Trust Center

Trust is not a page. It is a habit.

A registry that asks people to put their name on record has to hold itself to a higher bar. This is the single place where we lay it all out: how the system is secured, who processes what, which rights you have, and where the honest limits are.

Data minimisation, by design

Our data policy fits in three sentences — because there is very little data.

We collect what the registry needs

The public fields you choose to publish on a record, plus your account email. That is the inventory.

We refuse what we do not need

No ID documents, no biometric data, no tracking profiles. Identity checks (from September) run on Stripe Identity, and only the result, the date and a session reference come back.

Private stays private

Your email is never shown on a record, in the directory or through the API — structurally, it cannot be, because it is not stored alongside your record.

Subprocessors

The registry runs on a deliberately short list of providers.

Provider Purpose Data location
Supabase Database, authentication and row-level security of the registry European Union (eu-west)
Cloudflare Hosting, CDN, DDoS protection and Turnstile bot protection Global edge network, EU entry points
Resend Transactional email (account confirmation, notifications) EU sending region (details in the privacy policy)
Stripe From September 2026 Payments and identity verification for the Verified seal EU entities of Stripe

The authoritative, always-current list — with legal entities and safeguards — lives in the privacy policy. If this table and the policy ever disagree, the policy wins.

Your rights under the GDPR

You do not need a lawyer to exercise them — one email is enough.

For any of these, write to privacy@thehumanbehind.com.

  • Access: ask for a copy of the data we hold about you.
  • Rectification: correct the editable fields of your record or account.
  • Erasure: remove your record at any time. It leaves the directory immediately; the registry keeps a minimal trace that it existed and was removed, so your number can never be silently reused.
  • Portability: your record's public fields are already yours — exportable through the public API in machine-readable JSON.
  • Objection and restriction: tell us, and we will review any processing you disagree with.
  • Complaint: you can always escalate to your data-protection authority (in Spain, the AEPD).

What we are — and what we are not

The Human Behind is a private registry operated by AIGiner S.L. It is not an official European Union registry, and neither registering nor the seal constitutes an official certification or, by itself, fulfilment of any legal obligation. What it gives you is real but specific: a public, dated, tamper-evident declaration of who answers for an AI avatar. We would rather you know exactly what you are buying — even when it is free.

Read it all. Then decide.

The strongest trust argument we have is that everything on these pages can be checked.