StanProof

Privacy policy

v1 draft pending solicitor review. The intent below is what we actually do; the wording will be tightened by a lawyer before public launch.

Effective date: to be set on launch day.

1. Who we are

StanProof is operated from the United Kingdom. We are the data controller for the personal information described below.

2. What we collect

  • Your email address (used to sign you in via magic link).
  • An optional country, used only to set sensible currency and ticket-platform defaults.
  • The redacted images you choose to publish, plus the original files behind them. Originals stay private; only the redacted versions are shown on a public proof card.
  • Social handles you link (Twitter, Instagram, TikTok, Reddit, Discord) and the verification status of each.
  • When you submit a report without signing in, a one-way hash of your IP address combined with a daily salt. We cannot recover the IP address from the hash.

3. Why we collect it

  • To run your account and let you sign in.
  • To prevent fraud — duplicate detection, risk scoring.
  • To make a public proof card useful so a buyer can decide whether to pay you.
  • To prevent abuse — rate limits and report queues need to know who is acting.

4. How long we keep it

  • Original files: 90 days after the proof card is published, then deleted from storage. The redacted version stays.
  • Redacted files: kept for as long as the proof card exists. You can unpublish a card from your dashboard at any time.
  • Reports and moderation history: kept indefinitely as a moderation record. Reporter identity (or IP hash) stays private.
  • Account deletion: triggers a 7-day soft-delete window, after which your profile, files, and storage objects are removed. Audit log entries reference the deleted account by id only.

5. Who we share it with

We do not sell personal data. We do not share who reported a card with the seller. We use the following sub-processors to run the service:

  • Supabase — database and file storage.
  • Resend — transactional email (magic links).
  • PostHog (EU region) — product analytics.
  • Sentry — error tracking on the server.
  • Upstash — rate-limit counters.

6. Your rights

You can request a copy of your data, ask us to correct it, ask us to delete it, or object to a particular use. Email privacy@stanproof.com and we will respond within 30 days. If you are not happy with our response you can complain to the UK Information Commissioner's Office (ico.org.uk).

7. Cookies

We use a small number of essential cookies for sign-in. Product analytics (PostHog) only run if you accept the cookie banner. We do not use third-party advertising cookies.

8. Contact

privacy@stanproof.com (placeholder address — will be confirmed at launch).