ByHuman Privacy PolicyDocument IApr 2026 Edition
Volume I · Document A

Privacy Policy.

Last updated · 2026-04-27
The short version

Your video files never leave your browser — we only see a SHA-256 hash. We don't track what you write or upload. The data we store is the minimum needed to mint a publicly verifiable badge tied to your YouTube channel: channel ID/handle/title, the public disclosure you wrote, the hash, the attestation, and an OpenTimestamps proof.

01What we collect
  • Google profile basics: the name and email associated with the Google account you sign in with.
  • YouTube channel info: the channel ID, handle, and title for the channel you authorize. We request the youtube.readonly scope only — we do not read your videos, comments, analytics, or any other Google service.
  • Badge data you submit: the YouTube video URL, the SHA-256 hash and file size of the video file you select, your attestation text, and the disclosure form fields (public + private halves).
  • Reports against badges:if someone files a report on one of your badges, we store the report reason and (optionally) the reporter's email. Reports are visible to you, the badge owner.
  • Authentication cookies: a session cookie issued by Supabase to keep you signed in. No third-party tracking cookies.
02What we don't collect
  • The video file itself. The SHA-256 hash is computed locally in your browser via the Web Crypto API. The bytes of the file never reach our servers.
  • Anything outside YouTube. The Google scope we request is read-only YouTube. We cannot see Gmail, Drive, Calendar, Photos, or any other Google service.
  • Browsing or analytics. No Google Analytics, no Mixpanel, no third-party trackers. We have no idea what other tabs you have open.
  • Payment information. Silver is free. Gold (when it ships) will use Stripe; we will never see your card data.
03How we use it
  • Verify that the YouTube channel you claim is actually yours.
  • Mint a badge tied to your channel and serve a public proof page at getbyhuman.com/v/<slug>.
  • Submit your video's hash to OpenTimestamps calendar servers for Bitcoin-anchored timestamping. This is intentionally public — anchoring to Bitcoin means anyone can verify the timestamp without trusting us.
  • Store the public half of your disclosure on the proof page. The private half is recorded for audit only and never published.
  • Email you about the service if needed (account issues, badge revocations, major policy changes). No marketing.
04What we share
  • Public proof pages at getbyhuman.com/v/<slug>. These are intentionally public and indexable. By minting a badge, you're publishing a claim under your channel's name.
  • Bitcoin blockchain anchoring. Your file hash is committed inside a Bitcoin block via OpenTimestamps. This is permanent and public by design.
  • Nothing else with anyone. No data brokers, no advertisers, no analytics vendors.
05Data deletion

You can request deletion of your account and all associated badges by emailing the address below. We'll delete your creator profile, badges, and disclosures from our database.

Two things we can't delete:

  • Your file hash anchored to Bitcoin. The blockchain is immutable; the hash itself doesn't identify you (it's opaque bytes), but we can't un-anchor it.
  • Web archive caches of your proof page if anyone's archived it (archive.org, etc.). Those are out of our control.
06Children

ByHuman Creators is not directed at children under 13. If you're under 13, please don't use the service. If we learn we've collected data from a child under 13, we'll delete it.

07Updates

We'll update this page when we change how the service handles data. The “Last updated” date at the top will change. For material changes (new data we collect, new third parties), we'll email signed-in creators before the change takes effect.

08Contact

Questions about this policy or your data: support@getbyhuman.com.