1. Introduction

ProveAudio provides forensic audio watermarking, blockchain timestamping, and court-ready evidence package generation services ("Services"). This Privacy Policy explains what personal information Luxaris Digital collects when you use ProveAudio, how we use and protect it, and what rights you have with respect to your information.

By creating an account or using the Services, you agree to the collection and use of information as described in this policy. If you do not agree, please discontinue use of the Services.

2. Information We Collect

2.1 Account Information

When you register for an account, we collect:

• Your name
• Email address
• Password (stored in hashed, non-reversible form — we never store your plaintext password)

2.2 Payment Information

Credit purchases and subscription payments are processed by Stripe, Inc. We do not store your full credit card number, card verification code (CVC), or other sensitive payment credentials on our servers. Stripe provides us with a tokenized reference and transaction confirmation. For details on how Stripe handles your data, see Stripe's Privacy Policy.

2.3 Uploaded Audio Files and Metadata

To perform watermarking, we receive and temporarily process:

• Audio files you upload (supported formats: WAV, MP3, FLAC, AAC, OGG, M4A, AIFF)
• File metadata such as filename, file size, duration, sample rate, and bit depth
• Any descriptive labels or titles you associate with a file

2.4 Generated Deliverables

As part of the Services, we generate and store on your behalf:

• Watermarked audio output files
• Forensic watermarking certificates
• Forensic evidence reports
• Blockchain proof records and OpenTimestamps proofs

These deliverables are associated with your account so you can access and download them.

2.5 Communications

If you contact us via email or a support channel, we retain records of that correspondence, including your email address and the content of messages, in order to respond to your inquiry and maintain a support history.

2.6 Information Collected Automatically

When you visit or use the Services, our servers and third-party analytics tools may automatically collect:

• Log data: IP address, browser type and version, operating system, referring URL, pages visited, and timestamps of requests
• Usage data: Features used, files processed, credits consumed, and session duration
• Cookies and similar technologies: We use a session cookie and a timezone-preference cookie to maintain your login state and display times correctly. These cookies are functional and necessary for the Services to operate.
• Google Analytics (Property ID: G-01CMP23488): We use Google Analytics to understand aggregate usage patterns — pages visited, session lengths, and general geographic regions. Google Analytics collects data through cookies. You can opt out of Google Analytics tracking by installing the Google Analytics Opt-out Browser Add-on or by adjusting your browser's cookie settings.
• Device information: General device type and screen resolution, as reported by your browser

3. How We Use Your Information

We use the information we collect for the following purposes:

4. How We Share Your Information

We do not sell your personal information. We do not share your personal information with advertisers or data brokers. We share data only as described in the table below.

In the event of a business transfer (merger, acquisition, or sale of assets), your information may be transferred to the acquiring entity, subject to the same privacy protections described in this policy.

5. Uploaded Audio Files — How We Handle Your Content

Your audio files are your intellectual property. We treat them accordingly:

• Not used to train AI models. Your uploaded audio files are never used to train, fine-tune, or evaluate any artificial intelligence or machine learning model — ours or anyone else's.
• Processed solely for watermarking. Your files are accessed only for the purpose of applying the forensic watermark and generating your deliverables. No human at Luxaris Digital listens to or reviews your audio content unless you explicitly request support involving a specific file.
• Not shared with third parties. Your original audio files and watermarked outputs are not shared, sold, licensed, or otherwise disclosed to any third party except as necessary to operate the cloud infrastructure hosting the Services.
• Retention. Your uploaded files and generated deliverables are retained in your account for as long as your account is active or as described in Section 6 (Data Retention). You may delete individual files from your account at any time. Upon account deletion, your files are removed from active storage within 30 days.

6. Blockchain Data

As part of the timestamping service, ProveAudio publishes a cryptographic hash (a one-way mathematical fingerprint) of your audio file to the Bitcoin blockchain via the OpenTimestamps protocol. This creates a permanent, publicly verifiable proof-of-existence record tied to a specific point in time.

What Is Published

Only the cryptographic hash is published — not your audio content, not your name, not your email address, and not any other personal information. The hash is a fixed-length string of characters that cannot be reversed to reconstruct the original audio file.

