Privacy Policy

1. Introduction

Rial Labs, Inc. ("Rial," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile applications, APIs, SDKs, and related services (collectively, the "Services").

2. Information We Collect

2.1 Image Data

For verification services, we collect:

• Image Hashes (SHA-256): A cryptographic fingerprint of your image, not the image itself
• Cryptographic Signatures: Hardware-backed signatures proving device authenticity
• Zero-Knowledge Proofs: Mathematical proofs that reveal no sensitive information
• Verification Metadata: Timestamps, GPS coordinates (if enabled), device attestation results

For claims and submission services (e.g., TrueShot), we additionally collect:

• Actual Photos: When you submit photos through a claims workflow, the images are transmitted and stored to facilitate review by authorized parties (e.g., insurance adjusters)
• Submission Metadata: Claim identifiers, submission timestamps, and associated verification proofs

What we DO NOT collect (for verification-only services):

• The actual image pixels or visual content (unless part of a claims submission)
• Exact GPS coordinates (we use zone/region for privacy in ZK proofs)
• EXIF data beyond what's necessary for verification

2.2 Device Information

• Device model and operating system version
• Hardware attestation results (Secure Enclave, Android Keystore)
• App version and SDK version
• Device security status (rooted/jailbroken detection)

2.3 Account Information

• Email address (for authentication and communication)
• API keys (for developers)
• Usage statistics (number of verifications, API calls)
• Billing information (processed by third-party payment processors)

3. How We Use Your Information

• Verification Services: Generate and validate cryptographic proofs
• Device Attestation: Confirm hardware-backed security features
• Fraud Detection: Identify suspicious verification patterns
• Service Improvement: Enhance accuracy and performance

4. Data Sharing and Disclosure

We DO NOT sell your data. We do not sell, rent, or trade your personal information to third parties for marketing purposes.

We may share information with service providers (cloud hosting, payment processing), for legal requirements, or during business transfers.

5. Data Retention

• Cryptographic Proofs: Retained indefinitely for verification purposes
• Submitted Photos (Claims): Retained for the duration required by the requesting organization's policy, typically 90 days to 7 years depending on regulatory requirements
• Account Data: Retained while your account is active and for 30 days after deletion request
• Usage Logs: Retained for 90 days for security and debugging purposes

You may request deletion of your data at any time. Photos submitted through claims workflows may be subject to retention requirements set by the requesting organization.

6. Data Security

• Encryption: TLS 1.3 for data in transit, AES-256 for data at rest
• Hardware Security: Leveraging Secure Enclave (iOS) and Android Keystore
• Zero-Knowledge Proofs: Verification without data exposure
• Access Controls: Role-based access with principle of least privilege
• Photo Access: Submitted photos are only accessible to authorized parties (e.g., assigned adjusters) and Rial operations staff for support purposes

7. Your Privacy Rights

You have the right to access, download, and delete your data. California residents have additional rights under CCPA, and EU residents have additional rights under GDPR.

8. Contact Us

For privacy-related questions: privacy@riallabs.com