Privacy Policy

Last updated: July 18, 2026

What ProofSlip does

ProofSlip creates provider-backed release proofs and also operates a legacy API for short-lived workflow receipts. This policy covers the service at proofslip.ai.

Release proofs are public

Anyone with a proof URL can read the proof. This includes proofs created from private repositories. Before enabling ProofSlip in a private repository, review which GitHub claims and submitted labels will become public.

A release proof separates three categories:

The raw GitHub OIDC token is not stored or logged. Its token ID is stored only as a SHA-256 digest for replay protection.

Other data we collect

Retention

Data we do not collect

Service providers

Security

Traffic is encrypted with TLS. API keys and OIDC token IDs are one-way hashed before storage. Release creation verifies token signature, issuer, audience, time constraints, and required claims. Rate limits apply per key or source IP.

Your rights and deletion

You can request deletion of account data, release proofs, or other associated records by emailing hello@proofslip.ai. Include the relevant proof IDs or account email. We may request reasonable verification before deleting records.

Contact

hello@proofslip.ai

← proofslip.ai