Skip to main content

Privacy Policy

1. Introduction

1.1 Purpose of This Policy

This Privacy Policy explains how HumanPass ("HumanPass," "we," "our," or "us") handles information relating to your use of our website www.humanpass.world (the "Site"), our protocol, applications, and related services (collectively, the "Services"). It describes what information we may collect, how that information is used, how it is safeguarded, and what rights you may have under applicable data protection laws such as the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).

1.2 About HumanPass

HumanPass is a cross-chain human identity and reputation framework that enables verified human identity across multiple blockchain environments. Built on World Chain's Proof of Personhood, HumanPass creates a privacy-preserving human reputation layer for the open web. Our system is designed to verify your human uniqueness while preserving your privacy and giving you control over your digital identity.

1.3 Scope

This Privacy Policy applies to:

  • Visitors to the HumanPass Site
  • Users of the HumanPass World Mini App
  • Users of the HumanPass Web Portal
  • Individuals engaging with HumanPass through official communication channels

This Privacy Policy does not apply to:

  • Third-party wallets, decentralized applications (dApps), or blockchains that may interface with HumanPass
  • External websites, platforms, or services that may be linked from our Site

2. Definitions

For the purposes of this Privacy Policy:

  • "Personal Data" means any information relating to an identified or identifiable natural person, including but not limited to names, identification numbers, location data, online identifiers, or factors specific to physical, physiological, genetic, mental, economic, cultural, or social identity. Under GDPR and certain other laws, IP addresses and cookie identifiers may also be considered Personal Data.
  • "Non-Personal Data" refers to information that does not identify you as an individual, such as aggregated analytics, device types, or anonymized technical logs.
  • "Protocol Data" refers to cryptographic proofs, Soulbound Tokens (SBTs), Human Identity Score (HIS) data, and related information generated when interacting with the HumanPass protocol.
  • "Site Data" refers to technical information automatically collected when you visit our Site, such as IP address, browser type, and cookies.
  • "World Mini App Data" refers to information collected through the HumanPass application within the World App ecosystem.
  • "Processing" means any operation performed on data, whether automated or not, including collection, storage, use, disclosure, or deletion.
  • "Services" means the HumanPass Site, protocol, applications, and official community engagement channels.

3. Core Privacy Principles

HumanPass is built on the philosophy of privacy by design. The following principles govern our approach to handling information:

3.1 Privacy by Default

HumanPass follows a privacy-first model. All calculations are performed through HumanPass servers to ensure accuracy and reward distribution, but no private data, messages, or credentials are stored. World ID, wallet, and social verification data are converted into encrypted or hashed proof values, used solely for attestation and cross-chain reference.

3.2 Minimal Collection

HumanPass collects only the information necessary to provide our services. We do not collect, process, or store personal identity documents, financial records, healthcare data, or other sensitive user data beyond what is strictly necessary for verification purposes.

3.3 User Control

Users control their identity data and decide when and where to use their verified status. HumanPass provides the tools for verification but respects user autonomy in how that verification is utilized.

3.4 Transparency and Accountability

We are committed to clear communication about what information is collected, why it is processed, and how it is protected. Where applicable, we comply with GDPR, CCPA, and other data protection obligations.

4. Information We Collect

HumanPass is designed to minimize data collection while providing a robust human verification system. We distinguish between several categories of information:

4.1 Protocol Data

  • World ID Verification: When you verify your human uniqueness via World Chain's World ID, verification data is hashed and stored in a format that allows reference by other connected chains.
  • Soulbound Tokens: When you link your EVM wallet, HumanPass mints a Soulbound Token (SBT) to that address. This token is non-transferable and represents the wallet's verified human status.
  • Human Identity Score: Your Human Identity Score (HIS) is calculated based on verification level, linked accounts, and ecosystem engagement.

4.2 Site Data

When you access our Site, limited technical information may be automatically collected, which may be considered "personal data" under applicable laws:

  • IP address and approximate geolocation
  • Browser type, version, and language settings
  • Operating system and device information
  • Date, time, and duration of visits
  • Referring URLs and clickstream activity
  • Cookie identifiers or equivalent technologies

This data is collected primarily for security, operational, and analytical purposes.

