Privacy Policy

Enclave Technologies LLC ("Enclave," "we," "us," or "our") operates Enclave Verify — identity verification infrastructure available at verify.enclave.talk and through our API, dashboard, and related services (the "Service").

This Privacy Policy explains what information we collect, why we collect it, how we use it, and your rights regarding it. Enclave Verify is built on a zero-knowledge verification model: users control their documents, Enclave issues cryptographic certificates, and businesses receive only consent-scoped signed claims.

By using the Service, you agree to the collection and use of information in accordance with this policy.

This policy applies to individuals who create an Enclave Verify account, complete identity verification, and hold verification certificates; and to businesses and developers who integrate Enclave Verify through our API or dashboard.

If you are an end user verifying identity at the request of a business customer, that business may also process information about you under its own privacy policy. Enclave Verify facilitates verification on the user's device and delivers signed credentials to the requesting business only with the user's consent.

Account and profile information

• Email address and authentication identifiers (via Enclave Account)
• Account type (individual or business)
• For business accounts: business name, website, and intended use submitted during onboarding

Verification and certificate data

• Verification session metadata (timestamps, status, requested claims)
• Cryptographic certificate identifiers and signed claim results (for example, age_18_plus or identity_verified)
• Consent records showing what was requested and what the user approved
• Presentation logs when a certificate is shared with a business integration

Business integration data

• API keys and integration configuration
• User identifiers you provide when creating verification requests (such as an email or internal user ID)
• Webhook URLs and signed webhook delivery metadata

Billing information

We use Stripe to process usage-based billing. We store Stripe customer and payment method reference IDs. Full payment card details are held by Stripe and governed by Stripe's Privacy Policy. We do not store your card number.

Technical information

• IP address and request logs for security, abuse prevention, and infrastructure operations
• Device and browser information necessary to operate the verification flow

We also do not:

• Sell personal information to data brokers or advertisers
• Use verification data for behavioral advertising or cross-platform tracking
• Collect contact lists, GPS location, or browsing history outside the Service
• Require businesses to receive more claims than they request

We use the information we collect to:

• Create and manage Enclave Verify accounts
• Process identity verification and issue cryptographic certificates
• Deliver consent-scoped credentials to authorized business integrations
• Operate our API, webhooks, dashboard, and billing
• Prevent fraud, abuse, and unauthorized access
• Respond to support requests and legal obligations
• Improve the reliability and security of the Service

We do not sell personal information. We share information only in the following limited circumstances:

With your consent

When you consent to a verification request, we share the approved signed claims and related certificate metadata with the requesting business integration. You control what is presented.

Service providers

• Supabase — database, authentication, and backend infrastructure
• Stripe — payment processing and billing
• Vercel and Cloudflare — hosting, CDN, and security
• Enclave Account — shared authentication for Enclave products

Legal requirements

We may disclose information when required by law, valid legal process, or to protect the rights, property, or safety of Enclave Verify, our users, or the public. Because we do not retain raw ID document images, we cannot disclose document content we no longer hold.

Business transfers

In the event of a merger, acquisition, or sale of substantially all of our assets, your information may be transferred as part of that transaction. We will provide notice before your information becomes subject to a different privacy policy where required by law.

• Raw document data is not retained after verification processing
• Certificates can be revoked by the user at any time
• Each presentation is consent-scoped and logged
• Business integrations verify signatures cryptographically via our API

We retain account, certificate, and billing records for as long as your account is active or as needed to provide the Service. Raw document images are not retained after verification processing.

If you delete your account or request erasure:

• Profile and account data is deleted in accordance with our account erasure process
• Active certificates are revoked
• Security and billing logs may be retained for a limited period where required by law or for fraud prevention
• Stripe retains payment records under its own policies and legal obligations

Enclave Verify supports age-gating and consent-scoped verification workflows, including use cases governed by the Children's Online Privacy Protection Act (COPPA). The Service is not directed to children under 13 to create standalone accounts without appropriate parental involvement.

We do not knowingly collect personal information from children under 13 outside of verification flows initiated by a business with appropriate consent mechanisms. If you believe we have collected information from a child under 13 in violation of this policy, contact us at privacy@enclave.talk.

Depending on where you live, you may have the following rights regarding your personal information:

• Access — request a copy of the personal data we hold about you
• Correction — update inaccurate or incomplete information
• Deletion — request deletion of your account and personal data
• Portability — receive your data in a structured, machine-readable format
• Objection or restriction — object to or restrict certain processing
• Revocation — revoke certificate access and consent for future presentations

To exercise these rights, contact us at privacy@enclave.talk. We will respond within 30 days and may require identity verification before processing your request.

European users (GDPR)

If you are located in the European Economic Area, United Kingdom, or Switzerland, you have additional rights under the General Data Protection Regulation. Our legal bases for processing include contract performance, legitimate interests (security and fraud prevention), legal obligation, and consent where applicable.

You have the right to lodge a complaint with your local data protection authority. Data is primarily processed in the United States.

California residents (CCPA)

If you are a California resident, you have the right to know what personal information we collect and disclose, to request deletion, and to opt out of any sale of personal information. We do not sell personal information and do not discriminate against you for exercising your privacy rights.

To submit a CCPA request, contact privacy@enclave.talk.

We may update this Privacy Policy from time to time. We will post the revised policy on this page with an updated effective date and provide additional notice where required by law.

Your continued use of the Service after changes become effective constitutes your acceptance of the revised policy.

Privacy questions, data requests, and complaints should be directed to:

• Enclave Technologies LLC
• Hattiesburg, MS 39401
• Privacy: privacy@enclave.talk
• Legal: legal@enclave.talk
• Support: support@enclave.talk
• Website: https://verify.enclave.talk