Confidentiality commitment

The registry is public by design. Everything else you entrust to us is confidential by design — this page says exactly what and how.

Last updated: 11 July 2026

Draft pending legal review.

1. Public by design, confidential by design

The Human Behind publishes a deliberate, limited set of record fields — that is the point of a public registry. Everything else you share with us to use the service is confidential and treated as such. The public part is listed exhaustively in the database policy; this page covers the rest.

2. What we keep confidential

  • Your email address — never published, never shared, never sold.
  • Verification details — the result of an identity check (verified yes/no), its date and the provider's session reference. The identity document itself never reaches us, so it cannot leak from us.
  • Your communications with us — support requests, claims, disputes and the evidence submitted with them.
  • Security reports — vulnerability reports and the details of any investigation.
  • Billing information — handled by the payment provider; we keep only what invoicing law requires.

3. How we enforce it

  • Row-level security in the database: access rules are enforced by the database itself, row by row, not just by the application.
  • Least privilege: private data is accessible only to the people who strictly need it to operate the service.
  • Encryption in transit everywhere, and a database hosted in the European Union.
  • Data minimisation: the most effective confidentiality measure is not holding the data at all — which is why we never store identity documents.

The full picture, in plain language, is on the security page and in the Trust Center.

4. Our team and our providers

Everyone who works on The Human Behind is bound by confidentiality obligations. The providers that process data on our behalf (listed in the privacy policy) are bound by data processing agreements under Art. 28 GDPR, which include confidentiality duties.

5. When we may disclose

We disclose confidential information only when a law, court order or competent authority requires it — and no more than what is required. Where legally permitted, we will inform you before or as soon as possible after such a disclosure. In a dispute over a record, we share with the other party only what is strictly necessary to resolve the claim, never your contact details without your consent.

6. What we will never do

  • Sell or rent your data — any of it, to anyone.
  • Publish or reveal your email address.
  • Use your confidential information for advertising.

7. Reporting a concern

If you believe confidential information has been mishandled, or you want to report a security issue, write to privacy@thehumanbehind.com or legal@thehumanbehind.com. If a breach ever affects your data, we will notify you and the competent authority as the GDPR requires.

8. Changes

We may update this commitment. We will publish the current version on this page with its update date.

See also the privacy policy and the security page.