# Privacy Policy

> Proof of Human is built privacy-first: full file paths, lyrics, notes, pitches, and incidental DAW names stay on your Mac. When you seal a notarized proof, the exported track and the display names shown in its proof do leave your device — this policy explains exactly what we keep and how to delete it.

_Last updated: July 13, 2026_

## Overview

Aura Music Technologies ("Aura," "we," "us," or "our") makes Proof of Human ("PoH"), a macOS app and service that records the human editing work behind a piece of music and binds it to a one-way fingerprint of the exported audio. This Privacy Policy explains how we handle personal information across (1) our website at proofofhuman.fm and (2) the Proof of Human app and backend service (together, the "Services").

This policy is written for users in the United States and Canada. If you access the Services from elsewhere, please contact us before use — we are not currently directing the Services to other regions. Proof of Human is in private beta, and we will update this policy as the product develops.

## The short version

- **Your creative work stays private.** The app never transmits lyrics, notes, pitches, full file-system paths, or track, region, and clip names, and it observes only the supported music apps (DAWs) you enable — currently Apple Logic Pro, Ableton Live, and FL Studio. When you request a notarized proof, it sends us the exported track, its display file name, your project or song display name, and a content-free editing record. The backend derives the numeric signals and fingerprint and creates the registered proof assets. Deleting a proof deletes its stored track, editing record, proof assets, and registry row.
- **We don't sell or rent your personal information**, and we don't use it for advertising.
- **This website sets no cookies, runs no client-side or third-party analytics, and shows no ads.**
- **You're in control.** You can ask us to access, correct, or delete your information at any time at frank@auramusictechnologies.io.

## Information we collect

We collect different information depending on how you use the Services.

### When you visit this website

Our marketing pages do not set cookies, run client-side or third-party analytics or advertising, or load third-party fonts. The website does include the **Verify a proof** form. Your browser uploads the audio you choose directly to Amazon Web Services (AWS), where the short-lived intake object is scheduled to expire after one day and deleted automatically afterward. Every verification check sends the AWS upload identifier through our Vercel-hosted route, which forwards the request to AWS and returns the result; a legacy two-file check additionally sends the optional .poh bytes through that route. Neither the verifier audio nor the .poh is added to the analysis corpus. Vercel also automatically processes standard server logs — your IP address, browser type, the pages you request, and timestamps — to deliver and secure the site. When you click "Download for Mac," your request passes through our download endpoint, which records your IP address and the source of the link you clicked and keeps them for up to 90 days — we use this only for download statistics and coarse (country-level) geolocation, and it is never linked to your app install or your proofs. You are then redirected to our release files hosted on GitHub, and GitHub receives your request (including your IP address) in order to serve the download. If you email us using a link on the site, we receive whatever you choose to include.

### When you join the beta or contact us

To give you access to Proof of Human, we collect your email address, plus any information you choose to provide when you contact us (for example, your name or the details of a support request).

### When you use the Proof of Human app

The app observes your editing process only in the supported DAWs you turn on — currently Apple Logic Pro, Ableton Live, and FL Studio — and nothing else on your Mac. It observes Logic Pro through the macOS Accessibility permission you grant, scoped to Logic Pro alone; it observes Ableton Live through a small script you install inside Live; and it observes FL Studio through a small controller script you install into FL Studio, connected over MIDI. It does not watch any other application or general activity on your Mac. From that, it produces on your device:

- a **capture trace** — a hash-chained, Secure-Enclave-signed record of the timing and structure of your editing actions;
- an **audio fingerprint** — a one-way hash used to bind the capture trace to your export; and
- on the local-only path, a device-sealed **.poh proof**. On the notarized path, the backend creates the registered proof.

When you request a notarized proof, the app sends to our backend: the **exported audio file**; its **display file name** and your **project or song display name**; the **capture trace** (a content-free record of timing and structure, never lyrics, notes, pitches, full paths, or track, region, and clip names); session summary metadata; and your versioned consent record. The backend independently hashes the uploaded audio, derives the numeric signals, verifies the Secure-Enclave signature chain, computes a report-only humanness result, creates and signs the registered proof, and, for supported WAV exports, may create a C2PA manifest. We retain the exported audio and capture trace in a restricted, encrypted store to improve the humanness model. The proof document and C2PA manifest do not contain the raw capture trace or a second copy of the audio; display names and verification metadata do appear in them. A delivered C2PA audio asset still contains the track itself, with the manifest embedded. Deleting a proof — from the app, or by emailing us — permanently deletes its stored audio, capture trace, proof assets, and registry row.

