PRIVACY POLICY

Privacy Policy

Effective Date: December 14, 2025

Last Updated: December 14, 2025

1. Introduction

Proofmi ("Company," "we," "us," or "our") operates the Proofmi mobile application and website at proofmi.xyz (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, retain, and safeguard your personal information when you use our Service.

Please read this Privacy Policy carefully. By accessing or using the Service, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with our policies and practices, do not use the Service.

Our Commitment: We are committed to protecting your privacy. We do not sell your personal information, and we only collect data that is necessary to provide and improve our Service.

2. Data Controller Information

Proofmi is the data controller responsible for your personal information. For questions about this Privacy Policy or our data practices, contact us at:

Proofmi

Email: support@proofmi.xyz

3. Information We Collect

We collect information that you provide directly, information collected automatically, and information from third-party services. We only collect information necessary to provide the Service.

3.1 Information You Provide Directly

  • Account Information: Email address and authentication credentials when you create an account (including via Google Sign-In)
  • Profile Information: Optional display name, username, and profile photo that you choose to provide
  • Photos and Content: Photos you capture and upload through the Service, along with any captions or descriptions you add
  • Communications: Information you provide when you contact us for support or feedback

3.2 Information Collected Automatically

Precise Geolocation Data (Sensitive Information)

With your explicit permission, we collect precise GPS coordinates (latitude, longitude, and altitude accurate to within approximately 10 meters) when you capture a photo. This location data is embedded in your photo's cryptographic signature to verify where the photo was taken. You control this: You can deny or revoke location permission at any time in your device settings, and photos captured without location permission will not include location verification.

  • Timestamp Data: The exact date and time when photos are captured, used for verification
  • Device Information: Device type, model, operating system version, and app version (used for push notifications and technical support)
  • Device Identifiers: Push notification tokens (FCM tokens) to deliver notifications to your device
  • Usage Data and Analytics: How you interact with the Service, including features used, actions taken, session duration, screen views, and app performance data. We use this to understand user behavior and improve the Service.
  • Crash and Error Reports: Technical information about app crashes and errors to help us identify and fix issues

3.3 Information We Do NOT Collect

  • Biometric Data: We do not collect, store, or process biometric identifiers such as facial geometry, fingerprints, or voiceprints. While our app may offer Face ID or Touch ID for device authentication, this uses your device's built-in security features and the biometric data never leaves your device or is accessed by Proofmi.
  • Financial Information: We do not collect payment card numbers, bank account details, or financial data
  • Health Information: We do not collect health, medical, or genetic information
  • Background Location: We only request location when you actively capture a photo, not continuously in the background

4. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your personal data based on the following legal grounds:

  • Contract Performance: Processing necessary to provide the Service you requested (account management, photo verification features)
  • Consent: Processing based on your explicit consent, which you can withdraw at any time (precise geolocation, push notifications, marketing communications)
  • Legitimate Interests: Processing for our legitimate business interests where not overridden by your rights (security, fraud prevention, service improvement)
  • Legal Obligations: Processing necessary to comply with applicable laws

5. How We Use Your Information

We use the information we collect for the following specific purposes:

5.1 Core Service Functions

  • Create and manage your account
  • Enable photo capture, upload, and storage
  • Generate cryptographic signatures that verify photo authenticity, timestamp, and location
  • Allow photo sharing and social features (following, likes, comments)
  • Deliver push notifications for activity updates (with your consent)

5.2 Service Operations

  • Respond to your support requests and inquiries
  • Maintain and improve Service functionality and performance
  • Detect, prevent, and address fraud, abuse, or security issues
  • Comply with legal obligations and enforce our Terms of Service

6. How We Share Your Information

We do not sell, rent, or trade your personal information to third parties for their marketing purposes.

We may share your information only in the following circumstances:

6.1 With Your Consent

  • When you share photos publicly or with specific users on the platform
  • When you connect your account with third-party services

6.2 Service Providers (Data Processors)

We use trusted third-party service providers who process data on our behalf under contractual obligations to protect your information:

  • Google Firebase: Authentication, cloud database (Firestore), cloud storage, push notifications (FCM), app security (App Check), analytics, and crash reporting (Crashlytics) — Firebase Privacy Policy
  • Google Cloud Platform: Infrastructure, computing, and data storage services — GCP Privacy Notice
  • Google Sign-In: Authentication service for account creation and login — Google Privacy Policy
  • Apple (App Store): iOS app distribution — Apple Privacy Policy

6.3 Legal Requirements

We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., a court order, government agency, or law enforcement). We will attempt to notify you of such requests unless prohibited by law.

6.4 Business Transfers

If Proofmi is involved in a merger, acquisition, or sale of assets, your personal information may be transferred. We will provide notice before your information becomes subject to a different privacy policy.

7. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence, including the United States, where our service providers (Google/Firebase) maintain servers.

