Privacy Policy
Effective June 22, 2026. The short version: your photos and videos never leave your device. Only cryptographic hashes and signatures are sent to the relay so that the public chain can record them.
1. Introduction
TrustEye is a camera integrity app that creates cryptographic proofs for photos and videos at capture time. This policy describes what data TrustEye collects, how it is used, and your rights regarding that data.
2. No account required
TrustEye does not require user accounts, email addresses, logins, or any personally identifiable registration for basic (free) usage. Your device identity is a cryptographic public key generated on-device; it is not linked to your name, email, phone number, Apple ID, or Google account.
3. Data we do NOT collect
- We do not use analytics SDKs, tracking pixels, or ad networks.
- We do not collect device identifiers (IDFA, IDFV) for advertising or analytics.
- We do not access your contacts, location (unless you explicitly enable geotagging), microphone (except during video capture), or other sensors beyond the camera.
4. Data stored on-device
TrustEye stores capture and proof metadata in app-private storage protected by the operating system:
- Capture metadata: SHA-256 content hashes, timestamps, visual fingerprints.
- Blockchain references: transaction IDs, anchor timestamps, chain identifiers.
- Device key material: private keys remain in Apple Secure Enclave or Android Keystore hardware and are never exported.
Photos and videos are stored in your device photo library. TrustEye never uploads your photos or videos to any server.
5. Data transmitted to the TrustEye relay service
When a capture is anchored on-chain, the following data is sent to the TrustEye relay service over TLS:
| Data item | Purpose |
|---|---|
| SHA-256 hash of the photo/video | Uniquely identifies the capture without revealing content |
| Device public key (P-256 compressed) | Identifies the device that produced the capture |
| ECDSA signature | Proves the hash was signed by the device's hardware-backed key |
| Platform attestation evidence | Apple App Attest or Android Key Attestation binds proof keys to the genuine app and secure hardware |
| Capture timestamp | Recorded in the provenance record |
No image data, video data, or biometric data is ever transmitted.
6. Data stored on-chain (blockchain)
Provenance records (content hashes, device public keys, signatures, timestamps) are written to the supported public chain (currently Solana). On-chain data is permanent and cannot be deleted due to the immutable nature of blockchain technology. This is a core design property: it ensures that provenance records cannot be tampered with after the fact.
7. In-app purchases (seal packs)
If you buy a consumable seal pack inside the Android or iOS app (com.trusteye.pack25, pack100, or pack500):
- Payment is processed by Google Play or Apple App Store. We do not receive or store your full payment card number, CVV, or billing address.
- We receive a store-signed purchase token or transaction so the relay can validate the purchase and credit sealing capacity to your device. The grant is bound to your device's signing key; we do not maintain a user account.
8. Third-party services
| Service | Purpose | Data shared |
|---|---|---|
| TrustEye relay | On-chain anchoring | See section 5 |
| Google Play / Apple App Store | In-app seal pack purchases | See section 7 |
| Android Key Attestation / Apple App Attest | Device integrity verification | Public certificate/attestation key and assertion data managed by the platform |
We do not share data with data brokers, advertisers, or any other third parties.
9. Data retention
- On-device data: retained until you delete the app or clear its data.
- Relay service index: retains a mapping of content hashes to blockchain transaction IDs. You may request deletion of your index records (see Section 11).
- On-chain data: permanent and immutable. Cannot be deleted by anyone.
10. Security
- All network communication uses TLS 1.2+.
- Private keys are generated in and never leave Apple Secure Enclave or Android Keystore secure hardware.
- On-device app data is protected by iOS Data Protection or Android app sandbox and device encryption.
11. Your rights (GDPR and global privacy)
- Access: you can export your provenance records from the app at any time.
- Deletion: you can request deletion of your records from our relay index service by contacting us. Note: on-chain records cannot be deleted due to blockchain immutability. Since on-chain records contain only cryptographic hashes and public keys (not personal information in the conventional sense), they do not identify you by name or contact information.
- Portability: provenance records use an open format and can be independently verified against public blockchains.
To exercise your rights, contact privacy@trusteye.io.
12. Children's privacy
TrustEye is not directed at children under 13. We do not knowingly collect personal information from children.
13. Platform store disclosure
In accordance with Google Play and Apple App Store requirements:
- Data not linked to you: device public keys (cryptographic, not tied to identity), content hashes, blockchain transaction records.
- Data not collected: TrustEye does not collect data used to track you across apps or websites owned by other companies.
- Tracking: TrustEye does not track users. We do not use the AppTrackingTransparency framework because we perform no tracking.
14. Changes to this policy
We will update this policy as needed and post the revised version in the app and at our website. Material changes will be communicated through an in-app notice.
15. Contact
TrustEye
Email: privacy@trusteye.io
Last updated: June 22, 2026.