Privacy Policy

GuyID Inc. — Ottawa, Canada·Last updated: March 16, 2026·PIPEDA Compliant

Our privacy commitment

We never store government ID images. We never sell your data. Numeric trust scores are internal — only tier names are shown publicly. Voice vouch recordings are controlled by the voucher. Profile view analytics use anonymous session hashes — never raw IP addresses.

1. Who we are

GuyID Inc. ("GuyID", "we", "us", or "our") is a Canadian corporation headquartered in Ottawa, Ontario, Canada. GuyID operates a trust verification platform that enables users to build and share verified trust profiles for dating and personal safety. This Privacy Policy applies to all users of guyid.com and its associated services. GuyID complies with the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable Canadian privacy laws.

2. Data we collect

We collect the following types of information when you use GuyID: Account information: Full name, username, email address, date of birth, gender (optional), city and province/state (optional), and password (encrypted). Profile information: Profile photo, social media connections (LinkedIn, Google, Facebook, Instagram), height (optional), and extended profile fields you choose to provide. Verification data: Verification status, verification type (basic or enhanced), verification date, liveness check result, age confirmation result, and IP analysis result. We do NOT store government ID images — these are processed by our verification partner (Didit) and immediately discarded. Vouch data: Text vouches, voice vouch audio recordings (stored in encrypted cloud storage), voucher name, relationship type, duration of relationship, character traits, and superpower selections. Profile view analytics: Anonymous view counts, viewer session data (heartbeat pings, section visibility, scroll depth, device type, referral source). Viewer IP addresses are never stored — only SHA-256 hashed session identifiers. Self-views are excluded. Subscription data: Subscription status, billing period, and Stripe customer ID. Full payment details are processed and stored exclusively by Stripe — we never see or store your credit card number. Usage data: Log data, device information, browser type, and interaction with our service.

3. Voice vouch recordings

GuyID allows users to submit voice vouch recordings (5–60 seconds) as part of the vouch process. These recordings are: • Stored in encrypted cloud storage (Supabase Storage) with public read access for playback on trust profiles • Only playable on Premium subscribers' public profiles — free users' voice vouches are stored but locked from public playback • Controlled by the voucher — they can re-record or remove their voice note before submitting • Retained as long as the associated vouch is active on the platform • Deleted when the vouch is deleted or the vouchee's account is closed Voice vouches are voluntary. Vouchers are informed that their recording will be associated with their vouch and may be played on the vouchee's public profile.

4. Profile view tracking

When someone views a public trust profile (guyid.com/u/username), GuyID collects anonymous analytics to help profile owners understand who is viewing their credential: For all viewers: • A page view event is logged with a random session hash (not tied to personal identity) • Heartbeat pings every 10 seconds while the tab is active (to estimate view duration) • Section visibility tracking via IntersectionObserver (to identify which profile sections were viewed) • Device type (mobile/desktop/tablet) and referral source (direct, shared link, Date Mode, QR code) What is NOT collected: • Raw IP addresses are never stored — only ephemeral session hashes • No fingerprinting or cross-site tracking • Self-views are excluded • No data is collected when the browser tab is hidden Registered GuyID users who view a profile may have their name and city visible to the profile owner if the owner has a Premium subscription. Anonymous visitors are identified only by city (if available via request headers) and session hash.

5. Trust Directory

GuyID operates a public Trust Directory (guyid.com/discover) that lists verified user profiles. By creating a GuyID account and meeting minimum listing criteria (profile photo uploaded, minimum trust tier achieved), your profile may appear in the Trust Directory. Information displayed in the Trust Directory includes: display name, age, city, trust tier (not numeric scores), profile photo, verification status, vouch count, and voice vouch indicator. Numeric trust scores are internal to GuyID and are never displayed publicly — only tier names (Starter, Builder, Trusted, Elite) are shown. You can control your visibility by adjusting your profile settings or removing your profile photo, which will de-list you from the directory.

