ProofLayer

Privacy Policy

Effective Date: February 18, 2026

1. Introduction

Kraken AI ("we," "us," or "our") operates ProofLayer AI at https://proof-layer-ai.vercel.app. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service. By using ProofLayer AI, you consent to the data practices described in this policy.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

  • Email address
  • Full name (if provided)
  • Profile avatar (if using OAuth)
  • Authentication provider data (Google, GitHub)

2.2 Scan Metadata

When you use the verification service, we store:

  • Content type (image, audio, video, text)
  • One-way cryptographic hash (SHA-256) of the content
  • Trust score and analysis results
  • AI provider used and model identified
  • Timestamp of the scan

We do NOT store your actual content. All uploaded files and text are processed entirely in-memory and are discarded immediately after analysis. We never save images, audio, video, or text content to any database or file storage system.

2.3 Usage Data

We automatically collect:

  • API usage logs (endpoint, timestamp, response status)
  • Scan counts and quota usage
  • Feature usage patterns (aggregated)

2.4 Payment Information

Payment processing is handled entirely by Paddle.com Market Limited (our Merchant of Record). We do not collect, store, or have access to your credit card numbers, bank account details, or other payment instrument data. Paddle provides us with:

  • Paddle customer ID
  • Subscription status and plan type
  • Transaction history (amounts, dates)

2.5 BYOK API Keys

If you use the BYOK feature, your third-party API keys are encrypted using AES-256-GCM encryption before storage. We cannot access or view your plaintext API keys. Keys are decrypted only in-memory during request processing and are never logged.

3. How We Use Your Information

  • To provide, maintain, and improve the Service
  • To process your transactions and manage your subscription
  • To display your scan history and usage analytics in your dashboard
  • To enforce rate limits and plan quotas
  • To communicate with you about your account, service updates, and security alerts
  • To detect, prevent, and address fraud, abuse, and technical issues
  • To comply with legal obligations

We do not sell, rent, or trade your personal information to third parties for marketing purposes.

4. Third-Party Services

We use the following third-party services to operate ProofLayer AI:

  • Supabase: Authentication and database hosting. Your account data and scan metadata are stored in Supabase's infrastructure with row-level security policies.
  • Paddle: Payment processing, billing, and tax handling as our Merchant of Record.
  • Vercel: Application hosting and CDN.
  • AI Providers (OpenAI, Anthropic, Google): Content is sent to these providers for analysis when you initiate a scan. Their respective privacy policies apply to data transmitted to their APIs. When using BYOK, data is sent under your own API key and account.

Each third-party provider has their own privacy practices. We encourage you to review their respective privacy policies.

5. Cookies & Tracking

We use essential cookies for:

  • Authentication: Session cookies to keep you signed in
  • Preferences: Theme preference (light/dark mode)

We do not use third-party tracking cookies, advertising pixels, or analytics services that track individual users across websites. We do not participate in cross-site tracking or targeted advertising.

6. Data Retention

  • Account data: Retained for the duration of your account. Deleted within 30 days of account deletion request.
  • Scan metadata: Retained for the duration of your account for your scan history feature.
  • Usage logs: Retained for up to 90 days for operational purposes, then aggregated and anonymized.
  • Uploaded content: Not retained. Processed in-memory only and discarded immediately.
  • BYOK API keys: Deleted immediately upon your request or account deletion.

7. Your Rights (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have the following rights under the General Data Protection Regulation (GDPR):

  • Right of Access: Request a copy of the personal data we hold about you
  • Right to Rectification: Request correction of inaccurate personal data
  • Right to Erasure: Request deletion of your personal data ("right to be forgotten")
  • Right to Data Portability: Request a machine-readable copy of your data
  • Right to Restrict Processing: Request limitation of how we process your data
  • Right to Object: Object to processing of your personal data
  • Right to Withdraw Consent: Withdraw previously given consent at any time

To exercise any of these rights, contact us at support@prooflayer.ai. We will respond within 30 days.

8. Your Rights (CCPA)

If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with the following rights:

  • The right to know what personal information is collected, used, shared, or sold
  • The right to delete personal information held by businesses
  • The right to opt out of the sale of personal information
  • The right to non-discrimination for exercising your CCPA rights

We do not sell personal information. To exercise your rights, contact support@prooflayer.ai.

9. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including:

  • Encryption in transit (TLS/HTTPS) and at rest
  • AES-256-GCM encryption for sensitive data (BYOK keys)
  • Row-level security (RLS) policies on all database tables
  • Regular security audits and monitoring
  • Principle of least privilege for internal access

While we strive to protect your data, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.

10. International Data Transfers

Your data may be transferred to and processed in countries other than your country of residence, including the United States. These countries may have data protection laws that differ from your jurisdiction. By using our Service, you consent to such transfers. Where required by law, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission.

11. Children's Privacy

The Service is not intended for individuals under the age of 13 (or 16 in the EEA). We do not knowingly collect personal information from children. If we become aware that we have collected personal data from a child without parental consent, we will take steps to delete that information promptly. If you believe we have collected data from a child, please contact us at support@prooflayer.ai.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or a prominent notice on the Service at least 30 days before they take effect. The "Effective Date" at the top of this page indicates when the policy was last revised. Your continued use of the Service after changes take effect constitutes acceptance of the updated policy.

13. Contact

For questions, concerns, or requests related to this Privacy Policy or your personal data, contact:

Kraken AI
Email: support@prooflayer.ai
Website: https://proof-layer-ai.vercel.app