Proof: Evidence Vault ยท Effective March 31, 2026
The short version: Proof stores your evidence on your device. We collect no analytics and have no advertising. The only data that ever touches our server is the minimal metadata needed for the optional acknowledgement feature. When used, acknowledgers provide their name and email address for identity verification โ this is stored as part of the verifiable acknowledgement record.
Proof: Evidence Vault ("Proof," "we," "our") is an iOS application developed and published by James Cuadros. You can reach us at me@jamescuadros.com.
We do not collect, store, or transmit:
Proof requires no account and has no login. We have no way to identify you as a user.
All proof records โ including photos, videos, scanned documents, notes, timestamps, GPS coordinates, and cryptographic hashes โ are stored locally on your device only, using Apple's SwiftData framework. This data never leaves your device unless you explicitly choose to share or export it.
If you receive a .proofvault file shared by another Proof user and import it into the app, the records contained in that file โ including any acknowledgement metadata (acknowledger name, email, and timestamp) present in the file โ are stored locally on your device only. Received records are marked read-only and cannot be re-submitted to our server.
| Permission | Why It's Needed | Data Leaves Device? |
|---|---|---|
| Camera | Capture photos, videos, and document scans as evidence | No |
| Photo Library | Import existing photos or videos from your library | No |
| Location (While Using) | Geotag evidence records with GPS coordinates at capture time | No โ stored on-device only |
| Notifications | Alert you when a recipient acknowledges your shared proof | Device token only โ see Section 6 |
All permissions are optional. The app will function without any of them โ records simply won't include the data that permission would have provided.
If you enable iCloud Backup within the app (Proof Plus and Pro only), your proof records are backed up to your personal iCloud account โ not to any server we operate. This backup is governed by Apple's Privacy Policy. We cannot access your iCloud data.
iCloud Backup is off by default and must be explicitly enabled by you.
Proof Plus and Pro include an optional acknowledgement feature: you can generate a secure link and ask a recipient to confirm receipt of your evidence record with a legally binding electronic signature under the E-SIGN Act.
What the Sender's device sends to our server when generating an acknowledgement link:
What the Acknowledger provides when confirming receipt:
What is recorded as part of the acknowledgement:
This information is stored on our server to provide a verifiable, tamper-evident record of the acknowledgement. It forms part of the Certificate of Evidence that the sender can export. The acknowledger's email address is used solely for OTP delivery and as part of the identity record โ it is never used for marketing or shared with third parties.
What is never sent to our server:
Acknowledgement records expire and are deleted from our server 30 days after creation if not acknowledged. Completed acknowledgement records are retained indefinitely as they form part of the evidentiary record. To request deletion, contact us (see Section 15).
If you grant notification permission, Proof uses Apple's Push Notification service (APNs) to alert you when a recipient acknowledges your shared proof. Your APNs device token is stored on our server only in association with the specific proof record it was submitted with, and is used solely to deliver that notification. It is not shared with any third party and is deleted when the acknowledgment record expires.
You can revoke notification permission at any time in iOS Settings. This does not affect acknowledgment records already created.
When you share a proof record as a PDF, image, or .proofvault file via AirDrop, Files, text, or email, you are using iOS's standard share sheet. The data you choose to share is sent directly from your device to the recipient. We are not a party to that transfer and do not receive a copy.
The .proofvault format bundles one or more proof records โ including their media files, metadata, and any acknowledgement information โ into a single exportable file. You control what you share and with whom. Recipients who import a .proofvault file into Proof will have its contents stored locally on their device; that data does not pass through our servers.
Proof uses SHA-256 hashing (via Apple's CryptoKit) to generate tamper-evident fingerprints of your records. This is a one-way mathematical function โ no encryption keys are generated, no data is encrypted or sent anywhere, and the hash cannot be reversed to recover your original data.
Proof offers optional one-time purchases (Proof Plus and Proof Pro) through Apple's App Store. All payment processing is handled entirely by Apple. We do not see, store, or process any payment or financial information. Purchase status is stored locally on your device by Apple's StoreKit framework.
Proof does not integrate any third-party analytics, advertising SDKs, or tracking frameworks. The following services are used for specific features:
| Service | Purpose | Data Shared |
|---|---|---|
| Apple App Store | App purchase and distribution | Governed by Apple's Privacy Policy |
| Apple iCloud | Optional backup, stored in your own account | Your proof vault โ stored in your iCloud, not ours |
| Apple Push Notification service (APNs) | Delivers acknowledgement notifications to your device | Device push token only |
| FreeTSA (freetsa.org) | RFC 3161 trusted timestamp for each sealed proof | SHA-256 hash only โ no personal data |
| OpenTimestamps | Bitcoin blockchain hash anchoring | SHA-256 hash only โ no personal data |
| SendGrid (Twilio) | Sends OTP verification emails to acknowledgement recipients | Acknowledger email address and OTP code only. SendGrid Privacy Policy |
Proof is not directed at children under 13. We do not knowingly collect any personal information from children. Because Proof collects no personal data from any user, there is no special risk to minors.
All evidence data lives on your device โ you are in full control. To delete a proof record, swipe to delete within the app. To delete all data, uninstall the app. We have no copy of your photos, videos, or notes and cannot restore them once deleted.
Acknowledgment records on our server expire after 30 days if unacknowledged. To request early deletion of an acknowledgment record, contact us at me@jamescuadros.com with the proof hash and we will remove it promptly.
If we make material changes to this privacy policy, we will update the "Effective" date above and post the revised policy at this URL. We encourage you to review this page periodically.
Questions or concerns? We'd love to hear from you:
James Cuadros
me@jamescuadros.com