proof Score, and subscription metadata
• All analytics associations

Authentication credentials are deleted last. This action is permanent and cannot be undone.

We retain the minimum records required by law (for example, anonymized transaction records required for accounting), and we may retain flag-review outcomes without any identifier linking them to you. If a deletion request falls during an active abuse investigation, we may preserve a minimum record set for the duration of that investigation.

9. Your Rights

Under GDPR (EU), CCPA (California), and other applicable laws, you have the right to:

• Access the personal data we hold about you
• Correct inaccurate data
• Delete your data (see Section 8)
• Port your data — request a copy in a portable format
• Withdraw consent for analytics or marketing opt-ins at any time
• Object to processing based on legitimate interest
• Lodge a complaint with your local data protection authority (in Denmark, Datatilsynet)

To exercise any of these rights, contact privacy@proofself.com. We respond to verified requests within 30 days.

10. Cross-Border Data Transfers

ProofSelf is operated from Somose Hegn 6, 2750 Ballerup, Denmark. Our Firebase infrastructure is in the EU (eur3 region). Your data is stored and processed within the European Economic Area. If you access ProofSelf from outside the EU, your data is transferred to and processed in the EU, under protections consistent with GDPR.

11. Security

We use Firebase Security Rules to restrict data access. Video uploads are limited to a maximum size enforced on the server. Client applications cannot access processed video storage directly. We use Firebase App Check to prevent automated abuse. We use server-side enforcement for tier gates, retention rules, and moderation actions so that client-side tampering cannot bypass them.

No system is perfectly secure. If we become aware of a security incident that affects your personal data, we will notify you and, where required, the relevant supervisory authority, in line with GDPR obligations.

12. Cookies

The ProofSelf mobile app does not use cookies. Our website (proofself.com) uses only essential cookies required for hosting.

13. Changes to This Policy

We may update this policy from time to time. We will notify you of material changes through the app or by email. Continued use of ProofSelf after changes constitutes acceptance of the updated Privacy Policy.

14. Contact

Jorge Pintos Quisama
Somose Hegn 6, 2750 Ballerup, Denmark
privacy@proofself.com · support@proofself.com