Privacy Policy

Pocket Proof — Privacy Addendum

Effective Date: 11 February 2026 · Last Updated: 29 March 2026

This addendum supplements the Dignity Labs Base Privacy Policy. It details what data Pocket Proof specifically collects and how it is handled.

PP1. Our Core Principle

Pocket Proof is 100% local. There are no accounts, no cloud storage, no network calls, and no backend. Your recordings never leave your device unless you explicitly choose to share them. Dignity Labs Ltd has no access to your data.

PP2. Data Architecture

Characteristic	Detail
Accounts	None. No sign-in, no registration.
Cloud storage	None. All data on your device only.
Network calls	None during normal operation. RevenueCat SDK validates subscriptions (see PP10).
Backend servers	None. Dignity Labs does not operate servers for Pocket Proof.
Data processor	None. We do not process your data.

PP3. Data Captured by the App

When you use Pocket Proof, the following data is captured and stored on your device only:

Data Type	When Captured	Storage	Leaves Device?
Video recording	When you record video	Device filesystem	Only if you share
Photo	When you take a photo	Device filesystem	Only if you share
Audio	When you record audio (standalone or with video)	Device filesystem	Only if you share
SHA-256 hash	Immediately on capture	JSON metadata on device	Only if you share
GPS coordinates	At moment of capture	JSON metadata on device	Only if you share
GPS accuracy	At moment of capture	JSON metadata on device	Only if you share
Timestamp	At moment of capture	JSON metadata on device	Only if you share
Device make and model	At moment of capture	JSON metadata on device	Only if you share
Operating system	At moment of capture	JSON metadata on device	Only if you share
Hashed device ID	At moment of capture	JSON metadata on device	Only if you share
Chain of custody log	On every action (capture, view, export, share, delete)	JSON metadata on device	Only if you share
Evidence notes	When you add notes to a recording	JSON metadata on device	Only if you share
Evidence stamp name	When Pro user enables stamp	JSON metadata on device	Only if you share

PP4. Data Stored Only on Your Device

In addition to your recordings, the following is stored on-device only:

Your PIN (hashed, in secure hardware storage)
Your biometric preference
App settings (theme, haptic, auto-delete period, evidence stamp preferences)
Onboarding completion state
Encryption key for contact data (derived from PIN, in secure hardware storage)
Trusted contact names and phone numbers (Pro, encrypted on device)
Subscription status cache
Trial start timestamp (in secure hardware storage)
Active template session progress

PP5. Information We Do NOT Collect

Dignity Labs Ltd does not collect, receive, process, store, or have access to:

Your recordings (video, photo, audio)
Your metadata (hashes, GPS, timestamps, device info)
Your chain of custody logs
Your PIN or biometric data
Your name, email, phone number, or any personal identifier
Your contacts list
Your location (GPS is captured by the App on-device; we never receive it)
Your browsing history
Advertising identifiers
Any analytics or usage data (Pocket Proof has no analytics)

We literally cannot see your data. There is no technical pathway for your Pocket Proof data to reach us.

PP6. Permissions

Pocket Proof requests the following device permissions:

Permission	Purpose	Required?
Camera	Record video and take photos	Yes (core function)
Microphone	Record audio with video and standalone audio capture	Yes (core function)
Location (foreground)	Tag captures with GPS coordinates	Optional — enhances evidence

We do not request access to your contacts, photos library, calendar, or any other data on your device. Location permission is requested for all users and only while the App is in use (foreground only).

PP7. What Happens When You Share

When you export or share a recording from Pocket Proof:

The recording and its metadata leave the App via your device's standard sharing functionality (e.g., AirDrop, email, messaging apps)
Dignity Labs Ltd has no involvement in, visibility of, or control over this sharing
Once shared, the recipient has the recording and its metadata
The chain of custody log within the App records that a share action occurred, but does not track what happens to the file after it leaves the App
You are solely responsible for who you share with and how shared recordings are used

PP8. Encryption

Pocket Proof uses AES-256-GCM encryption to protect sensitive data stored on your device, such as trusted contact details. The encryption key is derived from your PIN and stored in your device's secure hardware (iOS Keychain / Android Keystore). Dignity Labs Ltd does not have access to the encryption key or the encrypted data. Evidence recordings and metadata are stored unencrypted on your device's filesystem, protected by your PIN and device security. If you lose your device or forget your PIN, encrypted data cannot be recovered.

PP9. Trusted Contacts (Pro Feature)

Trusted contacts are names and phone numbers you enter manually into the App for quick sharing. They are stored on your device only, encrypted with AES-256-GCM, and are never transmitted to any server. They are not synced with your device's address book. Deleting the App or clearing App data deletes your trusted contacts permanently.

PP10. Third-Party Services

Pocket Proof uses no third-party services for evidence storage or processing. The following third-party services are involved in app distribution and subscription management:

Service	Purpose	Data Involved
Apple App Store / Google Play Store	App distribution and payments	Managed by Apple/Google, not by us
RevenueCat	Subscription management and purchase validation	Purchase tokens, subscription status, and a one-way hashed device identifier for fraud prevention. No personal information, no evidence data, no location. See RevenueCat Privacy Policy.

There is no Supabase, no analytics service, no crash reporting, and no ad network.

PP10A. Diagnostic Reports

Pocket Proof includes a diagnostic report feature accessible by tapping the version number five times in Settings. This generates a report containing device information, app permissions, security status, storage statistics, and error logs. The report is shown to you in full before sending. It is sent via your device's email app — Dignity Labs does not receive it unless you choose to email it to us. No diagnostic data is collected automatically.

PP11. Data Retention and Deletion

Data Type	Retention
Free tier recordings	Auto-deleted after 24 hours
Pro recordings	Retained until you delete them or configure auto-delete
App settings	Deleted when you uninstall the App
PIN	Deleted when you uninstall the App
Trusted contacts	Deleted when you uninstall the App

To delete all Pocket Proof data: Uninstall the App. Since all data is on your device and Dignity Labs holds none, uninstalling permanently deletes everything. There is no server-side data to request deletion of.

PP12. Data Breach

Because Pocket Proof stores no data on any server, a breach of Dignity Labs infrastructure would not affect your Pocket Proof data in any way. Your recordings, metadata, and settings exist only on your device.

PP13. GDPR and Your Rights

Your GDPR rights are set out in the base Privacy Policy. In practice, because Pocket Proof collects and stores no personal data on our servers, many of these rights (access, rectification, erasure, portability) are satisfied by the fact that we hold no data about you. If you contact us to exercise a right, we will confirm that we hold no Pocket Proof data.

PP14. Summary

Question	Answer
Do you collect my data?	No. We have no access to your Pocket Proof data.
Where are my recordings?	On your device only.
Do you use cloud storage?	No.
Can you recover my recordings?	No. We don't have them.
Does sharing go through your servers?	No. Sharing uses your device's standard sharing.
Do you track me?	No. There are no analytics in Pocket Proof.
What happens if I uninstall?	All data is permanently deleted. We hold nothing.

This addendum was last updated on 29 March 2026.