6. How we use your data

We use your information to: • Provide and maintain the GuyID service, including your public trust profile • Process identity verification requests through our verification partner (Didit) • Display your trust credential at guyid.com/u/[username] • Enable vouch and voice vouch features • Provide profile view analytics to profile owners • List your profile in the Trust Directory • Process Premium subscription payments through Stripe • Send service-related emails (verification confirmations, vouch notifications, account updates) • Improve our service through aggregated, anonymized analytics • Prevent fraud, abuse, and security threats • Comply with legal obligations under PIPEDA and applicable law

7. Verification handling

CRITICAL PRIVACY PROTECTION: Identity verification is processed through Didit, a certified identity verification provider. GuyID has two verification tiers: Basic verification (free): Government ID check confirming legal identity. Enhanced verification (Premium): 5-step verification including government ID, liveness detection, age confirmation, IP analysis, and facial matching. In both cases: • Government ID images are processed by Didit and NEVER stored by GuyID • Only verification status (verified/not verified), verification type, and timestamp are retained • Didit processes data in accordance with their own privacy policy and applicable regulations • Verification is restricted to Canadian and US government-issued IDs • Each verification costs GuyID $0.20 (after 500 free/month) — this cost is absorbed, not passed to users

8. Cookies and analytics

We use cookies and similar technologies to: • Maintain your login session (Supabase auth tokens) • Remember your preferences • Track profile view analytics (session-level, not cross-site) • Provide Cloudflare Turnstile bot protection on the vouch form We do not use third-party advertising cookies. We do not sell data to advertisers. You can control cookies through your browser settings, though disabling them may limit your ability to use authenticated features.

9. Third-party services

GuyID integrates with the following third-party services: • Supabase: Database, authentication, and cloud storage (hosts in North America) • Stripe: Payment processing for Premium subscriptions (PCI-DSS compliant) • Didit: Identity verification processing (ID images processed and discarded) • Cloudflare: CDN, DNS, bot protection (Turnstile), and pre-rendering • Netlify: Static site hosting and deployment • Google & LinkedIn OAuth: Optional sign-in and social account linking • Meta/Facebook OAuth: Optional account linking Each service has its own privacy policy. By linking social accounts, you authorize GuyID to access your basic profile data as permitted by your privacy settings on those platforms.

10. Data sharing

We do NOT sell your personal data to third parties. Ever. We may share your information only in the following circumstances: • With your consent: When you explicitly authorize data sharing • Service providers: Third-party vendors who help us operate our service (under strict confidentiality agreements and data processing agreements) • Legal requirements: When required by law, court order, or government request under Canadian law • Business transfers: In the event of a merger, acquisition, or sale of assets (users will be notified in advance) • Public profile data: Information you choose to make public on your trust profile and Trust Directory listing

11. Public profile visibility

Your GuyID trust profile is publicly accessible at guyid.com/u/[username]. Public information includes: • Display name and username • Profile photo • Age (if provided) • City and province/state (if provided) • Trust tier (Starter, Builder, Trusted, or Elite) — numeric scores are never shown publicly • Verification status and verification type badges • Approved vouches (text and voice — voice playback requires Premium) • Connected social platform indicators • Concern count (if any concerns have been filed) You can control what information is displayed through your profile settings and privacy controls in your dashboard.

12. Premium subscription data

Premium subscribers ($12.99/month) have additional data processed: • Stripe processes and stores all payment information — GuyID only stores your Stripe customer ID and subscription status • Premium analytics data (detailed viewer information) is generated from the same anonymous tracking data collected for all profiles, but surfaced with more detail to Premium subscribers • Voice vouch audio playback is unlocked on your public profile • Enhanced verification data (liveness, age, IP) is processed through Didit When you cancel Premium, your subscription remains active until the end of the billing period. After expiration, Premium-only features are deactivated but your trust profile, vouches, and earned tier remain.