### Product-usage signals (on by default; you can turn them off)

Separately from proofs, the app sends us lightweight product-usage signals — for example that the app was opened, that capture started, that a proof was sealed, and the DAW, app version, and macOS version involved. Each signal carries a random per-install identifier the app generates locally (stored by us only in hashed form; it is not your device signing key and is not linked to your proofs), and our server records the IP address the request arrived from alongside that install's daily activity. We keep this activity data, including the IP address, for up to 40 days and use it only for usage statistics — active-install counts and coarse (country-level) geolocation. IP addresses never enter our metrics dashboards as identifiers. These signals are on by default; turning off "Share usage data" in the app's Settings stops all of them, including IP collection.

### What the app does not collect

To be unambiguous: the app does **not** transmit your lyrics, melodies, note pitches or positions, full file-system paths, or track, region, and clip names. It does transmit the exported track's display file name and the project or song display name shown in the proof. The only audio it transmits is the track you export when sealing a notarized proof — never project files, stems, other takes, or other audio on your Mac. It observes only the supported DAWs you enable — currently Logic Pro, Ableton Live, and FL Studio — and does **not** observe other applications or general activity on your Mac. We do **not** collect biometric identifiers, and the behavioral signals we derive are not used to identify you biometrically.

## Categories of personal information

For California and other U.S. state privacy laws, the personal information described above maps to these categories:

- **Identifiers** — your email address and IP address.
- **Internet or other network activity** — website server logs (pages requested, browser type, timestamps), download-click records, and app usage signals (each retained as described above).
- **Audio and creative content** — the exported track you seal a proof for, plus its display file name and your project or song display name, collected at proof creation and retained as described under "Data retention." Lyrics, notes, pitches, full file-system paths, and incidental DAW names are not collected.
- **Other information** — the content-free editing record, derived numeric behavioral signals, the one-way audio fingerprint, and sealed proof and credential data.

We collect this information from you and from your use of the app, use it for the purposes described in "How we use information," and disclose it only to the service providers listed in "How we share information." We do **not** sell or share it, and we do **not** collect sensitive personal information for the purpose of inferring characteristics about you. Retention is described under "Data retention."

## The report-only humanness result

Each proof includes a humanness breakdown (human / AI / unknown percentages). This result is **report-only and informational**. It is not a verdict, it never gates or blocks a proof, and when the evidence is thin the result is "unknown" — never "AI." The result is generated automatically from derived signals; it does not determine whether you receive a proof, and on request we will explain, in plain language, the main factors behind a result and give you a way to reach a person about it. See our Terms of Service for what a proof does and does not assert.

For the short, reader-facing process note shown with a result, our backend sends Anthropic only the DAW family, coarse assessment bands, and approved content-free observations derived from the editing record — for example, broad editing patterns and explicit coverage limits. We do **not** send Anthropic exact percentages, exported audio, the raw capture trace, lyrics, notes, pitches, display names, file paths, proof or account identifiers, or other musical content. Anthropic can select only approved evidence IDs through a JSON schema; fixed server templates write the public note. Under Anthropic's standard API policy, prompts and responses are deleted within 30 days, except when longer retention is required for safety-policy enforcement or law; the output schema may be cached for up to 24 hours. The note remains report-only and does not change the result or whether a proof is issued.

## How we use information

We use the information above to:

- provide, operate, verify, and secure the Services, including issuing and verifying proofs;
- compute the report-only humanness result and generate its content-free process note;
- create and manage your access and respond to your messages;
- maintain the proof registry so proofs can be verified later;
- detect, prevent, and address fraud, abuse, security, and technical issues;
- improve the Services, including by using de-identified or aggregated signals that do not identify you; and
- comply with law and enforce our Terms.

We do not use your information for advertising, and we do not sell or rent it.

## How we share information

We share personal information only as follows:

- **Service providers / sub-processors.** We use a small number of vendors to run the Services, including, but not limited to, Amazon Web Services (compute, storage, KMS key-signing, and transactional or access email through Amazon SES), Anthropic (model inference for the content-free process note described above), Vercel (website hosting), and GitHub (app distribution). They process information on our behalf and only to provide their services to us.
- **Verification you initiate.** When you share a proof or its verification link with a platform or person, the information contained in that proof is disclosed to them at your direction.
- **Legal and safety.** We may disclose information if required by law or legal process, or to protect the rights, safety, and security of our users, the public, or Aura.
- **Business transfers.** If we are involved in a merger, acquisition, financing, or sale of assets, information may be transferred as part of that transaction; we will continue to protect it under this policy or notify you of any material change.

We do **not** "sell" your personal information, and we do **not** "share" it for cross-context behavioral advertising, as those terms are defined under California and other U.S. state privacy laws.

