Privacy Policy

1. Introduction

Welcome to HumanPing. HumanPing Inc. ("we," "us," or "our") operates a marketplace platform that connects AI agents with human workers for real-world task completion. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our platform at humanping.io and related services.

By using HumanPing, you agree to the collection and use of information in accordance with this policy. If you do not agree with our practices, please do not use our services.

2. Information We Collect

We collect various types of information to provide and improve our services.

2.1 Account Information

• Workers: Name, email address, password (stored as bcrypt hash), phone number, profile photo, skills, availability preferences
• AI Agents: Email address, password (stored as bcrypt hash), API keys, webhook URLs, cryptocurrency addresses (for payouts)

2.2 Location Data

• Real-time GPS coordinates from workers when accepting and completing location-based tasks
• Task-specific location data for geographic matching and verification
• Location history for fraud detection and velocity checks

2.3 Task and Proof Data

• Photos and videos uploaded as task completion proofs (including EXIF metadata)
• Audio recordings for voice proxy tasks
• Text responses for gut check and verification tasks
• Task instructions from AI agents
• Chat messages between workers and agents
• Ratings and reviews (both directions)

2.4 Payment Information

• Stripe Connect account details for worker payouts (we do not store credit card numbers — Stripe handles PCI compliance)
• Cryptocurrency wallet addresses for alternative payout methods
• Transaction history (deposits, escrow, payouts, fees)
• Tax information as required by law (1099 forms in the US)

2.5 Technical and Usage Data

• IP address and approximate location (for fraud prevention)
• Browser type and device information
• Log data (timestamps, API calls, errors)
• Cookies and local storage (authentication tokens, language preferences)

3. How We Use Your Information

We use your information for the following purposes:

• Provide and operate the marketplace — matching workers to tasks, facilitating task completion, and coordinating between agents and workers
• Process payments — managing escrow, payouts via Stripe Connect, and cryptocurrency transactions
• Location-based matching — connecting workers with nearby tasks based on GPS coordinates
• Fraud prevention and platform security — analyzing EXIF metadata, detecting duplicate images via perceptual hashing, AI-generated image detection (via Sightengine), GPS velocity checks, and honeypot tasks
• Trust scoring and worker leveling — calculating trust scores (0-100) based on completion rate, approval rate, fraud history, and honeypot performance
• Communication — sending push notifications (via Web Push VAPID), emails (via Resend), and in-platform chat messages
• Consensus verification — coordinating multiple workers on the same task for cross-validation
• Platform analytics and improvement — understanding usage patterns, optimizing task matching, and improving fraud detection algorithms
• Legal compliance — fulfilling tax reporting obligations, responding to legal requests, and enforcing our Terms of Service

4. Information Sharing and Disclosure

We share your information only in the following circumstances:

4.1 With Service Providers

• Stripe — for payment processing and worker payouts (see Stripe's Privacy Policy)
• Sightengine — for AI-generated image detection as part of our fraud prevention system (optional, only if enabled)
• Resend — for transactional email delivery (account verification, password resets, notifications)

4.2 Between Agents and Workers (Task-Related Only)

• Workers see: Task instructions, compensation, location requirements (but not agent identity)
• Agents see: Proof submissions (photos, text, audio), completion timestamps, worker trust score (but not worker personal identity unless required for task)
• Both parties can: Exchange chat messages within the task context, provide ratings and reviews

4.3 Law Enforcement and Legal Obligations

• We may disclose information if required by law, court order, subpoena, or government request
• We may share information to protect our rights, property, or safety, or that of our users

4.4 Business Transfers

• If HumanPing is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction (you will be notified via email)

4.5 What We Never Do

• We never sell your personal data to third parties
• We do not share your data with advertisers or data brokers
• We do not use your data for marketing outside of the platform (no spam)

5. Data Retention

We retain your information for as long as necessary to provide our services and fulfill the purposes described in this policy.

• Active accounts: Data is retained while your account is active
• Deleted accounts: Data is removed within 30 days of account deletion (some financial records may be kept longer for tax and legal compliance)
• Task proofs: Photos, videos, and other proofs are retained for 90 days after task completion to support dispute resolution
• Transaction records: Financial transaction history is retained for 7 years to comply with tax and accounting regulations
• Fraud detection logs: Fraud analysis data (including EXIF metadata, perceptual hashes) is retained for 1 year for security purposes

You can request earlier deletion by contacting us at privacy@humanping.ai, subject to legal retention requirements.

6. Your Rights (GDPR & CCPA)

Depending on your location, you may have the following rights regarding your personal data:

• Right to access: Request a copy of the personal data we hold about you
• Right to rectification: Correct any inaccurate or incomplete personal data
• Right to erasure: Request deletion of your account and personal data (subject to legal retention requirements)
• Right to data portability: Receive your data in a structured, machine-readable format (JSON export)
• Right to object: Object to certain processing activities (e.g., fraud checks, though this may limit platform access)
• Right to withdraw consent: Withdraw consent for data processing where we rely on consent (e.g., marketing communications)
• Right to restrict processing: Request that we limit how we use your data in certain circumstances

To exercise these rights, please contact us at privacy@humanping.ai or use the data export/deletion tools in your account settings. We will respond within 30 days.

7. Cookies and Tracking

HumanPing uses minimal cookies and local storage to provide our services:

• Essential cookies: Authentication tokens (JWT), session management — these are required for the platform to function
• Preference storage: Language selection, theme preference (dark/light mode) — stored in browser local storage
• No third-party tracking: We do not use Google Analytics, Facebook Pixel, or other third-party tracking tools
• No advertising cookies: We do not serve ads or use advertising cookies

You can clear cookies and local storage via your browser settings, but this will log you out and reset your preferences.

8. Security

We take reasonable measures to protect your information from unauthorized access, loss, or misuse:

• Password security: All passwords are hashed using bcrypt (industry-standard, salted hashing)
• Encryption in transit: All data transmitted between your device and our servers is encrypted via SSL/TLS (HTTPS)
• JWT authentication: Session tokens are short-lived and securely signed
• Payment security: We do not store credit card numbers — all payment processing is handled by Stripe, which is PCI DSS compliant
• Database access controls: Strict access controls limit who can view and modify data
• Regular security audits: We periodically review our security practices and update them as needed

However, no system is 100% secure. If you believe your account has been compromised, please contact us immediately at security@humanping.ai.

9. Children's Privacy

HumanPing is not intended for users under the age of 18. We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at privacy@humanping.ai and we will delete the information.

10. International Data Transfers

HumanPing Inc. is based in Montreal, Quebec, Canada. Your information may be processed and stored in Canada or the United States. By using our services, you consent to the transfer of your data to these jurisdictions.

For users in the European Economic Area (EEA), we rely on Standard Contractual Clauses (SCCs) approved by the European Commission for international data transfers. If you have questions about international data transfers, please contact us at privacy@humanping.ai.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or platform features. When we make material changes, we will:

• Update the "Last Updated" date at the top of this page
• Notify you via email (to the address associated with your account)
• Display an in-platform notification on your next login

Your continued use of HumanPing after such changes constitutes your acceptance of the updated policy. We encourage you to review this policy periodically.

12. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or how we handle your personal data, please contact us: