Privacy Notice for Teens
Effective Date: 13 February 2026 Last Updated: 13 February 2026
Why Privacy Matters
Your privacy is a right, not a privilege. In a world where companies track everything you do online, collect your data, and sell it to advertisers, Maelstrom AI is different.
We built Provii to prove that age verification doesn’t have to invade your privacy.
This notice explains how Provii works, what data we collect (spoiler: almost nothing), and why our approach gives you control over your personal information.
What is Provii?
Provii is an age verification service that lets you prove you’re old enough to access certain websites or apps without revealing your date of birth, identity documents, or any personal information.
The key difference: Most age verification services require you to upload your ID, take a selfie, and provide your date of birth. That information gets stored in a database that could be hacked or misused.
Provii uses zero knowledge cryptography - advanced math that proves you meet an age requirement without revealing your actual age or any other information about you.
How Provii Works (Zero knowledge Explained Simply)
Traditional Age Verification (Not Provii)
- You upload your driver’s license or passport
- You might take a selfie
- The company extracts your date of birth from your ID
- They store your name, DOB, ID number, and photo in their database
- If their database gets hacked, your identity could be stolen
Provii’s Zero knowledge Approach
- On Your Device: You enter your date of birth once when setting up the Provii wallet
- Your Wallet Creates Math Magic: Your wallet app generates a cryptographic “proof” using zero knowledge technology
- Your Birthday is Sent Once Then Deleted: During setup, your date of birth is sent to our server to create a sealed cryptographic commitment, then immediately discarded - it is never stored. After that, it stays on your device
- When a Website Asks: Your wallet creates a proof that says “Yes, I’m over 18” or “No, I’m not” - but it doesn’t reveal your actual age
- Provii Verifies the Proof: We check that the math is valid, but we can’t see your date of birth or how old you are
- Website Gets Answer: The website learns only whether you meet the age requirement - nothing more
Why this matters: Even if Maelstrom AI’s servers were hacked, there’s no database of dates of birth, names, or ID documents to steal. We can’t lose what we don’t have.
What Data We Collect
The Honest Answer: Very Little
Most privacy policies bury this information in legalese. Here’s the truth in plain language:
| What We Collect | Why We Collect It | How Long We Keep It |
|---|---|---|
| IP Address (scrambled/hashed) | To prevent fraud and abuse, detect bot attacks, and investigate security incidents | 90 days, then automatically deleted; critical security event logs are retained for up to 365 days |
| Verification Timestamps (anonymized) | To monitor system security and diagnose technical issues | 90 days; critical security event logs are retained for up to 365 days |
| Challenge IDs (random session numbers) | To make the verification process work | 5 minutes |
| Credential Nullifiers (one-way math hashes) | To prevent someone from reusing credentials fraudulently | Checked against a ban list only |
Important: None of this data is linked to your identity. IP addresses are hashed (scrambled), timestamps aren’t connected to who you are, and challenge IDs are random numbers.
What We DON’T Collect
This is equally important. By architectural design, Maelstrom AI is not designed to collect:
Identity Information
- Your name
- Email address
- Phone number
- Physical address
- Social security number
Identity Documents
- Passport
- Driver’s license
- Birth certificate
- School ID
- Any document scans or photos
Personal Information
- Date of birth (transmitted once during credential setup to compute a cryptographic commitment, then immediately discarded - never stored)
- Actual age (only “over/under threshold” is revealed)
- Place of birth
- Nationality
- Gender
- Race or ethnicity
Behavioural Data
- Browsing history
- Search queries
- Location tracking
- App usage patterns
- Social connections
- Cross-site tracking cookies
Biometric Data
- Facial recognition
- Fingerprints
- Voice prints
- Any other biometric identifiers
Why we don’t collect this: Our zero knowledge architecture means we never need this information. During verification, your wallet generates a mathematical proof on your phone. The proof that gets sent to the verifier’s servers only confirms whether you meet an age threshold. it contains no information about your actual date of birth.
How We Use Your Information
What We Do
We use the minimal data we collect ONLY for:
- Fraud prevention. Detecting and stopping abuse of the system
- Security. Protecting against bot attacks and denial-of-service attempts
- Troubleshooting. Diagnosing technical issues to keep the service running
What We DON’T Do
We do not use your data for:
- Marketing or advertising
- Profiling or tracking you
- Selling to third parties
- Creating user profiles
- Targeted ads
- Cross-site tracking
- Analysing your behaviour
Our business model: Websites pay us to provide age verification. We don’t make money from your data.
Who We Share Data With
Service Providers
We use Cloudflare to host our infrastructure. Cloudflare processes:
- IP addresses (for service delivery and security)
- Zero knowledge proofs (just cryptographic math - not personal info)
- Random session IDs
Important: Cloudflare can’t see your date of birth or identity either. They only see the mathematical proofs.
Safeguards: We have legal contracts (Standard Contractual Clauses) with Cloudflare that require them to protect your data.
What We Don’t Do
- We do NOT sell your data
- We do NOT share data with advertisers
- We do NOT work with data brokers
- We do NOT monetize your information
Legal Obligations
We may disclose information if legally required (court order, subpoena), but given the minimal data we collect, there’s not much to disclose.
Your Rights
You have legal rights over your personal data. Here’s what you can do:
Right to Access
What it means: You can ask us what data we have about you. How to do it: Email privacy@maelstrom.au with “Access Request” in the subject. What you’ll get: Likely just IP address logs (if within 90 days) and confirmation that we hold no other personal data.