## Cookies and tracking

Our website uses no cookies and no client-side or third-party analytics or advertising trackers, and we do not engage in cross-site tracking. Our first-party download statistics and operational server logs are described above. Because we do not use cross-site or advertising tracking, there is nothing to opt out of on the website; we nonetheless honor recognized browser opt-out preference signals (such as Global Privacy Control) where they apply. We also do not use or disclose sensitive personal information for purposes that would give you a right to limit that use.

## Where your information is processed

Our backend runs on Amazon Web Services and may process your information in Canada and/or the United States. If your information is processed outside your province or country, privacy laws there may differ from your own, and your information may be accessible to the courts, law enforcement, and national-security authorities of that jurisdiction under its laws. By using the Services, you acknowledge this, and we use reputable providers and contractual and technical safeguards to protect it.

## Data retention

We keep personal information only as long as needed for the purposes in this policy. The exported audio, content-free editing record, and stored proof assets submitted with a proof expire automatically after up to approximately two years, or are deleted sooner when you delete that proof, subject to legal retention requirements. Because a proof is meant to remain verifiable, its registered proof metadata — including display names, the derived result, and verification metadata — may remain longer while the proof is registered. Deleting the proof permanently deletes its corpus objects, registry row, and full issuance replay response. New proofs also delete their hashed replay aliases immediately; short-lived hashed aliases for older proofs become unusable after eight days and are deleted automatically afterward. Audio uploaded only through the website verifier is scheduled to expire after one day and deleted automatically afterward. We keep access information while your account is active and delete or de-identify it when no longer needed.

## How we protect information

We design for data minimization: lyrics, notes, pitches, full file-system paths, and track, region, and clip names stay on your device. The exported track submitted with a proof is stored encrypted under strict access controls. The proof document and C2PA manifest do not contain a second copy of the audio, although a delivered C2PA audio asset necessarily contains the track with that manifest embedded; the display file name and your project or song display name do appear in the proof metadata. The capture trace is hash-chained and signed in your Mac's Secure Enclave, credentials are signed using AWS KMS, and information is encrypted in transit and protected with access controls. No method of transmission or storage is perfectly secure, but we work to protect information using measures appropriate to its sensitivity.

## Security incidents

If a breach of security safeguards creates a real risk of significant harm, we will notify affected individuals and the appropriate regulators as required by applicable law, including PIPEDA, Quebec's Law 25 (notice to the Commission d'accès à l'information and affected individuals for a confidentiality incident that presents a risk of serious injury), and U.S. state breach-notification laws.

## Your privacy rights

### United States

Depending on your state of residence (for example, California, Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, and others), you may have the right to:

- know and access the personal information we hold about you;
- correct inaccurate personal information;
- delete your personal information;
- obtain a portable copy of it;
- opt out of the "sale" or "sharing" of personal information or of targeted advertising (we do none of these); and
- not receive discriminatory treatment for exercising your rights.

California residents may also request the categories of personal information we collect, the sources, the business purposes, and the categories of third parties to whom we disclose it (see "Categories of personal information" above).

### Canada

Under PIPEDA and applicable provincial laws (including Quebec's Law 25), you may access the personal information we hold about you and request a copy, request correction of inaccurate information, withdraw your consent (subject to legal or contractual limits), and ask how your information is collected, used, and disclosed. Our privacy officer can be reached at frank@auramusictechnologies.io. You also have the right to challenge our compliance and to complain to the Office of the Privacy Commissioner of Canada or your provincial regulator (in Quebec, the Commission d'accès à l'information).

### How to exercise your rights

Email us at frank@auramusictechnologies.io. We will verify your request (typically by confirming control of the account email) and respond within the time required by applicable law. You may use an authorized agent where the law allows, and we may ask for proof of authorization. If we decline a request, we will explain why and, where required, provide a way to appeal.

## Children's privacy

The Services are intended only for users who are at least 18 (or the age of majority where they live) and are not directed to children. We do not knowingly collect personal information from anyone under 18, and we do not knowingly collect personal information from children under 13 in a manner that would violate the Children's Online Privacy Protection Act. If you believe someone under 18 has provided us information, contact us and we will delete it or deactivate the account.

## Do Not Sell or Share

We do not sell or share personal information for cross-context behavioral advertising. We honor recognized universal opt-out signals (such as Global Privacy Control) for residents of states that require it.

## Changes to this policy

We will update this policy as the Services evolve. When we make material changes, we will revise the "Last updated" date and, where appropriate, provide additional notice. Your continued use of the Services after an update means you accept the revised policy.

## Contact us

Aura Music Technologies
British Columbia, Canada
Email: frank@auramusictechnologies.io

---
More: [llms.txt](https://proofofhuman.fm/llms.txt) · [sitemap](https://proofofhuman.fm/sitemap.md)
