Privacy Statement

Our verification engine is built on a fundamental principle: your raw data never leaves your device. When you verify your presence at a session, your phone collects environmental signals locally. Before any information is transmitted, it is transformed using one-way cryptographic functions that make it impossible to reverse-engineer the original data.

This means we can confirm you were in the right place at the right time without ever knowing the specific details of your device's network environment.

We collect only what is necessary to verify presence:

• Account information — Your phone number, display name, and email address (if provided). Used for login and communication only.
• Enrollment data — Your student or staff reference number and the programmes you are enrolled in.
• Presence proofs — Cryptographically transformed snapshots of your location and network environment at the time of verification. These are not raw GPS coordinates or network names — they are mathematical representations that can only be compared against expected patterns, never decoded back to the originals.
• Verification outcomes — Whether your presence was verified, flagged for review, or rejected, along with a confidence score.

• We do not track your location outside of active verification sessions.
• We do not store raw GPS coordinates, Wi-Fi network names, or cellular network identifiers.
• We do not record audio, camera feeds, or biometric data.
• We do not build movement profiles or track you across sessions.
• We do not sell, share, or monetise your data with third parties.
• We do not use persistent device fingerprints — your device identifier rotates daily and cannot be used to track you over time.

When you tap “Verify” during a session, your device:

1. Collects environmental signals (location, nearby networks) locally on your phone.
2. Transforms all signals using cryptographic hashing so the original values cannot be recovered.
3. Constructs a tamper-proof commitment (a sealed mathematical summary) of all evidence.
4. Signs the commitment with a key that only your device holds, proving it came from you.
5. Sends the transformed data to our server, which compares the patterns against expected baselines and produces a confidence score.

At no point does our server receive your raw location or network information. The comparison is performed entirely on transformed data.

• All communication between your device and our servers is encrypted in transit (TLS).
• Cryptographic signing keys are generated on your device and stored in its secure hardware enclave. The private key never leaves your phone.
• Presence proofs use daily-rotating salts, meaning the transformed data changes every day even if the underlying environment doesn't — preventing correlation across days.
• Our database stores only transformed evidence and verification outcomes, not raw sensor data.
• Infrastructure is hosted on Google Cloud Platform in the Africa South 1 (Johannesburg) region, complying with South African data residency requirements.

Under the Protection of Personal Information Act (POPIA), you have the right to:

• Access — Request a copy of all data we hold about you.
• Correction — Ask us to correct any inaccurate information.
• Deletion — Request that we delete your account and associated data.
• Object — Object to the processing of your personal information.
• Portability — Receive your data in a structured, commonly used format.

To exercise any of these rights, contact us at admin@echohash.co.za.