Privacy Policy

1. Introduction

Spatial Proof ("we," "our," or "us") is a global spatial-temporal verification infrastructure designed to prove that events, actions, and data captures genuinely occurred at the reported location and time. Our platform serves as GovTech and anti-fraud verification infrastructure, enabling governments, organizations, and enterprises to detect and prevent fraud through cryptographically verified field data.

Spatial Proof is jointly operated by Zenith Flow Innovations LLC (United States) and Pieske One LTDA (Brazil). This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our services, website (https://spatialproof.com), and applications.

2. Data We Collect

Spatial Proof collects specific categories of data necessary for field verification and anti-fraud analysis. The nature of our platform requires capturing detailed spatial-temporal information to ensure the integrity and authenticity of each verification record.

2.1 Location and Sensor Data

• GPS coordinates (latitude, longitude, altitude) captured at the time of verification
• GPS accuracy and precision metrics, including horizontal and vertical accuracy values
• Accelerometer data and device orientation readings
• Barometric pressure and other environmental sensor readings where available
• Timestamps with timezone information for each data capture event

2.2 Visual Data

• Photographs and videos captured during verification events, including public works inspections, insurance claims documentation, and government compliance checks
• Photo and video metadata including resolution, camera settings, EXIF data, and capture parameters

2.3 Device Information

• Device model and manufacturer
• Operating system type and version
• Application version
• Network information (connection type, carrier, signal strength)
• Device identifiers used for session integrity and anti-spoofing validation

2.4 Account and Contact Information

• Name and email address provided during registration
• Organization name and role, where applicable
• Authentication credentials (stored in hashed form only)

2.5 Usage Data

• IP address and browser information when accessing our website
• Pages visited and interaction patterns
• API usage metrics for developer accounts

2.6 Information from Third Parties

• Government and institutional partners: When our platform is used in conjunction with government systems for public works oversight, compliance verification, or anti-fraud operations, we may receive data from authorized government entities.
• API integrators: Organizations that integrate with our API may transmit user data in accordance with their own privacy policies and their agreements with us.

3. How We Use Your Data

We use collected data for the following purposes:

3.1 Verification and Anti-Fraud Analysis

• Generating cryptographically signed verification records that prove an event occurred at a specific place and time
• Cross-referencing sensor data, GPS signals, and environmental conditions to detect anomalies and potential fraud
• Correlating captured data with satellite weather information to validate environmental conditions at the reported time and location
• Producing tamper-evident verification certificates with unique identifiers for public works verification, insurance claims, and government compliance

3.2 AI-Powered Analysis

• Processing photographs through AI models to generate contextual descriptions and identify relevant features in verification images
• Performing automated consistency checks between visual evidence and reported data
• Enhancing fraud detection through pattern recognition and anomaly identification

3.3 Platform Operations

• Authenticating users and managing access permissions
• Providing API services to authorized integrators
• Generating aggregated, anonymized analytics to improve our services
• Communicating service updates, security notices, and support responses

3.4 Government Compliance and Public Accountability

• Supporting government agencies in verifying that public works and infrastructure projects were completed as reported
• Providing auditable verification trails for regulatory compliance and anti-corruption initiatives
• Enabling insurance companies to validate the authenticity of claims through spatial-temporal proof

4. Cookies and Analytics

Our website uses cookies and similar technologies to enhance your browsing experience and gather usage analytics.

• Essential cookies: Required for basic website functionality such as session management and security. These cannot be disabled.
• Analytics cookies: We use Statcounter to collect anonymized usage statistics, including pages visited, time on site, and general geographic location (country-level). This helps us understand how visitors use our site and improve our services.
• Functional cookies: Remember your preferences, such as language selection and display settings.
• No advertising cookies: We do not use advertising or behavioral tracking cookies.

You can manage cookie preferences through your browser settings. Disabling cookies may affect some website functionality.

5. Third-Party Services

Spatial Proof integrates with select third-party services to deliver its verification infrastructure. We carefully vet each provider and limit data sharing to what is strictly necessary.

5.1 Cloud Infrastructure

Verification data, including photographs and associated metadata, is stored on secure cloud infrastructure. All data is encrypted in transit and at rest using industry-standard encryption protocols.

5.2 AI Processing

We use AI API services to perform automated analysis of verification photographs. Images submitted for verification may be processed by AI models to generate contextual descriptions. We do not send personally identifiable account information to AI providers -- only verification images and related non-identifying metadata.

5.3 Analytics

We use Statcounter for website analytics. Statcounter collects anonymized browsing data to help us understand website traffic patterns. No personally identifiable information is shared with Statcounter beyond standard web request data (IP address, browser type).

We do not sell your personal information to third parties. We do not share your data for advertising purposes.

6. Data Security

Spatial Proof employs industry-leading security measures to protect the integrity, confidentiality, and availability of your data. Security is foundational to our verification infrastructure.

