Validator Ent. — Privacy Policy

// section 01

Definitions

The following capitalized terms have the meanings set forth below throughout this Privacy Policy:

Platform The Validator Ent. streaming and ad-validation service accessible at validatorent.com and associated subdomains.
User Any individual who creates an account, accesses, or interacts with the Platform in any role (Artist, Listener/Validator, Advertiser, or Admin).
HitL Signal Human-in-the-Loop interaction data — micro-behavioral input captured during Validation Gates to confirm authentic human attention.
Proof-of-Tune The Platform's proprietary heartbeat and attention verification protocol, which processes periodic listener response data to confirm active, human engagement with content.
Validation Gate An interactive checkpoint presented during audio streams that requires a User to demonstrate active attention before an ad impression is recorded as verified.
Credits Platform-native value units accumulated through verified participation in Paid Ad impression cycles. Credits have no monetary equivalent and are subject to the Terms of Service.
Personal Data Any information that identifies or could reasonably be used to identify a specific User, as defined by applicable privacy law.

// section 02

Account & Profile Data

When you register on the Platform or update your profile, we collect the following information:

Data Type	What We Collect	Purpose
Email Address	Your email as provided at registration	Account creation, login, verification, and transactional notices
Display Name	Optional public-facing name	Profile display, leaderboards, network identity
Role	Artist, Listener/Validator, or Advertiser	Feature gating, platform routing, ad targeting context
Profile Info	Avatar, bio, genre (Artists); company name (Advertisers)	Public profile pages, browse discovery, advertiser dashboards
Validator ID	Platform-assigned unique identifier	Impression attribution, anti-fraud verification
Consent Records	Policy version, consent timestamp, policy type (ToS / Privacy)	Regulatory compliance and audit trail

🔒

Account Data Security

Passwords are hashed using industry-standard bcrypt before storage. We never store plaintext passwords. Email addresses are stored in encrypted form at rest.

JWT authentication tokens expire automatically and are not stored server-side after logout.

// section 03

HitL Interaction Signal Collection

Validator Ent. is built on the premise of Human-in-the-Loop (HitL) verification. To operate the Platform's core fraud-prevention function, we collect interaction signals during Validation Gate sessions.

⚡

What Are HitL Signals?

HitL signals are lightweight behavioral inputs — such as response timing, answer accuracy, and session continuity — captured during Validation Gates. They are used exclusively to distinguish authentic human attention from automated or fraudulent activity.

By creating an account and participating in Validation Gates, you acknowledge and consent to the collection of HitL interaction signals as described in this section.

Data Collected During Validation Gates

Challenge response: Your answer to the presented attention check (e.g., math captcha), including response time in milliseconds.
Session continuity: Whether the session remained active throughout the gate (tab focus, browser state).
Gate outcome: Pass/fail result of the validation, stored as a boolean per impression event.
Gate token: A short-lived cryptographic token issued upon successful gate completion, used only to authorize the associated account action and discarded thereafter.
Dwell time: Total duration of engagement with the gate session, in milliseconds.
Insertion point: The context in which the gate was presented (e.g., auth_gate, stream_gate).

IMPORTANT: HitL signals are pseudonymous. They are stored linked to your Validator ID (not your email address) for fraud analysis. No biometric, physiological, or personally identifying behavioral profile is derived from these signals.

Why We Collect This

Advertisers on the Platform pay for human-verified impressions. HitL signals are the technical foundation of that guarantee. Without collecting this data, Validator Ent. cannot fulfill its core value proposition to advertisers or protect Artists and Validators from credit-diluting fraud.

This collection is disclosed in accordance with FTC guidelines on material data collection and is referenced in the Platform's Ad Transparency page.

// section 04

Proof-of-Tune Heartbeat & Attention Data

Proof-of-Tune is Validator Ent.'s proprietary attention verification protocol. During an active listening session, the Platform periodically checks whether you remain an engaged, active listener.

Heartbeat Data Collected

Heartbeat timestamps: Periodic signals confirming active session state, logged at intervals during playback.
Track progress markers: Playback position checkpoints used to verify that the stream was played through (not skipped or scripted).
Attention verification events: Timestamped records of each Validation Gate pass within a session, linked to the associated track and ad slot.
Session ID: A temporary, non-persistent identifier for the listening session, used to correlate heartbeat events. Stored in localStorage and cleared at session end.

🎧

Proof-of-Tune Is Privacy-Preserving By Design

Proof-of-Tune data is processed at the session level and aggregated. Individual heartbeat events are retained for fraud analysis purposes only and are not used to build behavioral profiles for advertising targeting.

