Privacy Policy

Last updated: June 3, 2026.

PROOFGATE is built to verify a gate without collecting the identity material behind it. The service is an acceptance and privacy layer for age and eligibility checks.

Information we process

• Verification request metadata, such as requested claim, nonce, audience, timestamp, result, and audit token.
• Operational metadata needed to secure and meter the API, such as API key prefix, request ID, rate-limit counters, and service logs.
• Billing contact and payment data handled through Stripe when a customer starts a paid pilot or production plan.
• Messages you send to support or pilot intake.

Information we decline by design

PROOFGATE does not need a user's name, DOB, document number, ID photo, face scan, address, or raw identity document. Do not send those values in support messages, URLs, query strings, or integration logs.

Verification events

The verifier checks a wallet presentation and returns a result to the host site. Where a credential discloses only a predicate, the host receives only that predicate result. We retain the minimum record needed for metering, abuse prevention, and customer audit exports.

Customer responsibility

Customers decide where PROOFGATE appears and what law or policy they are trying to satisfy. PROOFGATE provides an age-assurance or eligibility signal. It does not guarantee legal compliance.

Security

We use transport security, access controls, rate limiting, request IDs, and verification checks appropriate for an API service. No system is risk-free, and we will not claim more maturity than has shipped.

Retention

Verification audit records are retained only as needed for billing, fraud prevention, customer audit exports, and legal obligations. They are designed not to contain the underlying identity material.

Contact

Questions or data requests: support@sprime.io.