13. Data retention and deletion

We retain your data for as long as your account is active or as needed to provide our services. Retention periods: • Account data: Retained while your account is active • Verification status: Retained indefinitely after account deletion for fraud prevention • Government ID images: NEVER stored (processed and discarded by Didit) • Vouches and voice recordings: Retained while your account is active, deleted upon account closure • Profile view analytics: Event-level data retained for 90 days, aggregated statistics retained indefinitely • Subscription data: Retained as required by Canadian tax law (typically 7 years for financial records) You may request deletion of your account and associated data by emailing ceo@guyid.com. We will process deletion requests within 30 days, subject to legal retention requirements under PIPEDA.

14. Facebook data deletion instructions

According to Meta Platform terms, GuyID provides the following instructions for users who wish to delete their activity data associated with the application: 1. Go to your Facebook Account's "Settings & Privacy" and click "Settings". 2. Navigate to "Apps and Websites" in the left-hand menu. 3. Locate "GuyID" in the list of active apps. 4. Click "Remove" to disconnect your account activity from our platform. Alternatively, you may request full deletion of your user account data by emailing ceo@guyid.com with the subject line "Data Deletion Request". We will permanently remove your stored social data within 30 days. For detailed instructions, visit: guyid.com/facebook-data-deletion-instructions

15. Security measures

We implement industry-standard security measures to protect your data: • AES-256 encryption for all data at rest • TLS 1.3 encryption for all data in transit • Encrypted password storage (bcrypt hashing via Supabase Auth) • Secure payment processing through Stripe (PCI-DSS compliant) • Cloudflare DDoS protection and WAF • Row-Level Security (RLS) on all Supabase database tables • Cloudflare Turnstile bot protection on public forms • SHA-256 hashing of session identifiers (no raw IPs stored) • Regular security audits and dependency updates • Immediate deletion of government ID images after verification No method of transmission over the internet is 100% secure. We cannot guarantee absolute security but take all reasonable measures to protect your data.

16. Your privacy rights (PIPEDA)

Under PIPEDA and applicable Canadian privacy law, you have the following rights: • Access: Request a copy of your personal data held by GuyID • Correction: Update or correct inaccurate information • Deletion: Request deletion of your account and associated data • Withdrawal of consent: Revoke consent for data processing (may result in inability to use certain features) • Complaint: File a complaint with the Office of the Privacy Commissioner of Canada if you believe your privacy rights have been violated For users in other jurisdictions, we will honour equivalent rights where applicable (including GDPR rights for EU users and CCPA rights for California residents). To exercise these rights, contact us at ceo@guyid.com. We will respond within 30 days.

17. Children's privacy

GuyID is not intended for users under 18 years of age. We do not knowingly collect personal information from children. Our identity verification process includes age confirmation. If we become aware that a user is under 18, we will immediately delete their account and all associated data. If you believe a minor has created an account, please contact us at ceo@guyid.com.

18. International data transfers

GuyID's primary infrastructure is hosted in North America (Supabase, Netlify, Cloudflare). If you access GuyID from outside Canada, your data may be transferred to and processed in Canada. By using GuyID, you consent to the transfer of your information to Canada, where privacy laws may differ from those in your jurisdiction. We ensure that all data transfers comply with PIPEDA and that adequate safeguards are in place.

19. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or through a prominent notice on our platform. The "Last updated" date at the top of this page indicates when the policy was last revised. Your continued use of GuyID after changes constitutes acceptance of the updated policy. Previous versions of this policy are available upon request.

20. Contact us

If you have any questions about this Privacy Policy or our data practices, please contact us: GuyID Inc. Ottawa, Ontario, Canada Email: ceo@guyid.com We will respond to privacy inquiries within 2–3 business days. For complaints regarding our privacy practices, you may also contact the Office of the Privacy Commissioner of Canada at priv.gc.ca.