Humanmark BETA

Privacy Policy

Effective Date: July 23, 2025

Version: Beta 1.0

Introduction

Welcome to Humanmark. We've written this privacy policy to be clear and straightforward about how we handle your information. We believe you shouldn't need a law degree to understand what happens to your data.

Our core promise:

Humanmark proves you're human without compromising your privacy. We don't track you, we don't store personal data, and your biometric information never leaves your device.

Beta Service Notice

Humanmark is currently in beta. This means:

  • We're actively developing and improving the service
  • Features may change as we refine the product
  • Service interruptions may occasionally occur
  • We welcome feedback to help us improve

Our commitment to your privacy remains constant throughout our beta period and beyond.

About Humanmark

Humanmark SPC is a Social Purpose Corporation incorporated in Washington State. We provide human verification technology that distinguishes real people from automated systems without collecting personal information.

How Humanmark Works

Humanmark enables websites and applications to verify that you're a human being (not automation) without revealing your identity.

When you use Humanmark:

  1. A service requests human verification
  2. You confirm using your fingerprint, face, or passcode
  3. Your device creates a cryptographic proof
  4. We verify the proof is authentic
  5. We confirm to the service that you're human

No personal information is exchanged in this process.

About Verification Accuracy:

While we use secure hardware-based methods to verify humanity, no security system is perfect. Our service aims to provide strong protection against automation while preserving your privacy, but like all technology, it has limitations.

Information We Don't Collect

To be clear about our privacy-first approach, we do not collect:

  • Names or usernames
  • Email addresses
  • Phone numbers
  • Physical addresses
  • Actual biometric data (fingerprints or facial scans)
  • Location information
  • IP addresses for tracking purposes
  • Browsing history or activity
  • Advertising identifiers

Your Biometric Data

If you use fingerprint or face recognition with Humanmark:

Your biometric information never leaves your device.

When you verify with biometrics:

  • Your device performs the biometric match locally
  • Only a cryptographic signature is created
  • This signature confirms you authenticated but contains no biometric data
  • We receive only the signature, never your actual biometric information

This is the same secure process used by mobile banking and payment applications.

Note: If you use a passcode instead of biometrics, the same privacy protections apply: your passcode never leaves your device.

Information We Process

During each verification, our systems temporarily process:

Technical Verification Data

  • Cryptographic signatures from your device
  • Device integrity information (confirming your device is genuine)
  • Device type (iOS or Android)
  • Timestamp of verification
  • The service requesting verification

This information exists only long enough to complete the verification process (typically a few seconds) and is not stored.

Operational Data

  • System logs for troubleshooting and security monitoring (retained for 30 days)
  • These logs contain technical information only, no personal identifiers
  • Error reports and performance metrics (anonymized)

On Your Device

  • A local history of your recent verifications
  • This remains under your control and can be cleared at any time
  • Deleting the app removes all local data

How We Share Information

With Services Using Humanmark

When you verify with a service, they receive:

  • Confirmation of your humanity (yes or no)
  • No other information

Each verification is independent. Services cannot track you between sessions or correlate your activities across different services.

Legal Basis for Processing (GDPR)

For users in the European Union, we process the minimal data described in this policy based on:

  • Legitimate Interests: Operating a privacy-preserving human verification service
  • Contract Performance: Providing verification services you request
  • Legal Compliance: Meeting our legal obligations

Our processing is limited to what's necessary for these purposes.

With Service Providers

We work with trusted infrastructure providers to operate our service:

  • DigitalOcean, AWS, Cloudflare: Cloud infrastructure and content delivery
  • Axiom: System monitoring and diagnostics (no personal data)
  • PagerDuty: Incident alerting for our technical team
  • Payment Processors (future): Mercury or Stripe for business billing

These providers process only the minimum data necessary to provide their services and are bound by strict confidentiality agreements.

Legal Compliance

We may disclose information if required by law, such as in response to:

  • Valid subpoenas or court orders
  • Government investigations
  • Legal proceedings

Due to our privacy-by-design architecture, we have minimal information to disclose. We cannot provide biometric or passcode data (we never possess it) or track users across verifications (our system doesn't support this).

When legally permitted, we will notify affected users of legal requests for their information.

Your Rights and Controls

Your Choices

  • Use any authentication method your device supports
  • View your verification history within the app
  • Clear your history at any time
  • Delete all local data by uninstalling the app

Privacy Rights by Region

United States Residents

  • Right to know what information we process
  • Right to request deletion (though we store minimal data)
  • Right to non-discrimination for exercising privacy rights

California Residents (CCPA)

  • Additional right to opt out of "sale" of personal information (we do not sell any data)
  • Right to know categories and specific pieces of personal information collected

European Union Residents (GDPR)

  • Right to access your data
  • Right to rectification and erasure
  • Right to data portability
  • Right to object to processing
  • Right to lodge complaints with supervisory authorities

Washington State Residents

  • Rights under Washington Privacy Act when it takes effect

Due to our minimal data processing, many traditional data rights are inherently satisfied by our architecture.

Age Requirements

You must be at least 16 years old to use Humanmark. By using our service, you represent and warrant that you are at least 16 years of age. We don't knowingly allow anyone under 16 to use our service.

Why 16? We want to make sure we comply with privacy laws everywhere, and some countries require users to be 16 or older to consent to data processing.

For Parents: If you believe your child under 16 has used Humanmark, please contact us at legal@humanmark.io. Though we don't collect personal information, we'll help address your concerns.

Note: Websites using Humanmark may have their own age restrictions based on their content.

Security Measures

We implement comprehensive security measures:

  • Industry-standard encryption for all data transmission
  • Hardware-backed security on user devices
  • Regular security assessments and updates
  • Access controls and monitoring for our systems
  • Incident response procedures

To report security vulnerabilities, please contact: security@humanmark.io

Security Incident Response

In the unlikely event of a security incident that affects your data:

  • We'll investigate and remedy the situation promptly
  • If required by law, we'll notify affected users within 72 hours of discovery
  • We'll provide clear information about what happened and what steps we're taking
  • Given our minimal data processing, the risk of meaningful data exposure is extremely low

International Data Processing

Our servers are located in the United States. When you use Humanmark from another country, the limited technical data required for verification is processed in the US. We rely on appropriate safeguards for international data transfers, though our minimal data collection reduces privacy risks.

Changes to This Policy

We may update this privacy policy as our service evolves. When we make changes:

  • The "Effective Date" will be updated
  • Material changes will be communicated through the app
  • Your continued use after changes constitutes acceptance

We will never materially reduce your privacy protections without clear notice and consent.

Contact Information

For privacy-related questions or concerns:

Email: legal@humanmark.io

General Support: support@humanmark.io

Legal Matters: legal@humanmark.io

Security Reports: security@humanmark.io

Website: https://humanmark.app

We strive to respond to all inquiries within 2 business days.

Legal Information

Governing Law: This privacy policy is governed by the laws of Washington State, USA, without regard to conflict of law principles.

Dispute Resolution: Any disputes relating to this privacy policy will be resolved in the state or federal courts located in Washington State.

No Warranties: The Humanmark service is provided "as is" during our beta period without warranties of any kind.

Limitation of Liability: To the fullest extent permitted by law, Humanmark SPC's total liability is limited to the amount paid by you for our services.

Our Commitment

We built Humanmark with a fundamental belief: proving you're human shouldn't require sacrificing your privacy. Our architecture ensures we can verify your humanity without learning your identity. This isn't just our policy; it's how we've designed our technology.

Thank you for trusting Humanmark.