Privacy Policy
Overview
Signos Technologies ("we", "our", "us") is committed to protecting your privacy. This Privacy Policy explains how Signos Registered Media ("the Software") collects, uses, and safeguards your information.
Information We Collect
1. File Metadata (Local Processing)
When you register files with Signos:
- File hashes (BLAKE3, SHA256, SHA3-512) - Mathematical fingerprints of your files
- File names and paths - For your reference only
- File sizes and timestamps - For verification purposes
What we DO NOT collect: The actual content of your files. Files are processed entirely on your device.
2. Behavioral Biometric Data (Human Verification)
When Human Verification is enabled, we collect:
- Keystroke timing patterns - Time between key presses (NOT the actual keys pressed)
- Mouse movement patterns - Movement velocity and direction (NOT screen coordinates or content)
- System activity patterns - CPU/memory usage patterns (NOT application content)
Privacy Guarantees:
- All biometric processing occurs locally on your device
- Only timing patterns are captured, never content
- Data is stored in 5-minute segments, retained for maximum 90 minutes
- Biometric data is converted to cryptographic salts before any external transmission
3. Account Information
- Email address (optional) - Only if you provide it during checkout
- Device identifier - Unique ID for license management
- Subscription status - Active/inactive subscription state
Note: You can use Signos without providing an email address. If you pay via Stripe, they may collect your email separately under their privacy policy.
4. Payment Information
Payment processing is handled entirely by Stripe, Inc. We do not store:
- Credit card numbers
- Bank account details
- Billing addresses
We receive only confirmation of payment status from Stripe.
5. Blockchain Records
When you register files:
- Private Registration: A salted hash is published to Algorand blockchain. The hash cannot be reverse-engineered to identify your file content.
- Public Registration: Attribution metadata (creator name, license) is published alongside the hash, only when you explicitly choose to publish.
Blockchain records are permanent and cannot be deleted.
How We Use Your Information
| Data Type | Purpose | Stored Where |
|---|---|---|
| File hashes | Verification & blockchain registration | Local device + Algorand blockchain |
| Biometric patterns | Generate unforgeable temporal proofs | Local device only (90 min max) |
| Device ID | License management | Our servers (encrypted) |
| Email (if provided) | Support communication | Our servers (encrypted) |
| Payment confirmation | Subscription management | Stripe + our servers |
Data Storage & Security
Local Storage
- Database: SQLite database stored in your Application Support folder
- Encryption: Sensitive data encrypted with Argon2id (memory-hard KDF)
- Biometric data: Stored locally, never transmitted in raw form
Cloud Storage (Optional)
- Encrypted Backups: AES-256 encryption before upload
- Storage Provider: Google Cloud Platform (US regions)
- Your Control: You can disable cloud backups entirely
Blockchain Storage
- Network: Algorand (MainNet or TestNet)
- Permanence: Blockchain records cannot be deleted
- Privacy: Private registrations use salted hashes that cannot identify file content
Third-Party Services
| Service | Purpose | Privacy Policy |
|---|---|---|
| Stripe | Payment processing | stripe.com/privacy |
| Algorand | Blockchain registration | algorand.com/privacy |
| Google Cloud | Encrypted backup storage | cloud.google.com/privacy |
Your Rights
Access & Export
- Export all your data via Settings → Data Management → Export
- View all registered files and their blockchain records
Deletion
- Delete local data via Settings → Data Management → Clear Data
- Note: Blockchain records cannot be deleted (by design, for verification permanence)
Disable Features
- Disable Human Verification at any time via Settings
- Disable cloud backups at any time via Settings
Data Retention
| Data Type | Retention Period |
|---|---|
| Biometric segments | Maximum 90 minutes (auto-deleted) |
| File registration records | Until you delete them |
| Blockchain records | Permanent (cannot be deleted) |
| Account information | Until account deletion request |
| Payment records | As required by law (typically 7 years) |
Children's Privacy
Signos Registered Media is not intended for use by children under 13. We do not knowingly collect information from children under 13.
International Data Transfers
Your data may be processed in the United States. By using the Software, you consent to this transfer.
Changes to This Policy
We will notify you of material changes via:
- In-app notification
- Email (if provided)
- Updated "Last Updated" date above
Contact Us
For privacy inquiries:
- Email: privacy@signos.app
- Website: signos.app/privacy
California Privacy Rights (CCPA)
California residents have additional rights:
- Right to know what personal information is collected
- Right to delete personal information
- Right to opt-out of sale (we do not sell personal information)
- Right to non-discrimination
GDPR Rights (EU Residents)
EU residents have additional rights under GDPR:
- Right of access
- Right to rectification
- Right to erasure (except blockchain records)
- Right to restrict processing
- Right to data portability
- Right to object
Signos Technologies
Patent Pending