Trust boundaries
- Verification completes in NEUS — do not treat the browser alone as proof of issuance.
- Gate checks and status should return only what your product needs.
- Private proof reads require the owner signed in (or your product’s explicit sharing rules).
Privacy defaults
Integrations default to private stored receipts (owner-authenticated reads; content tied to the wallet). For reusable gates andgateCheck without a signed-in owner session, create an unlisted public receipt: privacyLevel: 'public', publicDisplay: false. Original content defaults to stored; set storeOriginalContent: false only for hash-only retention.
| Setting | Effect |
|---|---|
privacyLevel: 'private' | Default. Owner or authorized-session visibility. |
privacyLevel: 'public' | Enables policy checks without owner session when paired with the flags below. |
publicDisplay: false | Unlisted: usable in checks, not promoted in discovery (still public to anyone with the proof id). |
storeOriginalContent: true | Default. Retains original content unless you opt into hash-only. |
What Should Never Be Exposed Publicly
- Raw signatures
- Owner-only proof payloads
- Private proof enumeration