Privacy Policy

• Account and contact data: your email, name, and (for sellers) the display name and email you confirm before recording.
• Deal data: the item, deal amount, marketplace, counterparty handle, safe word, notes, statuses, and a timestamped event log of actions taken on each DealProof.
• Proof videos: the video a seller records, plus technical metadata (duration, file size, a one-way-hashed IP address, and browser user-agent).
• Consent records: when you certify lawful use or agree to terms, we log the moment with a hashed IP and browser fingerprint.
• Payments and identity: processed by Stripe. We never receive or store card numbers or identity documents. We store only payment status and identity-check status.

To run the service: creating and tracking DealProofs, delivering proof to the requesting buyer, sending transactional email (deal status, reminders, receipts, security), preventing fraud and abuse, maintaining backups, and complying with legal obligations. We do not sell your data, and we do not send marketing email without your consent.

This service exists to share proof, so sharing is the point, but it is limited and one-directional: the buyer who requested verification sees the seller's display name, confirmed details, proof video, and identity-check status(never documents). Sellers see the buyer's first name and the deal details the buyer entered. Proof videos are never public and are playable only by the requesting buyer and DealProof administrators.

We share data with processors who run our infrastructure: Stripe (payments and identity verification), Resend (email delivery), Railway (hosting and storage), and Cloudflare (DNS). Each receives only what it needs to perform its function. We may disclose information if required by law or to protect users from fraud or harm.

• Proof videos are deleted automatically after 30 days (Standard) or 90 days (Verified). Exception: if a seller explicitly opts in to marketing use of their safe-word clip, that video is retained until used or until they ask us to delete it.
• Deal records, event logs, and consent records are retained. They are the proof trail both parties relied on.
• Deleting your account (Settings → Delete account) cancels your in-flight DealProofs, signs you out everywhere, and permanently anonymizes your profile. Completed deal records persist in anonymized form.
• Encrypted backups are kept for disaster recovery and age out on a rolling basis.

We use a single, essential session cookie to keep you signed in. No advertising cookies, no cross-site tracking. If we add product analytics, it will be first-party and privacy-respecting, and this policy will be updated.

Access links and sessions use high-entropy tokens stored only as one-way hashes; proof videos live in private storage reachable only through access-checked playback; passwords are hashed with bcrypt; payments and identity documents never touch our servers. No system is perfectly secure. Report concerns to abuse@trustdealproof.com.

DealProof is for adults 18 and over. We do not knowingly collect data from minors.

Material changes will be reflected by the date above. Questions or requests: notifications@trustdealproof.com.