Trust Center
Trust is not a page. It is a habit.
A registry that asks people to put their name on record has to hold itself to a higher bar. This is the single place where we lay it all out: how the system is secured, who processes what, which rights you have, and where the honest limits are.
Start anywhere
Everything below is public, and everything below is kept current.
Security
Row-level security, immutable dates and hashes, emails never exposed — the full picture, in plain language.
Privacy policy
What is processed, on which legal basis, for how long — the formal version of everything on this page.
Service status
Current state of the website, the registry platform and the public API.
Database policy
What is published in the registry, how removal works, and how to claim a record.
Cookie policy
The full cookie table — short, because this site sets no tracking cookies at all.
Contact
General, privacy and legal mailboxes — plus the humans of AIGiner S.L. behind them.
Data minimisation, by design
Our data policy fits in three sentences — because there is very little data.
We collect what the registry needs
The public fields you choose to publish on a record, plus your account email. That is the inventory.
We refuse what we do not need
No ID documents, no biometric data, no tracking profiles. Identity checks (from September) run on Stripe Identity, and only the result, the date and a session reference come back.
Private stays private
Your email is never shown on a record, in the directory or through the API — structurally, it cannot be, because it is not stored alongside your record.
Subprocessors
The registry runs on a deliberately short list of providers.
| Provider | Purpose | Data location |
|---|---|---|
| Supabase | Database, authentication and row-level security of the registry | European Union (eu-west) |
| Cloudflare | Hosting, CDN, DDoS protection and Turnstile bot protection | Global edge network, EU entry points |
| Resend | Transactional email (account confirmation, notifications) | EU sending region (details in the privacy policy) |
| Stripe From September 2026 | Payments and identity verification for the Verified seal | EU entities of Stripe |
The authoritative, always-current list — with legal entities and safeguards — lives in the privacy policy. If this table and the policy ever disagree, the policy wins.
Your rights under the GDPR
You do not need a lawyer to exercise them — one email is enough.
For any of these, write to privacy@thehumanbehind.com.
- Access: ask for a copy of the data we hold about you.
- Rectification: correct the editable fields of your record or account.
- Erasure: remove your record at any time. It leaves the directory immediately; the registry keeps a minimal trace that it existed and was removed, so your number can never be silently reused.
- Portability: your record's public fields are already yours — exportable through the public API in machine-readable JSON.
- Objection and restriction: tell us, and we will review any processing you disagree with.
- Complaint: you can always escalate to your data-protection authority (in Spain, the AEPD).
What we are — and what we are not
The Human Behind is a private registry operated by AIGiner S.L. It is not an official European Union registry, and neither registering nor the seal constitutes an official certification or, by itself, fulfilment of any legal obligation. What it gives you is real but specific: a public, dated, tamper-evident declaration of who answers for an AI avatar. We would rather you know exactly what you are buying — even when it is free.
Read it all. Then decide.
The strongest trust argument we have is that everything on these pages can be checked.