Data Processing

Customer account data

HumanProof processes account names, email addresses, organization membership, roles, selected language, billing selections, and support messages so users can access and manage the service.

Project and integration data

Projects include site keys, backend secret references, configured production and testing domains, widget options, security presets, risk mode, client assignment, and usage limits.

Verification telemetry

Challenge starts, redeem results, verification outcomes, timestamps, domain context, widget variant, trigger type, and lightweight browser interaction signals may be processed to verify requests, account for usage, detect abuse, and explain risk decisions.

Billing data

Billing is handled through Stripe. HumanProof stores billing status, customer and subscription identifiers, billing email, plan, billing interval, pending changes, and audit events required to reconcile account access and plan limits. Payment method details are handled by Stripe and are not stored directly by HumanProof.

Retention

Retention depends on the data category and active plan. Account and billing records are kept while required to provide the service or meet legal obligations. Usage history, audit logs, and billing webhook diagnostics are retained for limited operational periods configured by the platform.

Customer responsibilities

Customers are responsible for disclosing their use of HumanProof where required, keeping backend secrets private, configuring allowed domains correctly, and verifying tokens server-side before accepting protected actions.

DPA requests

A data processing agreement can be requested through the contact form or by email. Choose DPA request so it reaches the right inbox.

Request a DPA or by emailing sales@humanproof.eu .