Privacy Policy

What we collect

SimplyHuman collects the minimum data needed to operate a verified-human social network:

• An anonymous identifier. When you verify with World ID, we generate a one-way hash that confirms you're a unique human. We never see your real-world identity.
• A one-way hash of your email address. At signup we ask for your email so we can let you recover access and link a new device when you re-verify with World ID. We never store the plaintext: we hash it under HMAC-SHA256 keyed by a server-side secret and store only the resulting fixed-length hash. The hash cannot be reversed to recover your email address. We retain the address itself only long enough to send a one-time verification code, then discard it.
• Your display name and handle. You choose these. They don't need to be your real name.
• Content you publish. Posts, comments, and any media you upload.
• Device key public keys. Your phone generates a hardware-backed key pair for signing content. We store the public key. The private key never leaves your device.
• Basic interaction data. Follows, likes, bookmarks, and notification preferences.

What we don't collect

This list matters more than the one above. SimplyHuman does not collect, store, or have access to:

• Your real name
• Your email address in plaintext (we store only a one-way hash — see above)
• Your phone number
• Biometric data of any kind
• Government-issued identification
• Your location
• Your contacts or address book

The World ID verification process produces a nullifier — a cryptographic value scoped to SimplyHuman. We use it once to generate your anonymous identifier, then discard it immediately. We never store the nullifier itself.

Content permanence

Every post on SimplyHuman produces a cryptographic manifest — a signed record of what was published, by whom, and when. This manifest includes fingerprints of the content (text and media hashes) but not the content itself.

If you delete a post, it is removed from feeds and your profile. However, the cryptographic manifest persists. This is by design: it's what makes SimplyHuman proofs trustworthy. A proof that can be erased isn't a proof.

We tell you this clearly before you publish your first post. You should understand this before using the platform.

Account deletion

You can delete your account at any time. Here's what happens:

• Removed: your profile, display name, handle, social graph (follows, followers), bookmarks, notification preferences, device keys, and all session data.
• Retained: your anonymous deduplication identifier is placed on a blocklist to prevent re-registration. This ensures the one-person-one-account guarantee holds even after deletion.
• Persistent: cryptographic manifests from published content remain per the permanence policy above. The manifests are tied to a pseudonymous identifier, not to a name or profile.

De-anonymization

De-anonymization on SimplyHuman is architecturally impossible.

We store no real names, government IDs, phone numbers, plaintext email addresses, or biometric data. The email address you provide at signup is hashed with a server-side secret and persisted only as a fixed-length hash; the plaintext is discarded after the verification code is sent. Your anonymous identifier (humanRootId) is a one-way hash — it cannot be reversed to a World ID nullifier, and nullifiers cannot be correlated across apps.

Even under a court order, SimplyHuman can confirm that a pseudonymous account belongs to a verified unique human, but it cannot identify which human. We don't have the information.

The only entity that could theoretically link a SimplyHuman account to a real-world identity is the World ID provider — and that linkage, if it exists at all, is outside SimplyHuman's control and subject to World ID's own privacy architecture.

This is not a policy promise. It is a structural guarantee. We can't reveal you because we don't have the data to reveal.

Third parties

SimplyHuman uses two external services:

• World ID — for human verification. World ID confirms you are a unique person without revealing who you are. Their privacy practices are governed by their own policy: worldcoin.org/privacy-notice.
• IPFS — for content integrity. Cryptographic manifests may be pinned to the InterPlanetary File System to provide tamper-evident, decentralized proof persistence. IPFS is a public network; pinned data is content hashes and signatures, not personal information.

We do not share your data with advertisers, data brokers, or analytics providers. SimplyHuman has no advertising and never will.

Cookies and tracking

SimplyHuman does not use tracking cookies, analytics scripts, or third-party trackers of any kind.

If you use the web client, we set minimal session cookies to keep you logged in. These are:

• httpOnly (not accessible to JavaScript)
• Secure (transmitted only over HTTPS)
• Scoped to simplyhuman.app

We don't track your browsing, build advertising profiles, or share session data with anyone.

Your data rights

Regardless of where you live, SimplyHuman respects the following rights:

• Access. You can request a copy of the data we hold about your account.
• Deletion. You can delete your account and all associated data, subject to the permanence constraints described above.
• Portability. You can export your content and account data in a standard format.
• Correction. You can update your display name, handle, and profile information at any time.

To exercise any of these rights, contact us using the information below.

Contact

For privacy questions, data requests, or concerns about how your information is handled:

Email: privacy@simplyhuman.app