For Users in the EEA, UK, and Switzerland

When we transfer personal data outside the EEA, UK, or Switzerland, we ensure appropriate safeguards are in place:

  • EU-US Data Privacy Framework: Our primary service provider (Google) is certified under the EU-US Data Privacy Framework
  • Standard Contractual Clauses (SCCs): We use EU-approved standard contractual clauses where applicable
  • Adequacy Decisions: Where available, we rely on European Commission adequacy decisions

8. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected. Here are our specific retention periods:

Data TypeRetention Period
Account InformationUntil account deletion + 30 days
Photos and MetadataUntil you delete them or account deletion + 30 days
Location DataRetained with associated photos (same period)
Device Tokens (Push Notifications)Until you disable notifications or account deletion
Server Logs90 days (for security and debugging)
Backup DataPurged within 60 days of deletion request

Account Deletion: You can delete your account at any time through the app settings. Upon deletion, we will delete your personal data within 30 days, except where we are legally required to retain certain information.

9. Data Security

We implement industry-standard security measures to protect your information:

  • Encryption in Transit: All data transmitted between your device and our servers is encrypted using TLS/SSL
  • Encryption at Rest: Data stored in our databases and cloud storage is encrypted
  • Secure Authentication: We use Firebase Authentication with secure token management
  • App Security: We use Firebase App Check to verify requests come from authentic app instances
  • Access Controls: Employee access to user data is restricted and logged
  • Secure Storage: Sensitive credentials are stored in your device's secure keychain

Important: While we strive to protect your personal information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security, but we continuously work to enhance our security measures.

10. Data Breach Notification

In the event of a data breach that affects your personal information, we will notify you via the email address associated with your account within 72 hours of discovering the breach (or as required by applicable law). The notification will include:

  • A description of the nature of the breach
  • The types of data that may have been affected
  • Steps we are taking to address the breach
  • Recommendations for steps you can take to protect yourself
  • Contact information for further questions

11. Your Privacy Rights

Depending on your location, you may have the following rights regarding your personal information:

11.1 Rights for All Users

  • Access: Request a copy of the personal data we hold about you
  • Correction: Request correction of inaccurate or incomplete personal data
  • Deletion: Request deletion of your personal data (you can delete your account in app settings)
  • Withdraw Consent: Withdraw consent for processing based on consent (e.g., location, notifications)

11.2 Additional Rights for EEA, UK, and Swiss Users (GDPR)

  • Data Portability: Receive your personal data in a structured, machine-readable format
  • Restriction: Request restriction of processing in certain circumstances
  • Object: Object to processing based on legitimate interests
  • Lodge Complaint: Lodge a complaint with a supervisory authority in your country of residence

11.3 How to Exercise Your Rights

To exercise any of these rights, contact us at support@proofmi.xyz. We will respond to your request within 30 days (or 45 days for California residents). We may need to verify your identity before processing your request.

12. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):

Your California Rights

  • Right to Know: Request information about what personal data we collect, use, disclose, and sell
  • Right to Delete: Request deletion of your personal data
  • Right to Correct: Request correction of inaccurate personal data
  • Right to Opt-Out of Sale/Sharing: We do not sell or share your personal information for cross-context behavioral advertising
  • Right to Limit Use of Sensitive Personal Information: We only use sensitive personal information (precise geolocation) for purposes necessary to provide the Service
  • Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights

Categories of Personal Information Collected

Under CCPA categories, we collect:

  • Identifiers (email address, account name, device identifiers)
  • Internet or network activity (usage data)
  • Geolocation data (precise GPS coordinates with consent)
  • Audio, electronic, visual information (photos you upload)

Do Not Sell or Share My Personal Information

We do not sell your personal information. We do not share your personal information for cross-context behavioral advertising. We honor Global Privacy Control (GPC) signals.

To exercise your California privacy rights, contact us at support@proofmi.xyz. We will respond within 45 days.

13. Other U.S. State Privacy Rights

If you reside in Virginia, Colorado, Connecticut, Utah, or other states with comprehensive privacy laws, you may have similar rights to those described for California residents, including:

  • Right to access and obtain a copy of your personal data
  • Right to delete your personal data
  • Right to correct inaccurate personal data
  • Right to data portability
  • Right to opt out of targeted advertising (we do not engage in targeted advertising)
  • Right to opt out of the sale of personal data (we do not sell personal data)
  • Right to opt out of profiling for decisions with legal or similar effects

To exercise these rights or appeal a decision regarding your request, contact us at support@proofmi.xyz.

14. Children's Privacy (COPPA)

The Service is not intended for children under 13 years of age (or under 16 in certain jurisdictions). We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information without your consent, please contact us immediately at support@proofmi.xyz. If we discover that we have collected personal information from a child under 13, we will delete it promptly.

15. Your Privacy Choices

You have control over your personal information:

  • Location Services: You can enable or disable location access in your device settings (Settings > Privacy > Location Services > Proofmi). Photos taken without location permission will not have location verification.
  • Push Notifications: You can enable or disable notifications in your device settings (Settings > Notifications > Proofmi).
  • Account Deletion: You can delete your account and all associated data through the app settings menu.
  • Photo Deletion: You can delete individual photos you have uploaded at any time through the app.
  • Profile Information: You can update or remove your display name and profile photo through the app settings.