4.3 World Mini App Data

When you use the HumanPass World Mini App, we may collect:

  • World ID information for authentication purposes
  • Social account connections (Twitter/X, Telegram) for verification
  • Device information necessary for app functionality

4.4 Community and Voluntary Data

If you choose to interact with HumanPass through official communication channels, we may collect information you voluntarily provide:

  • Email communications: When you contact us via email, we collect your email address and the content of your message.
  • Community participation: If you join HumanPass-managed channels (e.g., Discord, Telegram), we may collect your username, account identifier, and any information you voluntarily disclose.
  • Support requests: Information provided when seeking technical support or assistance.

4.5 Sensitive Data

  • HumanPass does not knowingly collect "special categories of data" under GDPR (such as racial or ethnic origin, political opinions, religious beliefs, biometric data, or health data) except where strictly necessary for verification purposes.
  • If you voluntarily disclose such information in a community forum or event, it will be processed only to the extent necessary for that interaction and at your discretion.

4.6 Anonymized and Aggregated Data

  • We may aggregate data in a way that no longer identifies individual users.
  • Aggregated data may be used for analytics, protocol improvement, or reporting purposes.

5. How We Use Information

HumanPass applies a principle of minimal processing. Information is collected and used strictly for limited purposes aligned with protocol operation, website maintenance, and community engagement.

5.1 Protocol Data

We use Protocol Data to:

  • Verify your human uniqueness across blockchain environments
  • Create and manage your Soulbound Token (SBT)
  • Calculate and update your Human Identity Score (HIS)
  • Enable cross-chain identity verification

5.2 Site Data

We may use technical Site Data for the following purposes:

  • Site operation: To provide core functionality of the Site and ensure availability of resources.
  • Security: To detect, investigate, and prevent fraudulent activity, abuse, or unauthorized access.
  • Analytics and improvement: To analyze aggregated usage patterns, monitor traffic, and improve Site performance.
  • Legal compliance: To comply with obligations under applicable law, including log retention for security purposes.

5.3 World Mini App Data

We use World Mini App Data to:

  • Authenticate your identity through World ID
  • Connect and verify your social accounts
  • Display your verification status and Human Identity Score
  • Process authentication requests from the web application

5.4 Community and Voluntary Data

We may use community and voluntary data to:

  • Respond to inquiries, support requests, or feedback
  • Communicate important updates or changes to our Services
  • Manage participation in community programs
  • Enforce community standards and prevent abuse

5.5 Exclusions

  • We do not use collected information for targeted advertising or profiling.
  • We do not sell or monetize user data.

Where GDPR applies, HumanPass processes information under one or more of the following legal bases:

  • When you voluntarily provide information or connect social accounts, you consent to the processing of the information you provide.
  • You may withdraw consent at any time by contacting us at contact@humanpass.world.

6.2 Legitimate Interests

  • We may process limited Site Data, such as IP addresses and log files, to operate, secure, and improve our Site.
  • This processing is balanced against your privacy rights and is performed only where necessary to maintain functionality and security.
  • We may retain or disclose information where required to comply with applicable laws, regulations, or governmental requests.
  • This may include server log retention for cybersecurity compliance or responding to lawful requests by regulators.

6.4 Contractual Necessity

  • Processing of certain information may be necessary to fulfill our obligations to you under our Terms and Conditions.

7. Cookies and Tracking Technologies

7.1 What Are Cookies

Cookies are small text files placed on your device when you access websites. They allow websites to recognize your browser, remember preferences, and analyze traffic. In addition to cookies, we may use similar technologies such as local storage or tracking pixels.

7.2 How We Use Cookies

HumanPass uses cookies and related technologies in a limited manner. These technologies help us:

  • Ensure the basic functionality and security of the Site.
  • Understand how the Site is used through aggregated analytics.
  • Improve user experience by remembering certain preferences.

HumanPass does not use cookies for behavioral advertising or cross-site tracking.

7.3 Categories of Cookies

CategoryPurposeExamples of Data CollectedRetention PeriodCan You Disable?
EssentialRequired for the Site to function properlySession ID, security tokensSession onlyNo (required for operation)
FunctionalEnhance usability by remembering preferencesLanguage settings, display preferencesUp to 12 monthsYes
AnalyticsProvide insights on Site usageAnonymized IP, page viewsUp to 24 monthsYes
PerformanceMonitor errors and load timesError logs, browser informationUp to 12 monthsYes

7.4 Managing Cookies

You can manage or disable cookies through your browser settings. Please note that disabling certain cookies may affect Site functionality.

