Privacy Policy
Overview
Signos Technologies ("we", "our", "us") is committed to protecting your privacy. This Privacy Policy explains how Signos Registered Media ("the Software") collects, uses, and safeguards your information.
Information We Collect
1. File Metadata (Local Processing)
When you register files with Signos:
- File hashes (BLAKE3, SHA256, SHA3-512) - Mathematical fingerprints of your files
- File names and paths - For your reference only
- File sizes and timestamps - For verification purposes
What we DO NOT collect: The actual content of your files. Files are processed entirely on your device.
2. Behavioral Biometric Data (Human Verification)
When Human Verification is active, we collect device motion data to prove a real person was present at the time of capture:
- Accelerometer and gyroscope data - Device motion patterns sampled at 30 Hz (NOT your identity or location)
- Motion variance patterns - Statistical analysis of hand-held device movement
- Touch-impulse detection - Timing of physical shutter button press
Privacy Guarantees:
- All biometric processing occurs locally on your device
- Only motion timing patterns are captured, never personal identity
- Raw motion samples (accelerometer and gyroscope readings, typically 60-90 data points per capture) are embedded in your sealed proof files. These samples prove a real person was physically holding the device during capture. This is a core feature of the app's proof-of-authenticity system.
- Motion patterns may reveal behavioral characteristics (e.g., hand steadiness).
- Wallet address — Your Algorand wallet address is embedded in every sealed photo's metadata
3. Account Information
- Device identifier - Unique ID for subscription management
- Subscription status - Active/inactive subscription state
- Wallet address - Algorand wallet address for blockchain registrations
- App Attest data — Hardware attestation key transmitted to our servers for device verification
Note: You can use Signos without providing an email address. We do not collect or store your email unless you contact support.
4. Payment Information
Payment processing is handled entirely by Apple through In-App Purchase (StoreKit 2). We do not store:
- Credit card numbers
- Bank account details
- Billing addresses
We receive only confirmation of payment status from Apple.
4a. Social Link Data
When you create a Social Link to share verified media publicly:
- Media files - Uploaded to Cloudflare R2 cloud storage for public hosting
- Content hash - BLAKE3 hash of the uploaded file, stored for verification
- Upload metadata - Timestamp and file size (no location data unless you choose to include it)
Important: Social Link content is publicly accessible. Do not create Social Links for content you wish to keep private. Hosted content can be removed by cancelling your subscription or by request.
5. Blockchain Records
When you register files:
- Private Registration: A salted hash is published to Algorand blockchain. The hash cannot be reverse-engineered to identify your file content.
- Public Registration: Attribution metadata (creator name, license) is published alongside the hash, only when you explicitly choose to publish.
Blockchain records are permanent and cannot be deleted.
How We Use Your Information
| Data Type | Purpose | Stored Where |
|---|---|---|
| File hashes | Verification & blockchain registration | Local device + Algorand blockchain |
| Biometric patterns | Generate unforgeable temporal proofs | Anonymous hash + raw samples embedded in sealed files (core feature); in-memory buffer auto-clears |
| Device ID | License management | Our servers (encrypted) |
| Email (if provided) | Support communication | Our servers (encrypted) |
| Payment confirmation | Subscription management | Apple + our servers |
| Social Link media | Public verification hosting | Cloudflare R2 + our servers |
Data Storage & Security
Local Storage
- Database: SQLite database stored on your device (GRDB on iOS, Application Support on desktop)
- Encryption: Wallet mnemonics encrypted in iOS Keychain; desktop uses Argon2id KDF
- Sealed files: Self-certifying copies with embedded verification metadata stored in app documents
- Biometric data: Motion patterns processed locally, converted to cryptographic hash, never transmitted in raw form
Cloud Storage
- Social Link media: Uploaded to Cloudflare R2 when you create a Social Link (user-initiated, not automatic)
- Backend services: Google Cloud Platform (US regions) for subscription management and wallet operations
Blockchain Storage
- Network: Algorand (MainNet or TestNet)
- Permanence: Blockchain records cannot be deleted
- Privacy: Private registrations use salted hashes that cannot identify file content
Third-Party Services
| Service | Purpose | Privacy Policy |
|---|---|---|
| Apple | Payment processing (In-App Purchase) | apple.com/legal/privacy |
| Algorand | Blockchain registration | algorand.com/privacy |
| Google Cloud | Backend services and storage | cloud.google.com/privacy |
| Cloudflare | Social Link media hosting (R2 storage) | cloudflare.com/privacypolicy |
Your Rights
Access & Export
- View all registered files and their blockchain records in the app
- Share sealed proof files via the Share menu
Deletion
- Delete individual proofs and their local data from within the app
- Note: Blockchain records cannot be deleted (by design, for verification permanence)
Disable Features
- Disable Human Verification at any time via Settings
- Disable cloud backups at any time via Settings
How to Delete Your Data
You can delete all local app data at any time:
- Open Signos Camera → Settings → Privacy & Data
- Tap "Delete All Data"
- Confirm with Face ID
What gets deleted: Sealed photos, proof records, wallet, preferences, and backend account data.
What cannot be deleted: Blockchain registrations are permanent by design — they contain only cryptographic hashes, not your photos or personal information.
For manual data requests, contact support@signos.app.
Data Retention
| Data Type | Retention Period |
|---|---|
| Biometric segments | Maximum 90 minutes (auto-deleted) |
| Raw motion samples in sealed files | Permanent (embedded in file metadata) |
| File registration records | Until you delete them |
| Blockchain records | Permanent (cannot be deleted) |
| Account information | Until account deletion request |
| Payment records | As required by law (typically 7 years) |
Note: Keychain data (wallet, device ID) persists after app uninstall. Use the in-app deletion feature before uninstalling to remove all data.
Children's Privacy
Signos Registered Media is not intended for use by children under 13. We do not knowingly collect information from children under 13.
International Data Transfers
Your data may be processed in the United States. By using the Software, you consent to this transfer.
Changes to This Policy
We will notify you of material changes via:
- In-app notification
- Email (if provided)
- Updated "Last Updated" date above
Contact Us
For privacy inquiries:
- Email: support@signos.app
- Website: signos.app/privacy
California Privacy Rights (CCPA)
California residents have additional rights:
- Right to know what personal information is collected
- Right to delete personal information
- Right to opt-out of sale (we do not sell personal information)
- Right to non-discrimination
GDPR Rights (EU Residents)
EU residents have additional rights under GDPR:
- Right of access
- Right to rectification
- Right to erasure (except blockchain records)
- Right to restrict processing
- Right to data portability
- Right to object
Signos Technologies
Patent Pending