16. Third-Party Links and Services

The Service may contain links to third-party websites or services that are not operated by us. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services. We encourage you to review the privacy policy of every site you visit.

17. Disclaimer and Limitation of Liability

17.1 Service Provided "As Is"

THE SERVICE AND ALL INFORMATION, CONTENT, AND MATERIALS AVAILABLE THROUGH THE SERVICE ARE PROVIDED "AS IS" AND ON AN "AS AVAILABLE" BASIS, WITHOUT ANY WARRANTIES OF ANY KIND, EITHER EXPRESS OR IMPLIED. TO THE FULLEST EXTENT PERMISSIBLE BY APPLICABLE LAW, PROOFMI DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, AND NON-INFRINGEMENT.

17.2 No Guarantee of Security

While we implement reasonable security measures, we do not warrant or guarantee that the Service will be uninterrupted, error-free, or completely secure. You acknowledge that you use the Service at your own risk, and we are not responsible for any unauthorized access to or alteration of your data, or any data loss that may occur despite our security measures.

17.3 Limitation of Liability

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT SHALL PROOFMI, ITS OFFICERS, DIRECTORS, EMPLOYEES, AGENTS, AFFILIATES, OR LICENSORS BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES, INCLUDING BUT NOT LIMITED TO LOSS OF PROFITS, DATA, USE, GOODWILL, OR OTHER INTANGIBLE LOSSES, RESULTING FROM (A) YOUR ACCESS TO OR USE OF OR INABILITY TO ACCESS OR USE THE SERVICE; (B) ANY CONDUCT OR CONTENT OF ANY THIRD PARTY ON THE SERVICE; (C) ANY CONTENT OBTAINED FROM THE SERVICE; (D) UNAUTHORIZED ACCESS, USE, OR ALTERATION OF YOUR TRANSMISSIONS OR CONTENT; OR (E) ANY DATA BREACH OR SECURITY INCIDENT, WHETHER BASED ON WARRANTY, CONTRACT, TORT (INCLUDING NEGLIGENCE), OR ANY OTHER LEGAL THEORY, WHETHER OR NOT WE HAVE BEEN INFORMED OF THE POSSIBILITY OF SUCH DAMAGE.

17.4 Cap on Liability

IN NO EVENT SHALL OUR TOTAL LIABILITY TO YOU FOR ALL DAMAGES, LOSSES, OR CAUSES OF ACTION EXCEED THE AMOUNT YOU HAVE PAID US IN THE TWELVE (12) MONTHS PRIOR TO THE CLAIM, OR ONE HUNDRED US DOLLARS ($100), WHICHEVER IS GREATER.

17.5 Third-Party Service Providers

We are not responsible for the privacy practices, security measures, or actions of third-party service providers (including but not limited to Google, Firebase, Apple, and any other providers). Any issues related to their services should be directed to those providers. Our use of these services is governed by their respective terms and privacy policies.

17.6 Indemnification

You agree to defend, indemnify, and hold harmless Proofmi and its officers, directors, employees, agents, and affiliates from and against any and all claims, damages, obligations, losses, liabilities, costs, or debt, and expenses (including but not limited to attorney's fees) arising from: (a) your use of and access to the Service; (b) your violation of any term of this Privacy Policy or our Terms of Service; (c) your violation of any third-party right, including without limitation any privacy, publicity, or intellectual property right; or (d) any claim that your content caused damage to a third party.

Some jurisdictions do not allow the exclusion or limitation of certain warranties or liability, so some of the above limitations may not apply to you. In such jurisdictions, our liability is limited to the maximum extent permitted by law.

18. Governing Law and Dispute Resolution

This Privacy Policy and any disputes arising out of or related to this Privacy Policy or the Service shall be governed by and construed in accordance with the laws of the State of California, United States, without regard to its conflict of law provisions.

Any dispute arising from or relating to this Privacy Policy or your use of the Service shall be resolved through binding arbitration in accordance with the rules of the American Arbitration Association, except that you may assert claims in small claims court if your claims qualify. The arbitration shall be conducted in San Francisco, California, or at another mutually agreed location. You agree that any arbitration shall be conducted on an individual basis and not as a class action or representative proceeding.

19. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will:

  • Update the "Last Updated" date at the top of this policy
  • Notify you via email or through a notice in the app (for material changes)
  • For changes requiring consent, we will obtain your consent before implementing the changes

We encourage you to review this Privacy Policy periodically. Your continued use of the Service after any changes constitutes your acceptance of the updated policy.

20. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:

Proofmi

Email: support@proofmi.xyz

We aim to respond to all privacy-related inquiries within 30 days.

Summary of Key Points

  • ✓ We do not sell your personal information
  • ✓ We do not collect biometric data from your photos
  • ✓ Location data is only collected with your explicit permission when you take photos
  • ✓ You can delete your account and all data at any time
  • ✓ Your data is encrypted in transit and at rest
  • ✓ We only use trusted service providers (Google/Firebase) with strong privacy practices
  • ✓ We comply with GDPR, CCPA/CPRA, and other applicable privacy laws
Back to Home