8. Information Sharing and Disclosure

HumanPass does not sell or rent your information to third parties. Information may only be disclosed under the following limited circumstances:

8.1 Service Providers

We may engage trusted third-party service providers to support the operation of our Site and Services. These providers may have access to limited data strictly for the purpose of performing services on our behalf, such as:

  • Hosting and cloud infrastructure providers
  • Analytics and performance monitoring services
  • Communication and support tools

All service providers are contractually bound to use the information solely for the intended purpose and to apply appropriate security measures.

We may disclose information when required to comply with applicable laws, regulations, legal processes, or enforceable governmental requests. Examples include:

  • Responding to law enforcement requests supported by lawful authority
  • Retaining server logs for cybersecurity or regulatory compliance
  • Meeting obligations under financial, tax, or anti-abuse frameworks applicable to HumanPass operations

8.3 Business Transfers

In the event of a merger, acquisition, or corporate restructuring involving HumanPass, relevant information may be transferred as part of the transaction, subject to equivalent privacy safeguards and this Policy.

8.4 Protection of Rights

We may disclose information if we believe it is reasonably necessary to:

  • Protect the safety, rights, or property of HumanPass, our users, or the public
  • Detect, prevent, or otherwise address fraud, security issues, or misuse of our Services

9. Data Retention

HumanPass follows a principle of data minimization and retains information only for as long as necessary for the purposes described in this Policy.

9.1 Protocol Data

  • Protocol Data such as Human Identity Score calculations and verification status is retained as long as necessary to provide our Services.
  • Soulbound Tokens (SBTs) exist on the blockchain and remain there permanently as part of the decentralized ledger.

9.2 Site Data

  • Technical logs (such as IP addresses and error logs) are retained only for security, troubleshooting, and analytics purposes.
  • Typical retention period is up to 90 days, after which data is either deleted or aggregated/anonymized.

9.3 Community and Voluntary Data

  • Contact information provided for support or community programs is retained until you request deletion or as long as necessary to provide the requested services.
  • Communication records may be retained for a reasonable period to ensure continuity of service.
  • In certain cases, we may be legally required to retain limited information for a longer period (for example, to comply with applicable accounting, taxation, or regulatory obligations).
  • When retention is no longer required, data will be securely deleted or anonymized.

10. International Data Transfers

HumanPass operates globally. As such, technical and community-related data that we collect may be processed or stored in jurisdictions outside of your country of residence.

10.1 Data Locations

  • HumanPass infrastructure may be hosted in multiple regions, including the European Union, the United States, and Asia-Pacific.
  • Data may be accessed by authorized personnel or service providers located in different jurisdictions for the purposes described in this Policy.

Where GDPR applies, and data is transferred outside the European Economic Area (EEA), we implement appropriate safeguards, which may include:

  • Standard Contractual Clauses (SCCs) approved by the European Commission.
  • UK Addendum to SCCs for data transfers from the United Kingdom.
  • Additional technical and organizational measures such as encryption and access restrictions.

10.3 User Acknowledgment

By using our Site or Services, you acknowledge that your information may be transferred and processed outside your country of residence, subject to the safeguards described in this Policy.

11. User Rights

HumanPass recognizes that users may have certain rights under applicable data protection laws, particularly the GDPR (European Union / EEA residents) and the CCPA (California residents).

11.1 GDPR Rights

If you are located in the European Union, EEA, or Switzerland, you may have the following rights:

  • Right of Access: To request a copy of the data we hold about you.
  • Right to Rectification: To request correction of inaccurate or incomplete data.
  • Right to Erasure ("Right to be Forgotten"): To request deletion of data where there is no lawful basis for retention.
  • Right to Restriction of Processing: To request a temporary halt on processing under certain conditions.
  • Right to Data Portability: To request a copy of data in a machine-readable format for transfer to another provider.
  • Right to Object: To object to processing based on legitimate interests.
  • Right to Withdraw Consent: Where processing is based on consent, you may withdraw it at any time.

11.2 CCPA Rights

If you are a resident of California, you may have the following rights:

  • Right to Know: To request information about the categories and specific pieces of personal information collected.
  • Right to Delete: To request deletion of personal information, subject to certain exceptions.
  • Right to Opt-Out: To opt out of the sale or sharing of personal information (note: HumanPass does not sell personal data).
  • Right to Non-Discrimination: To be free from discrimination for exercising your CCPA rights.