Heartbeat data older than 90 days is automatically purged from our systems unless retained for an active fraud investigation.

What Proof-of-Tune Data Is Not Used For

Identifying your location beyond coarse regional context (if provided by your browser and consented to)
Building a behavioral advertising profile
Sale or transfer to third parties for advertising or analytics purposes
Any inference about your physical or mental state

// section 05

Ad Impression Auditing & Verification Data

To provide advertisers with independently auditable, human-verified impression records, we collect and retain the following data for each ad impression event on the Platform:

Field	Description	Retention
impression_id	Unique identifier for each ad impression event	2 years
ad_id	Identifier of the ad creative served	2 years
insertion_point	Where in the user journey the ad was delivered	2 years
validator_id	Pseudonymous Validator ID of the User who received the impression	2 years
validation_passed	Boolean: whether the HitL gate was successfully completed	2 years
dwell_time_ms	Total engagement duration for the impression in milliseconds	2 years
provider	Ad provider type: internal (house ad) or external network	2 years
timestamp	UTC timestamp of impression start and completion events	2 years

Impression audit records are the foundation of the Platform's advertiser billing and verification guarantee. These records may be provided to advertisers in aggregated, anonymized form to substantiate impression delivery. Individual User identities are never disclosed to advertisers.

AUDIT LOG INTEGRITY: Impression audit records are append-only. Once recorded, they cannot be modified or deleted — including by the User who generated them. This is required to maintain the integrity of verified impression claims made to advertisers.

// section 06

Session, Cookie & Tracking Data

The Platform uses the following session and tracking mechanisms:

Local Storage

Authentication token (JWT): Stored in localStorage upon login. Used to authenticate all API requests. Contains your user ID, role, and expiration time. Cleared on logout.
Session ID (validatorent_session_id): A temporary ID used to correlate ad impression events within a browsing session. Not linked to your account identity in external logs.
Interest preferences: Onboarding interest selections (e.g., Music Discovery, Ad Validation) stored temporarily for processing during your onboarding flow.

Server-Side Sessions

Gate challenge state: Math captcha challenge IDs are stored server-side in a short-lived in-memory cache (expires in 5 minutes) to validate gate responses.
OAuth state parameters: Short-lived CSRF protection tokens used during OAuth authentication flows (where applicable). Expire immediately after use.

Cookies

Validator Ent. does not use advertising tracking cookies. Authentication is handled via localStorage JWTs. Standard browser cookies may be set by third-party CDN providers (Cloudflare) for security and DDoS mitigation purposes — these are outside our control and governed by Cloudflare's privacy policy.

🍪

No Advertising Cookies

We do not place cross-site advertising tracking cookies. Ad targeting context is derived only from the in-Platform data you provide (role, genre preferences, interaction history) — never from third-party cookie networks.

Analytics

We use Polsia platform analytics to collect aggregate, anonymized usage data (page views, feature engagement). This data does not include Personal Data and is used solely for product improvement.

// section 07

Media Storage — Cloudflare R2

Artist-uploaded media files (tracks, cover art, and other content) are stored on Cloudflare R2, an S3-compatible object storage service operated by Cloudflare, Inc.

What Is Stored

Audio files: Tracks uploaded by Artists in supported formats (MP3, WAV, FLAC, etc.).
Cover artwork: Image files associated with uploaded tracks or artist profiles.
Other media: Any additional files uploaded by Users through Platform upload flows.

Storage Metadata We Track

File URL on R2 (public CDN path)
File key (internal storage path)
File size in bytes
MIME type / file format
Upload timestamp and uploader User ID
Association to a track or profile record

☁️

Cloudflare R2 Data Handling

Files stored in Cloudflare R2 are governed by Cloudflare's data processing agreements. Cloudflare does not use your content for advertising or training AI models.

Media files are served via Cloudflare's global CDN network. Public media URLs do not contain personally identifying information.

Media files you upload remain associated with your account. Upon verified account deletion (see §10), publicly accessible media may be removed at our discretion, subject to any third-party caching or archival that has already occurred.

NOTE: Content you upload may be streamed to other Users on the Platform as part of normal service operation. By uploading content, you consent to this delivery. This does not affect your intellectual property rights as described in the Terms of Service.

