Privacy Policy
Last updated: July 18, 2026
What ProofSlip does
ProofSlip creates provider-backed release proofs and also operates a legacy API for short-lived workflow receipts. This policy covers the service at proofslip.ai.
Release proofs are public
Anyone with a proof URL can read the proof. This includes proofs created from private repositories. Before enabling ProofSlip in a private repository, review which GitHub claims and submitted labels will become public.
A release proof separates three categories:
- Provider-verified issuer claims — repository and owner identity, repository visibility, ref, commit SHA, workflow reference, run ID and attempt, actor, event, and subject extracted from a GitHub Actions OIDC token.
- ProofSlip observations — optional deployment URL, HTTP status, response time, and observation timestamp.
- Submitted context — optional labels supplied by the workflow and displayed as unverified.
The raw GitHub OIDC token is not stored or logged. Its token ID is stored only as a SHA-256 digest for replay protection.
Other data we collect
- Legacy receipt data — type, status, summary, optional payload and references submitted through the receipt API.
- Email address — collected only when creating an API key for the legacy receipt API or requesting transactional email.
- API key metadata — one-way key hash, non-secret prefix, usage tier, creation time, and usage counters. Raw API keys are not retained after issuance.
- Operational request logs — timestamp, method, path, status, latency, request ID, associated API-key ID where applicable, and source IP supplied by the hosting platform. Request bodies and authorization tokens are not logged.
- Release-proof events — event type, timestamp, failure reason where applicable, repository visibility, and either a public repository slug or a SHA-256 digest for a non-public repository. These rows do not contain tokens, emails, IP addresses, or submitted payloads.
Retention
- Release proofs have a 90-day validity window. After 90 days they return HTTP 410 and are marked expired, but the full record remains publicly inspectable so it can show what was verified and when. V1 does not automatically delete expired proof records.
- Legacy receipts expire after at most 24 hours and are permanently removed by automated cleanup.
- Account and API-key records remain until deletion is requested or they are removed for security or operational reasons.
- Application logs are held by our hosting provider under the configured service retention period.
Data we do not collect
- No tracking cookies or client-side analytics scripts
- No advertising profiles
- No sale of personal data
- No deployment response bodies, response headers, certificates, or resolved IP addresses
Service providers
- Neon — PostgreSQL database hosting
- Vercel — application hosting, request handling, and operational logs
- Resend — transactional email delivery
- GitHub — OIDC issuer and public signing-key provider for GitHub Actions attestations
Security
Traffic is encrypted with TLS. API keys and OIDC token IDs are one-way hashed before storage. Release creation verifies token signature, issuer, audience, time constraints, and required claims. Rate limits apply per key or source IP.
Your rights and deletion
You can request deletion of account data, release proofs, or other associated records by emailing hello@proofslip.ai. Include the relevant proof IDs or account email. We may request reasonable verification before deleting records.