search
WebsiteDevelopersGitHub

Privacy Policy

NEUS is designed to support privacy-preserving proofs while still enabling gating and status checks.

hashtag
Proof visibility model

Proof visibility is controlled by two fields on options:

  • options.privacyLevel: private | public

  • options.publicDisplay: discoverability toggle for public proofs

Behavior:

  • private: not readable to non-owners (non-owners may receive minimal status).

  • public + publicDisplay=false: readable by Proof ID (qHash) (link-only / non-discoverable).

  • public + publicDisplay=true: eligible for public discovery surfaces (feeds/lists).

hashtag
Content storage

By default, raw input content is not stored.

  • options.storeOriginalContent: when true, allows storing original content (use with care).

  • options.enableIpfs: enables public snapshotting for public proofs (only supported in deployments with IPFS configured).

hashtag
Gate checks (minimal eligibility)

GET /api/v1/proofs/gate/check is designed for eligibility checks:

  • Evaluates public + discoverable proofs only.

  • Returns a minimal eligibility result (and optional safe projections), not full proof payloads.

If your app needs to show a user-facing attribute (for example a handle), prefer the minimal surfaces (/proofs/gate/check and /proofs/byWallet) and treat any returned projections as optional, deployment-specific safe fields.

hashtag
Owner access (private proofs)

Some reads support signature-authenticated access for private proofs via headers.

Two supported patterns:

  • Owner access: owner signs data.action="access_private_proof" for GET /api/v1/verification/status/{qHash}

  • Shared access (recommended for apps): owner issues an explicit access grant (POST /api/v1/verification/access/grant), then the viewer signs data.action="access_private_proof" to read the proof without requiring a NEUS session cookie.

hashtag
Third-party providers

Some verifiers rely on third-party providers (e.g. wallet risk and content moderation). Only verifier-required data is sent to the provider for the verification request.

Recommended practices:

  • Keep proofs private by default (privacyLevel: 'private', publicDisplay: false)

  • Store only what you need (storeOriginalContent: false unless explicitly required)

  • When gating, prefer minimal surfaces (/proofs/gate/check) and avoid pulling full proof payloads

PreviousSecurityNextContributing

Last updated

Was this helpful?