// section 08

Third-Party Ad Network Data Sharing

Validator Ent. operates a programmatic ad waterfall that routes Paid Ad impressions through third-party ad networks. The following partners currently participate in the Platform's ad delivery infrastructure:

Partner	Role	Data Shared
Google Ad Manager (VAST)	Primary programmatic ad server — VAST tag delivery for audio/video ads	Impression event signals, device type, anonymized session context
Adsterra	Waterfall partner — display and interstitial fill	Anonymized impression request signals, placement context
PropellerAds	Waterfall partner — push and interstitial formats	Anonymized impression request signals, placement context
Adcash	Waterfall partner — display formats	Anonymized impression request signals, placement context

🛡

What We Do Not Share

We do not share your email address, display name, Validator ID, or any directly identifying information with ad network partners.

Data shared with ad networks is limited to anonymized impression-level signals required for ad delivery and billing reconciliation. Ad networks operate under their own privacy policies — we encourage you to review them if you have questions about their data practices.

HitL Verification Data & Ad Partners

The Platform's HitL verification results (pass/fail) may be transmitted to Paid Ad network partners as a verified impression signal — confirming that the impression was delivered to a real human. This signal does not include any User identity data. It is a binary quality signal only.

VAST & Programmatic Delivery

Audio and video ads delivered via VAST (Video Ad Serving Template) may include ad-network-level tracking pixels embedded in the VAST manifest. These pixels are governed by the respective ad network's privacy policy. Validator Ent. does not control the data collected by these pixels beyond what is contractually prohibited by our network agreements.

// section 09

How We Use Your Data

We process your data for the following purposes, each grounded in a lawful basis:

Service Delivery Account management, playback functionality, Validation Gate operation, Artist dashboard access, Advertiser dashboard access, credit tracking.
Fraud Prevention HitL signal analysis, Proof-of-Tune heartbeat processing, anomaly detection, and anti-gaming enforcement as described in the Terms of Service.
Ad Delivery & Verification Serving ads in the correct format and slot, recording verified impressions, providing advertisers with verified delivery confirmations.
Platform Improvement Aggregate analytics on feature usage, error monitoring, performance optimization. No individual profiling for this purpose.
Legal Compliance Maintaining audit logs required for advertiser billing disputes, responding to lawful data requests, enforcing Terms of Service.
Communications Transactional emails (verification, security alerts, credit threshold notices). We do not send unsolicited marketing emails without opt-in consent.

WE DO NOT: Sell your Personal Data to third parties. Use your data to train external AI models. Build behavioral advertising profiles for off-Platform targeting. Share your identity with advertisers.

// section 10

Data Retention & Deletion Rights

Retention Schedule

Data Category	Retention Period	Basis
Account data	For the life of the account + 30 days post-deletion	Service delivery
HitL interaction signals	90 days (standard); indefinite if flagged for fraud investigation	Fraud prevention
Proof-of-Tune heartbeat data	90 days	Fraud prevention, session quality
Ad impression audit records	2 years	Advertiser billing compliance, legal audit
Consent records (ToS / Privacy)	5 years	Regulatory compliance, audit trail
Session / gate tokens	5 minutes (in-memory only)	Security, CSRF protection
Media files (R2)	For the life of the account; removal initiated on verified deletion request	Service delivery

Your Deletion Rights

You have the right to request deletion of your Personal Data. To submit a deletion request, contact us at Validatorent@mail.com with the subject line "Data Deletion Request" and include the email address associated with your account.

We will process verified deletion requests within 30 days. The following data categories are exempt from deletion due to legal or contractual obligations:

Ad impression audit records (required for advertiser billing compliance — retained for 2 years)
Consent records (required for regulatory compliance — retained for 5 years)
Data subject to an active fraud investigation

Your Access & Portability Rights

You may request a copy of the Personal Data we hold about you by contacting us at Validatorent@mail.com. We will provide account data and consent records in a machine-readable format (JSON or CSV) within 30 days of a verified request.

// section 11

Contact & Privacy Inquiries

For all privacy-related questions, requests, or concerns — including data access, deletion, correction, and third-party disclosure inquiries — contact us at:

📬

Privacy Contact

Validator Ent. — Privacy Team

Email: Validatorent@mail.com

Please include your account email and the nature of your request in all correspondence. We aim to acknowledge all privacy inquiries within 5 business days and resolve them within 30 days.

Policy Updates

This Privacy Policy may be updated periodically to reflect changes in Platform features, legal requirements, or data practices. Material changes will be communicated via email to registered Users at least 14 days before taking effect.

Continued use of the Platform after the effective date of an updated Privacy Policy constitutes acceptance of the revised terms. Previous versions of this policy are available upon request.

For Terms of Service, visit: Terms of Service · For ad disclosure information, visit: Ad Transparency