6.1 Encryption and Hashing

• SHA-256 cryptographic hashing is applied to verification records and their associated data, producing unique digital fingerprints that make tampering immediately detectable
• AES-256 encryption is used to protect data at rest, ensuring stored information remains unreadable without proper authorization
• TLS 1.3 encryption secures all data in transit between your device, our servers, and third-party services

6.2 Infrastructure Security

• Data is stored on secure, access-controlled cloud infrastructure
• Regular security audits and vulnerability assessments are conducted
• Access to personal data is restricted to authorized personnel on a need-to-know basis
• Multi-factor authentication is enforced for administrative access
• Anti-tampering measures including GPS signal analysis, device sensor cross-referencing, and media forensics detect and prevent data manipulation

7. Data Retention and Deletion

Verification records are retained for as long as they serve their evidentiary and compliance purposes. Because these records may be used as proof in governmental, legal, or regulatory contexts, they may be retained for extended periods.

• Verification records: Retained for the duration required by the contracting organization's data retention policies, or as required by applicable law. Records used for government compliance, public works verification, or insurance claims may be retained indefinitely to ensure long-term auditability.
• Account information: Retained for as long as your account remains active, and for a reasonable period thereafter to comply with legal obligations.
• Usage and analytics data: Identifiable usage logs are retained for up to 24 months. Aggregated, anonymized data may be retained indefinitely for service improvement.
• Communications: Support correspondence is retained for up to 36 months after the last interaction.

You may request deletion of your personal account data by contacting us. Please note that cryptographic hashes within verification records cannot be individually deleted without compromising the integrity of the verification chain. In such cases, we will work with you to find an appropriate resolution consistent with legal and contractual requirements.

8. Your Rights (LGPD & GDPR)

Spatial Proof is committed to respecting your data protection rights under applicable laws, including the Brazilian General Data Protection Law (LGPD) and the European General Data Protection Regulation (GDPR).

8.1 Your Rights Include

• Right of Access: You may request confirmation of whether we process your personal data and obtain a copy of it
• Right to Rectification: You may request correction of inaccurate or incomplete personal data
• Right to Deletion: You may request deletion of your personal data, subject to legal retention obligations and the integrity requirements of verification records
• Right to Data Portability: You may request a copy of your personal data in a structured, commonly used, machine-readable format
• Right to Object: You may object to the processing of your personal data in certain circumstances
• Right to Restrict Processing: You may request restriction of processing in specific situations
• Right to Revoke Consent: Where processing is based on your consent, you may withdraw it at any time without affecting the lawfulness of prior processing
• Right Regarding Automated Decisions: You have the right not to be subject to decisions based solely on automated processing

8.2 LGPD-Specific Rights (Brazil)

In accordance with Brazil's Lei Geral de Proteção de Dados (LGPD, Law No. 13,709/2018), Brazilian users additionally have the right to:

• Request information about public and private entities with which their data has been shared
• Be informed about the possibility of not providing consent and the consequences thereof
• Request anonymization, blocking, or elimination of unnecessary or excessive data
• File complaints with the Brazilian National Data Protection Authority (ANPD)

To exercise any of these rights, please contact us at brayon@spatialproof.org. We will respond to your request within 15 business days (LGPD) or 30 calendar days (GDPR).

9. International Data Transfers

Spatial Proof operates across the United States and Brazil. Your data may be transferred to and processed in either country depending on operational requirements. We ensure that all international transfers comply with applicable data protection laws.

• US-Brazil transfers: Data may be transferred between our US entity (Zenith Flow Innovations LLC) and our Brazilian entity (Pieske One LTDA) as necessary for service delivery, support, and compliance
• Adequate safeguards: We implement appropriate contractual and technical safeguards for all cross-border data transfers, including standard contractual clauses where required
• GDPR transfers: For data originating from the European Economic Area, transfers to the US or Brazil are conducted under appropriate safeguards as required by the GDPR
• LGPD compliance: International transfers of Brazilian residents' data comply with LGPD requirements, including adequate level of protection assessments

10. Children's Privacy

Spatial Proof's services are not directed at individuals under the age of 18. We do not knowingly collect personal data from children. If you are a parent or guardian and believe that your child has provided us with personal data, please contact us immediately at brayon@spatialproof.org. If we become aware that we have collected personal data from a child without verification of parental consent, we will take steps to remove that information from our systems.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes, we will notify you by posting the updated policy on our website and updating the "Last updated" date at the top of this page. We encourage you to review this Privacy Policy periodically.

Your continued use of Spatial Proof after any changes to this Privacy Policy constitutes your acceptance of the updated terms.

12. Contact Information

If you have any questions about this Privacy Policy, wish to exercise your data protection rights, or have concerns about how your data is handled, please contact us:

For LGPD-related inquiries, you may also contact Brazil's National Data Protection Authority (ANPD) at www.gov.br/anpd.

For GDPR-related inquiries, you have the right to lodge a complaint with a supervisory authority in the European Economic Area.