Privacy
Privacy Policy
Last updated: July 14, 2026.
PROOFGATE verifies age and eligibility gates without turning Sprime or the host site into an ID warehouse. This policy explains what we process, what we refuse to store, and how customers should use the service.
Core rule
PROOFGATE does not persist names, dates of birth, ID numbers, ID images, selfies, or raw wallet presentations for verification events. The service stores the minimum record needed to run the gate: requested claim, result, timestamp metadata, billing and abuse-prevention metadata, and a non-reversible audit token.
Information we process
- Verification metadata, including requested claim, nonce, verifier origin, audience, result, assurance level, request ID, and audit token.
- API and security metadata, including API key prefix, rate-limit counters, IP-derived abuse signals, device or browser support signals, logs, and error records.
- Customer account, billing, and contract details needed to provide paid service, collect fees, send notices, and support the account.
- Messages sent to support, production-access intake, or customer success channels.
Information we do not want
Do not send names, birth dates, ID numbers, ID images, face images, addresses, or raw identity documents to Sprime unless a signed agreement says a separate workflow has been approved. Do not place that data in URLs, query strings, support tickets, dashboard labels, or integration logs.
Verification events
The verifier checks a supported wallet presentation only long enough to validate the requested claim. Where a credential discloses a predicate, the host receives the predicate result, assurance data, and a non-reversible audit token. The host does not receive the underlying identity document through PROOFGATE.
How we use information
- Run and secure the verifier, API, dashboard, sandbox, and customer integrations.
- Meter usage, bill customers, prevent abuse, investigate reliability issues, and enforce service terms.
- Provide support, account notices, incident notices, audit exports, and product updates.
- Comply with law, court orders, subpoenas, tax duties, sanctions screening, and similar legal obligations.
Sharing
We share information with service providers that help us operate PROOFGATE, including hosting, logging, email, security, analytics, payment, and customer-support vendors. Stripe handles payment details. We may disclose information to comply with law, protect the service, investigate abuse, complete a business transaction, or enforce our rights. We do not sell verification-event identity material because we do not persist that material.
Customer responsibility
Customers choose where PROOFGATE appears, which claim they request, what law or policy they are trying to satisfy, and how they treat the result. Customers are responsible for their own notices, consent flows, age-gate rules, retention choices, and legal review for each jurisdiction and product category.
Retention
We keep verification audit records, account records, billing records, logs, and security records only as long as needed for service operation, billing, audits, dispute handling, fraud prevention, legal duties, and enforcement. Verification audit records are designed not to contain the underlying ID material.
Security
We use transport security, access controls, rate limits, request IDs, host-origin checks, trusted-issuer controls, logging, and least-data design. No internet service can promise perfect security. Customers must protect their API keys, configure allowed origins carefully, and report suspected misuse promptly.
Cookies and local storage
Sprime uses strictly necessary cookies and browser local storage to run signed-in sessions, hold security and rate-limit state, and support passkey and wallet flows. Some pages, such as subscription confirmation, also use analytics and conversion measurement, including Google tools, to understand sign-ups and improve the service. We do not use verification-event identity material for advertising, and we do not persist that material at all. You can control or clear non-essential cookies and local storage through your browser settings.
Other Sprime services
Besides PROOFGATE, Sprime offers a developer API for utility data endpoints and a set of public web tools. When you use those services, we process account, API key, usage, billing, and security metadata as described above. Utility API responses are general data, not identity records.
Privacy rights
Depending on where you live, you may have rights to access, delete, correct, or receive information about personal data we hold. Send requests to support@sprime.io. We may need to verify your request and may deny or limit requests where the law allows, including where we must keep records for billing, security, fraud prevention, or legal obligations.
Children
PROOFGATE is sold to customer sites that need age or eligibility gates. Sprime does not aim its own service at children. Customers that use PROOFGATE for child-safety or age-screening duties must configure their own user notices and compliance flows.
Changes
We may update this policy as the service, law, vendors, or customer contracts change. The updated date above shows the current version. Material changes will be posted here or sent through account channels when appropriate.
Contact
Questions, security reports, and data requests: support@sprime.io.