11.3 Exercising Your Rights

You may exercise your rights by contacting us at: Email: contact@humanpass.world

We may need to verify your identity before fulfilling your request. We will respond within the time frames required by applicable law (for example, 30 days under GDPR).

11.4 Limitations

  • Certain rights may be limited where they conflict with legal obligations, public interest, or the rights of others.
  • For blockchain-based data such as Soulbound Tokens (SBTs), technical limitations may affect our ability to modify or delete information once recorded on the blockchain.

12. Children's Privacy

12.1 Age Restrictions

Our Services are not directed to, and should not be used by, individuals under the age of 18. We do not knowingly collect personal information from children.

If we become aware that we have inadvertently collected personal information from a child without appropriate parental or guardian consent, we will take immediate steps to delete such information.

12.3 User Responsibility

By accessing or using the Services, you represent that you are at least 18 years of age or that you are accessing the Services under the supervision of a parent or guardian who agrees to this Privacy Policy.

13. Data Security

HumanPass is committed to protecting the integrity and confidentiality of the information we handle. Our approach combines technical safeguards, organizational measures, and user education.

13.1 Technical Measures

  • Encryption: All traffic between your browser and our Site is secured via TLS encryption.
  • Access Controls: Internal access to data is strictly limited to authorized personnel.
  • Monitoring: We use monitoring systems to identify and mitigate threats.
  • Data Minimization: We collect and retain only the minimum amount of data necessary to operate our Services.

13.2 Organizational Measures

  • Confidentiality: All team members and service providers with access to data are bound by confidentiality obligations.
  • Training: Staff with access to user-related data receive training on data protection practices.
  • Vendor Management: Third-party service providers are vetted for compliance with security and privacy standards.

13.3 User Responsibilities

  • Wallet Security: Users are responsible for safeguarding their wallet credentials and private keys.
  • Device Security: Users should take appropriate steps to secure their devices, including using strong passwords and enabling system-level protections.
  • Account Management: Users should protect their World ID and connected social accounts.

13.4 No Absolute Guarantee

While we employ industry-standard measures to secure information, no system can guarantee complete security. Users acknowledge that the use of the internet carries inherent risks, and HumanPass cannot fully eliminate those risks.

Our Site may contain links to third-party websites, applications, or services that are not owned or controlled by HumanPass. HumanPass is not responsible for the privacy practices or content of such external sites. We encourage you to review the privacy policies of any third-party services you access.

14.2 Wallets and dApps

Your interaction with wallets, decentralized applications (dApps), or blockchain networks through the Services is governed by the terms and policies of those third parties. HumanPass does not control or assume liability for how they process your data or execute transactions.

14.3 World ID and Social Platforms

HumanPass relies on World ID for Proof of Personhood verification and social platforms for account linking. HumanPass is not responsible for the availability, accuracy, or policies of these third-party services.

14.4 Analytics and Hosting Providers

We may use third-party providers for analytics or hosting infrastructure. These providers may collect or process limited technical information as described in Section 4. Such processing is subject to contractual safeguards and the providers' own privacy policies.

15. Changes to This Policy

15.1 Right to Modify

We may update or amend this Privacy Policy from time to time to reflect:

  • Changes in legal or regulatory requirements
  • Evolving industry standards and best practices
  • Updates to our technology, Services, or governance structure

15.2 Notification of Changes

  • Material changes will be communicated prominently on the Site prior to their effective date.
  • Where legally required, we will obtain your consent before implementing changes that materially affect how we handle your personal data.

15.3 Effective Date of Updates

Each revised version of this Privacy Policy will be identified by its effective date, which will be updated at the top of the document.

15.4 Archival of Previous Versions

To ensure transparency, HumanPass may maintain an archive of prior versions of this Privacy Policy, which will be available upon request.

16. Contact Information

If you have any questions, requests, or concerns regarding this Privacy Policy or HumanPass's data handling practices, you may contact us using the following details:

Email: contact@humanpass.world

Conclusion

HumanPass is designed with privacy by default at its core. Our cross-chain human identity and reputation framework enables verified human identity while preserving your privacy. We are committed to transparency, compliance, and security in our data handling practices.

By setting clear limits on the information we collect, applying strong legal and technical safeguards, and honoring user rights under frameworks such as GDPR and CCPA, we aim to ensure that HumanPass not only advances the future of human verification but also upholds the fundamental right to privacy.

Last Updated: November 4, 2025