What we collect
When you sign up, we collect your name, company name, and email address. When you use the HUMA API, we record aggregated verification counts (human/bot result, confidence score, and your internal user ID) tied to your API key. We never collect or store personal information about your end users beyond these aggregated signals.
Behavioral signals
HUMA's JavaScript snippet (huma.js) collects anonymous behavioral signals in the browser: mouse movement patterns, keyboard timing intervals, scroll behavior, and click patterns. These signals are analyzed in real time to produce a human confidence score. Raw signals are never stored — only the final score and result are recorded.
How we use your data
We use your email address to send your API key, account notifications, and usage alerts. We use verification data to calculate and display your dashboard statistics. We do not sell, rent, or share your data with third parties except as required by law.
Data retention
Verification records (result + confidence score) are retained for 12 months and then automatically deleted. Your account data is retained until you request deletion. To delete your account, email team@humaverify.com.
Third-party services
We use Supabase for data storage, Stripe for payment processing, and Resend for transactional emails. Each service has its own privacy policy. We do not use advertising trackers or analytics pixels.
Security
All data is transmitted over HTTPS. API keys are stored as plaintext identifiers (not passwords). We recommend rotating your API key periodically from your dashboard.
Contact
Questions about this policy? Email us at team@humaverify.com. We'll respond within 2 business days.