Legal

Privacy Policy

Huverify · Last updated: May 2026 · Effective immediately

The short version

We collect only what we need to verify you're a real, living human. Your photo is deleted within 24 hours of processing — always, no exceptions. We never sell your data. We never share it with advertisers. Your personal information is never shown publicly. The only thing anyone can look up about you is whether your badge is valid, expired, or revoked — nothing else.

1. Who we are

Huverify ("we," "us," or "our") operates the identity verification platform at huverify.com. Our mission is to provide a trusted, privacy-respecting credential that proves a person is a real, living human being. Huverify means Human verification, digitally trusted — that's the standard we hold ourselves to.

If you have any questions about this policy, contact us at hello@huverify.com.

2. What information we collect

Information you provide directly

Your full legal name and date of birth, as entered on the application form
Your email address, used to create your account and send you badge status updates
Your country of citizenactivate and the type of government ID you're verifying with
Payment information — collected and processed entirely by Stripe. We never see or store your card number.

Information collected during identity verification

We use Stripe Identity to verify your government-issued ID and confirm you are a live, present human being. During this process, Stripe captures:

A real-time scan of your government-issued ID document
A brief video or image of your face for liveness detection and face matching
The data printed on your ID — name, date of birth, document number, expiry date, and issuing country

Stripe processes this data on their secure infrastructure under their own privacy policy. We receive back only a structured verification result — confirmed name, date of birth, document type, and whether the verification passed. We never receive or store raw images of your face or ID document.

Information we store about your badge

Your unique ES badge code
Badge issue date and expiry date
Verification status (verified, expired, or revoked)
A log of how many times your badge has been looked up publicly

Technical information

Standard server logs including IP addresses, browser type, and pages visited
Authentication session tokens stored securely in your browser

3. Photo and document deletion

This is our most important privacy commitment and we state it plainly: your photo and ID document images are permanently deleted within 24 hours of processing, without exception.

We do not store your face. We do not build a facial database. The mathematical embedding used to verify your face match is processed by Stripe and is not retained by Huverify after verification is complete. After 24 hours, nothing visual about you exists in our systems.

Your ID number is stored only as a one-way cryptographic hash — a mathematical fingerprint that allows us to detect duplicate applications without ever being able to reconstruct the original number. Nobody, including us, can reverse this hash to learn your ID number.

4. How we use your information

Purpose	Data used	Legal basis
Verifying your identity and issuing your badge	Name, DOB, ID type, Stripe Identity result	Performance of contract
Processing your $5 payment	Email, payment data (handled by Stripe)	Performance of contract
Creating and maintaining your account	Email, authentication token	Performance of contract
Sending badge status and renewal reminders	Email, badge expiry date	Legitimate interest
Preventing duplicate applications	Hashed ID number	Legitimate interest
Providing the public badge verification service	Badge code, status only — no personal data	Performance of contract
Improving our service	Aggregated, anonymized usage data	Legitimate interest

We do not use your data for advertising. We do not build marketing profiles. We do not use your data to train AI models.

5. What is never made public

The following information about you is strictly private and accessible only to you when signed into your account:

Your full name
Your date of birth
Your email address
Your country of citizenactivate
Your ID type and hashed ID number
Your mailing history or any application details

The only information accessible publicly via your badge code is: whether your badge is valid, expired, or revoked. Nothing else. An employer or platform checking your badge learns only that a real human was verified — they learn nothing about who you are.

6. Who we share data with

We share your data only with the following service providers, strictly for the purposes described:

Stripe — payment processing and identity verification. Stripe is our primary data processor for the verification flow. Their privacy policy is at stripe.com/privacy.
Supabase — our secure database provider, hosted on AWS infrastructure. Your data is encrypted at rest and in transit.
Vercel — our hosting provider. Vercel processes standard web traffic logs.

We do not sell your data to any third party. We do not share your data with employers, platforms, or any other organization. We do not share data with data brokers, advertisers, or analytics companies.

We may disclose data if required by law, court order, or to protect against fraud or harm — but only to the extent legally required and never beyond it.

7. Data retention

Photos and ID document images — deleted within 24 hours of processing, permanently
Verification records — retained for the life of your account to support badge renewal and dispute resolution
Badge records — retained while active and for 90 days after expiry or revocation
Payment records — retained for 7 years as required by financial regulations
Account data — retained until you request deletion
Server logs — retained for 30 days then automatically deleted

8. Your rights

Depending on where you live, you may have the following rights regarding your personal data. We honor all of these regardless of your location because they reflect the right way to treat people.

Access — you can request a copy of all personal data we hold about you
Correction — you can ask us to correct inaccurate information
Deletion — you can request that we delete your account and personal data. Note that deleting your account will revoke your active badge and we cannot issue a refund for any remaining validity period.
Portability — you can request your data in a machine-readable format
Objection — you can object to processing based on legitimate interest
Withdrawal of consent — where processing is based on consent, you can withdraw it at any time

To exercise any of these rights, email hello@huverify.com. We will respond within 30 days.

9. Security

We take security seriously because we handle identity data. Our measures include:

All data transmitted over HTTPS with TLS encryption
Database encryption at rest via Supabase on AWS infrastructure
Row-level security on all database tables — users can only access their own records
ID numbers stored only as one-way cryptographic hashes
Stripe handles all payment card data — we never touch it
Stripe handles all identity document images — we never store them
Authentication via Supabase Auth with secure session management

No system is perfectly secure. If we become aware of a breach affecting your data, we will notify you within 72 hours via the email address on your account.

10. Children

Our service is not directed at anyone under the age of 18. We do not knowingly collect personal data from minors. If you believe a minor has submitted an application, please contact us immediately at hello@huverify.com and we will delete their data and issue a full refund.

11. Changes to this policy

If we make material changes to this privacy policy — meaning changes that meaningfully affect how we collect, use, or share your data — we will notify you by email at least 14 days before the changes take effect. You will have the opportunity to delete your account if you do not agree with the new terms.

Minor changes such as clarifications, corrections, or additions that don't affect your rights will be posted here with an updated effective date.

Contact us

Questions, requests, or concerns about your privacy should be directed to:
hello@huverify.com
We respond to all privacy inquiries within 30 days.