Privacy Policy

SignedShot is an open protocol for cryptographic verification of media authenticity. This policy explains what data SignedShot collects, why, and how it is handled.

What we collect

iOS App

• Device identifier — A randomly generated ID created during registration. This is not your hardware ID or Apple ID.
• Device attestation — We use Apple's App Attest (via Firebase App Check) to verify that requests come from a genuine device running our app. The attestation token is verified and discarded.
• Capture session metadata — A session ID and timestamp are generated for each capture. These are used to issue the cryptographic trust token.

Website (signedshot.io)

• Analytics — We use Plausible Analytics, a privacy-friendly service that does not use cookies, does not collect personal data, and is fully GDPR compliant.

API (for developers)

• Publisher configuration — Publisher name, Firebase project ID, and app bundle ID are stored to enable attestation verification.
• Capture audit trail — Session IDs and timestamps are stored to ensure each trust token is issued for a valid capture.

What we do not collect

• Photos, videos, or any media content
• Names, email addresses, or personal information
• Location or GPS data
• IP addresses
• Browser cookies or tracking identifiers
• Contacts, calendars, or other device data

How we use your data

The data we collect is used exclusively to operate the SignedShot protocol:

• Verify that capture requests come from genuine devices
• Issue cryptographic trust tokens for authenticated captures
• Prevent replay attacks through one-time session nonces
• Maintain an audit trail of issued trust tokens

We do not sell, share, or use your data for advertising, profiling, or any purpose unrelated to the SignedShot protocol.

Data storage and security

• Device tokens are hashed (SHA-256) before storage. The raw token is only returned once during registration.
• Capture sessions expire automatically after 5 minutes and are deleted.
• Trust tokens are signed with ES256 (ECDSA with P-256) and can be verified independently using our public JWKS endpoint.
• All communication uses HTTPS/TLS encryption.

Third-party services

• Firebase App Check (Google) — Used for device attestation verification. See Firebase Privacy Policy.
• Plausible Analytics — Privacy-friendly website analytics. No cookies, no personal data. See Plausible Privacy Policy.
• Railway — API hosting platform. See Railway Privacy Policy.
• Vercel — Website hosting platform. See Vercel Privacy Policy.

Data retention

• Capture sessions: Automatically deleted after 5 minutes
• Device registrations: Retained while the service is active
• Capture audit trail: Retained for verification purposes

You may request deletion of your device data by contacting us at hello@signedshot.io.

Children's privacy

SignedShot is not directed at children under 13. We do not knowingly collect data from children. If you believe a child has provided us with data, please contact us and we will delete it.

Changes to this policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated date. Continued use of SignedShot after changes constitutes acceptance of the updated policy.

Contact

For questions about this Privacy Policy or to request data deletion, contact us at hello@signedshot.io.