Privacy Policy
Last updated: January 2026
1. Introduction
ValidDraft ("we", "our", or "us") is a product of Sotolis. This Privacy Policy explains how we collect, use, and protect your information when you use our behavioral biometrics verification service.
2. Biometric Data Collection
Important Notice About Biometric Data
ValidDraft collects behavioral biometric data to verify human authorship. This data is unique to your typing and interaction patterns and is processed to generate verification scores.
Keystroke Biometrics (Silver Mode)
We collect the following keystroke dynamics data:
- Key press timing: The duration each key is held down
- Inter-key intervals: Time between consecutive keystrokes
- Typing rhythm patterns: Overall cadence and flow of your typing
- Revision behavior: Backspace frequency, deletion patterns, and rewrites
- Pause analysis: Duration and frequency of pauses during writing
- Cursor movements: Mouse/trackpad movement patterns and click behavior
Video Biometrics (Gold Mode - Optional)
With your explicit consent, we may collect video data for enhanced verification:
- Facial presence: Verification that a human is present during writing
- Eye gaze tracking: Direction of visual attention relative to the screen
- Expression analysis: Natural facial movements indicating cognitive engagement
- Liveness detection: Verification that the video is live, not pre-recorded
Video data is processed in real-time and is not stored after analysis. Only the resulting verification score is retained.
Account Information
When you create an account, we collect:
- Email address
- Name (optional)
- Organization name (for team accounts)
3. How We Use Your Information
We use collected information to:
- Generate humanity scores and verification reports
- Improve our behavioral analysis algorithms
- Provide customer support
- Send service-related communications
4. Data Retention
| Data Type | Retention Period |
|---|---|
| Raw keystroke data | Processed in real-time, not stored |
| Video/webcam data | Processed in real-time, not stored |
| Verification reports | 90 days (or until deletion request) |
| Humanity scores | 90 days (linked to verification) |
| Written content | 90 days (or until deletion request) |
| Account information | Until account deletion |
Automatic Deletion: Verification data older than 90 days is automatically purged from our systems. You may request early deletion at any time through your account settings or by contacting us.
Anonymized Analytics: We may retain anonymized, aggregated statistics derived from verification data for service improvement purposes. This data cannot be linked back to individual users.
5. Data Sharing
We do not sell your personal data. We may share data with:
- Service providers who assist in operating our service
- Law enforcement when required by law
- Your organization (if using a team account)
6. Your Rights
You have the right to:
- Access your personal data
- Request correction of inaccurate data
- Request deletion of your data
- Opt-out of video analysis features
- Export your data
7. Security
We implement industry-standard security measures to protect your data, including encryption in transit and at rest, secure data centers, and regular security audits.
9. Contact Us
For privacy-related inquiries, contact us at: privacy@sotolis.com