Permanence

Blockchain records are immutable by design. Once a hash has been anchored to the Bitcoin blockchain, it cannot be deleted, altered, or removed — by us or by anyone else. This permanence is the feature that makes blockchain timestamps legally meaningful, but it also means that you cannot request deletion of data that has been published to the blockchain.

What This Means for You

Because the hash contains no personal information, publishing it to the blockchain does not expose any identifiable data about you. If you delete your ProveAudio account, we will remove all records linking that hash to your identity from our systems; the hash itself will remain on the blockchain as an anonymous record.

7. Data Security

We implement industry-standard technical and organizational measures to protect your personal information from unauthorized access, alteration, disclosure, or destruction. These measures include:

• Encryption of data in transit using TLS (HTTPS)
• Encryption of data at rest on cloud storage
• Hashed password storage (your plaintext password is never stored)
• Access controls limiting data access to authorized systems and personnel
• Regular security reviews

No method of electronic transmission or storage is 100% secure. While we take reasonable precautions, we cannot guarantee absolute security. If you have reason to believe your account has been compromised, contact us immediately at support@proveaudio.com.

8. Data Retention

9. Your Privacy Rights

9.1 Rights Available to All Users

Regardless of where you are located, you have the right to:

• Access: Request a copy of the personal information we hold about you.
• Correction: Request correction of inaccurate or incomplete personal information.
• Deletion: Request deletion of your personal information, subject to legal retention obligations and the blockchain limitation described in Section 5.
• Data Portability: Request your account data in a machine-readable format.
• Withdraw Consent: Where processing is based on consent, withdraw that consent at any time (without affecting the lawfulness of prior processing).
• Opt Out of Analytics: Opt out of Google Analytics data collection as described in Section 1.6.

To exercise any of these rights, contact us at support@proveaudio.com. We will respond within 30 days.

9.2 Additional Rights for California Residents (CCPA / CPRA)

If you are a California resident, the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA) grants you additional rights:

• Right to Know: You have the right to know the categories and specific pieces of personal information we have collected about you, the categories of sources, the business purpose for collection, and the categories of third parties with whom we share it.
• Right to Delete: You have the right to request deletion of personal information we collected from you, subject to certain exceptions (e.g., completing a transaction, legal obligations).
• Right to Correct: You have the right to request correction of inaccurate personal information.
• Right to Opt Out of Sale or Sharing: We do not sell or share personal information for cross-context behavioral advertising. No opt-out action is required, but you may contact us to confirm.
• Right to Limit Use of Sensitive Personal Information: We do not use sensitive personal information for purposes beyond those permitted by the CPRA.
• Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA/CPRA rights.

To submit a California privacy request, email support@proveaudio.com with the subject line "California Privacy Request." We may need to verify your identity before processing your request.

9.3 Users in the European Economic Area and United Kingdom

If you are located in the EEA or UK, you may have additional rights under the GDPR or UK GDPR, including the right to lodge a complaint with your local supervisory authority. Contact us at support@proveaudio.com with questions about our legal basis for processing or to exercise your rights.

10. Children's Privacy

ProveAudio is not directed to children under the age of 13, and we do not knowingly collect personal information from children under 13. If we become aware that we have inadvertently collected personal information from a child under 13, we will take steps to delete that information promptly. If you believe a child under 13 has provided personal information to us, please contact us at support@proveaudio.com.

11. Third-Party Links

The Services may contain links to third-party websites or services (for example, links to your blockchain proof on a public block explorer). We are not responsible for the privacy practices of those third parties. We encourage you to review the privacy policies of any third-party sites you visit. The inclusion of a link does not imply our endorsement of that site.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

• Update the "Effective Date" at the top of this policy
• Notify registered users by email at the address associated with your account
• Post the updated policy at proveaudio.com/privacy

Your continued use of the Services after the effective date of a revised policy constitutes your acceptance of the changes. If you do not agree to the revised policy, you should discontinue use and may request account deletion.

13. Contact

For privacy-related questions, requests, or concerns, please contact:

We aim to respond to all privacy inquiries within 30 days. For California CCPA/CPRA requests, our response deadline is 45 days (with a possible extension of an additional 45 days when reasonably necessary).