Privacy Policy
HumanAuth lets humans approve AI-agent actions from their phone. To do that we collect the minimum we need to route an approval request to you and prove your decision. This page lists exactly what that is.
- Email address
You sign in with WorkOS AuthKit. WorkOS handles the sign-in itself; the HumanAuth platform stores the email address associated with your account.
- Account and device identifiers
A HumanAuth account identifier (human_id), a device identifier (device_id), and your device's model name, which is used as a human-readable label when your device is registered.
- Push notification tokens
A push token for your device so we can deliver approval requests to your phone. Delivery goes through the Expo push notification service.
- User content
Your approval and denial decisions, optional reasons you attach to a denial, responses you submit to collect forms sent by an agent, and notes you include when reporting abuse.
- Server logs
Our servers record standard request metadata — your IP address and User-Agent string — in server logs.
- The HumanAuth mobile app contains no analytics or tracking SDKs.
- We show no ads.
- We do not sell your data.
- We do not use your data to track you across other companies' apps or websites.
This marketing website (humanauth.ai) uses Google Analytics to measure aggregate site traffic. The mobile app does not.
We use three service providers to run HumanAuth. Each processes data only to provide its service to us.
- WorkOS
Authentication (sign-in)
- Expo push notification service
Notification delivery
- Cloudflare
Hosting and infrastructure
All data in transit is protected with TLS. Approval decisions are signed with an ed25519 key that is generated and stored on your device.
We keep your account data until you delete your account. Signed approval receipts are retained for integrity and audit purposes, so that past approvals remain verifiable. After you delete your account, these receipts keep only a pseudonymous account reference — needed to verify their original signature — and we sever its link to your email and identity by deleting your account record.
You can delete your account in the app (Settings → Delete account) or by following the steps on our account deletion page, which also covers what to do if you no longer have access to your device.
If we change this policy we will update it here and revise the effective date above.
Questions about this policy or your data: support@humanauth.ai