Privacy Policy
APTOGON / homosapience.org Β· Last updated: May 2026
1. What We Collect
APTOGON collects only the minimum data required to verify humanity. During gesture verification, we extract a statistical vector (speed, pauses, rhythm irregularity) from your drawing gesture. Raw coordinates are never stored or transmitted. We do not collect names, email addresses, phone numbers, or any government-issued ID.
2. How Verification Works
Your gesture is analyzed by SapiX (local inference). If verified, an Ed25519 key pair is generated in your browser. The private key stays in your browser's localStorage β it is never sent to our servers. Only the SHA3-256 hash of your public DID is recorded on the Aptos blockchain as a HumanCredential.
3. Browser Extension
The APTOGON Verified Human browser extension reads your HumanCredential from your browser's localStorage and extension storage. It does not transmit this data to any third party. The β¦ Human badge is injected client-side only. No browsing history, page content, or personal data is collected or sent anywhere.
4. Blockchain Data
The Aptos blockchain is public. The SHA3-256 hash of your DID is permanently recorded on-chain. This hash is a one-way transformation β it cannot be reversed to identify you. It contains no personal information.
5. Cookies & Storage
We use localStorage to store your HumanCredential and language preference. We do not use tracking cookies or third-party analytics. We do not use Google Analytics, Meta Pixel, or similar tools.
6. Data Sharing & Sub-processors
We do not sell, rent, or share your data with third parties for commercial purposes. The only external service we use for data processing is OpenRouter (AI inference sub-processor), which receives only the gesture statistical vector (numerical motion data β no images, no coordinates, no personal identifiers) to classify human movement patterns. Gesture motion data is processed by OpenRouter (sub-processor) under our instructions. A Data Processing Agreement is in progress. OpenRouter acts as a Data Processor under GDPR Article 28. We remain the Data Controller responsible for determining the purposes and means of processing.
7. Data Retention
HumanCredentials expire after 30 days and must be renewed. You can delete your credential at any time by clearing your browser's localStorage. The on-chain DID hash cannot be deleted (blockchain is immutable), but it contains no personal information.
8. Your Rights
You have the right to know what data we hold, to delete your local credential, and to stop using the service at any time. Since we collect no personal information, there is nothing to export or correct. For questions, contact: privacy@homosapience.org
9. Changes to This Policy
We may update this policy as the project evolves. Material changes will be announced on homosapience.org and in the extension update notes.
10. Contact
Privacy questions: privacy@homosapience.org General: hello@homosapience.org Project: https://github.com/tulubyev/AptoGon