Privacy Policy

Last updated: May 4, 2026 · Effective for all users

The short version Mapleproof handles government ID information. We collect only what is necessary to verify your age, encrypt everything at rest, never sell your data, and let you delete your account anytime. This page explains exactly what we do — please read it before signing up.

1. Who we are

Mapleproof is a digital age-verification service operated in Ontario, Canada. This Privacy Policy covers how we collect, use, store, and disclose personal information when you use our website (mapleproof.onrender.com), our customer kiosk, our retailer scanner, and any related services.

If you have questions about this policy or want to exercise your privacy rights, contact our Privacy Officer at privacy@mapleproof.example.

2. What we collect

From customers (people getting a pass)

Government ID information read from the PDF417 barcode on your provincial driver's licence or photo ID card. This includes your name, date of birth, document expiry date, and ID number.
Photos of the front and back of your ID, used briefly to extract the barcode and to crop your face.
A live photo of your face captured during the liveness check.
Liveness check data — which head movements you performed and whether they were verified.
Approximate location — country and city derived from your IP address (we do not store the IP itself in your customer record).
Device fingerprint — a non-tracking hash used only for fraud prevention.

From retailers (stores using our scanner)

Business name, store location, contact email, and an API key hash.
Logs of which passes were scanned at which store, and when.

Automatically collected

Standard web logs (IP, user agent, timestamps) for security and debugging — kept for 30 days.

3. What we do with it

We use your information for these purposes only:

Age verification. Calculating whether you are 19+ for legal purchases of alcohol, cannabis, and similar age-restricted products in Ontario.
Identity binding. Matching your live face to your ID photo so retailers know the pass actually belongs to you.
Fraud prevention. Detecting patterns like repeated registrations from the same device with different IDs.
Audit and compliance. Maintaining a tamper-evident log of who scanned which pass when, for AGCO inspections.
Security. Preventing abuse of the service.

We do not use your information for advertising, marketing analytics, training third-party AI models, or any purpose unrelated to the service.

4. What we don't keep

By default, we discard the full-resolution images of your ID front and back as soon as we've extracted what we need. Only these stay in our database:

A cropped square of just your face from the live capture
A cropped, circle-masked face from the front of your ID
The AAMVA fields parsed from the barcode (name, DOB, expiry, ID number — all encrypted)

Your ID number is never stored in plaintext — only as a keyed HMAC-SHA256 hash, which lets us detect duplicate registrations without ever being able to reconstruct the original number.

5. How long we keep it

We follow strict data minimization:

Customer pass data: automatically deleted after 24 months of no scans (you'd need to re-register).
Audit logs: retained for 5 years for compliance, then permanently deleted.
Web server logs: 30 days.
Deletion request records: kept indefinitely so we can prove a deletion happened.

You can request earlier deletion at any time — see Section 7.

6. Encryption and security

We take security seriously because we have to.

All sensitive fields (DOB, name, face crop, ID face crop) are encrypted at rest using AES-256-GCM.
The encryption key is stored separately from the database, in a server-side environment variable.
All traffic between your browser and our server uses HTTPS (TLS 1.3).
The liveness check, face cropping, and face matching all happen on your device — your live video is never streamed to our servers.
Our retailer API requires a hashed API key for every request.
We maintain a tamper-evident audit log: every action is hashed in a chain so we can detect any unauthorized modification.
Rate limits prevent brute-force or scraping attempts.

7. Your rights under PIPEDA

You have the following rights under Canada's Personal Information Protection and Electronic Documents Act and Ontario's privacy law:

Right to access — see what we have about you. Email privacy@mapleproof.example with your token.
Right to correction — fix inaccurate information. Re-register with corrected details.
Right to deletion — request permanent removal of all data. Visit /delete or email us. We will execute deletion within 30 days.
Right to withdraw consent — at any time, with the same effect as deletion.
Right to complain — to us first, then to the Office of the Privacy Commissioner of Canada if unsatisfied.

8. Data breach notification

If we have a breach of security safeguards involving your personal information that creates a real risk of significant harm to you, we will:

Notify you without unreasonable delay (typically within 72 hours)
Notify the Office of the Privacy Commissioner of Canada
Maintain records of the breach
Take steps to mitigate further harm

9. Sharing with third parties

We share information in only these specific cases:

With retailers: when you walk into a participating store and present your barcode, the retailer's scanner receives your age tier, photo for visual comparison, and verification flags. They do not receive your name, full DOB, or ID number.
With our infrastructure provider: our hosting (Render.com) and IP geolocation (ipapi.co) handle data on our behalf under their respective contracts.
If legally required: in response to a valid court order, search warrant, or AGCO regulatory request.

We never sell your information.

10. International transfers

Our database is hosted in a Canadian data region. Some logs may transit through US-based CDNs (Cloudflare). Where data leaves Canada, it is protected by the same encryption and access controls.

11. Children

Mapleproof is for people 19 and older purchasing age-restricted products. We do not knowingly collect information from anyone under 18. If you are a parent or guardian and believe your child has registered, contact us and we will delete the account immediately.

12. Changes to this policy

If we materially change this policy, we will post a notice on the home page and require re-consent from active users before the next scan. Minor clarifications may be made without notice but will be reflected in the "Last updated" date.

13. Contact

Privacy Officer: privacy@mapleproof.example

For complaints under PIPEDA, you may also contact the Office of the Privacy Commissioner of Canada at priv.gc.ca or 1-800-282-1376.