Right to Delete
What it means: You can request deletion of your data. How to do it: Email privacy@maelstrom.au with “Delete Request” in the subject. What happens: We delete IP logs immediately (if still within the 90-day window). Most data is automatically deleted after 90 days anyway.
Right to Correct
What it means: You can request correction of inaccurate data. Provii-specific: We collect no personal data that needs correction. If your date of birth in your wallet is wrong, you can update it yourself in the app (it’s processed locally).
Right to Object
What it means: You can object to certain types of data processing. How to do it: Email privacy@maelstrom.au Note: You can use a VPN or Tor to prevent IP logging (our system fully supports this).
Right to Complain
What it means: If you think we violated your privacy rights, you can complain to a data protection authority.
Where to complain:
- UK. Information Commissioner’s Office (ICO) - https://ico.org.uk/make-a-complaint/
- EU. Find your local authority at https://edpb.europa.eu/
- California. California Privacy Protection Agency - https://cppa.ca.gov/
- Australia. Office of the Australian Information Commissioner - https://www.oaic.gov.au/
Security: How We Protect Your Data
Encryption
In transit: Everything is encrypted using TLS 1.3 (the same technology banks use) when data moves between your device and our servers.
At rest: Data stored on servers is encrypted with AES-256 (industry-standard encryption used across government and financial services).
Zero knowledge proofs: The cryptographic math we use (called Groth16 ZK-SNARKs) is peer-reviewed and industry-standard, designed to provide strong security assurances.
Access Controls
- Only authorised staff can access systems
- Multi-factor authentication required
- All administrative actions are logged
- Regular security audits
Testing
- Automated vulnerability scanning
- External security experts review our code
- Responsible disclosure programme (security@maelstrom.au)
- Our cryptographic implementations are available for independent audit
What this means: Even if someone tried to hack Provii, the cryptography protects your date of birth because it is never stored on our servers - it is only used momentarily during setup and then discarded. And the minimal data on our servers is encrypted and automatically deleted after 90 days.
International Users
Maelstrom AI operates globally. If you’re outside Australia (where we’re based), your data may be processed by Cloudflare in:
- United States
- European Union
- United Kingdom
- Asia-Pacific
Protections: We use Standard Contractual Clauses (legal contracts approved by the EU) to protect your data when it crosses borders. Plus, the minimal data we collect reduces risk.
How Long We Keep Data
| Data Type | Retention Period | What Happens After |
|---|---|---|
| IP addresses | 90 days (critical security event logs up to 365 days) | Automatically deleted |
| Challenge IDs | 5 minutes | Automatically deleted |
| Verification timestamps | 90 days (critical security event logs up to 365 days) | Automatically deleted |
Your wallet data: Stored on YOUR device under YOUR control. To delete it, uninstall the app.
No manual deletion needed: Most data is automatically erased through time-based expiry. You don’t need to remember to ask us to delete it.
Cookies and Tracking
What We Use
We don’t currently use any cookies on our website.
- Cloudflare security cookies may be set by Cloudflare’s infrastructure (for DDoS protection - not set by our application code)
What We DON’T Use
- Advertising cookies
- Marketing cookies
- Analytics cookies
- Social media cookies
- Cross-site tracking
- Behavioural tracking
- User profiling
No analytics: We do not use any analytics on our website.
COPPA and Children’s Privacy
If you’re under 13 (in the United States), you should know:
COPPA (Children’s Online Privacy Protection Act) normally requires websites to get parental consent before collecting personal information from kids.
Maelstrom AI’s approach: We do not collect personal information from anyone - including children. Our zero knowledge architecture is designed so that COPPA consent requirements are not expected to apply to our services, though you should seek independent legal advice if you are uncertain.
For parents: If you’re a parent of a child under 13, check out our Privacy Notice for Parents.
Why This Matters to You
Control Over Your Data
With Provii, YOU control your credentials. Your date of birth is in your wallet, on your device. Not in some company’s database.
Privacy is a Right
You shouldn’t have to choose between accessing age-restricted content and giving up your privacy. Provii proves you can have both.
Protection from Data Breaches
When companies get hacked (and they do - all the time), personal information gets stolen. With Provii, there’s no database of birthdates, names, or IDs to steal.
No Tracking or Profiling
Many services use age verification as an excuse to build profiles about you. Provii’s architecture is designed to make profiling technically infeasible.
Future-Proof
As you get older, your age verification credentials go with you. Update your age threshold in your wallet - no need to re-verify with documents.
Questions?
If you have questions about how Provii works or your privacy rights:
Email: privacy@maelstrom.au Subject Line: “Teen Privacy Question” Response Time: We aim to respond within 2 business days
If you’re under 18: You can contact us directly, but you might also want to talk to a parent or guardian if you have concerns.
Additional Resources
- Full Privacy Policy: Read the detailed version (more technical detail)
- Privacy Notice for Kids: Simpler version for younger users
- Privacy Notice for Parents: Guide for parents/guardians
- How Zero knowledge Works: Technical explanation (see provii-docs)
Our Commitment to You
We promise to:
- Be transparent about what data we collect
- Collect only what’s absolutely necessary
- Delete data as soon as we don’t need it
- Never sell your data
- Respect your rights
- Explain things clearly (no confusing legal language)
- Put your privacy first, always
Privacy isn’t just a policy for us - it’s built into the math.
Questions? Concerns? Complaints?
Contact us at privacy@maelstrom.au
We’re here to help, and we take your privacy seriously.
Last Updated: 13 February 2026 Effective Date: 13 February 2026 Version 1.0
© 2026 Maelstrom AI Pty Ltd ATF Maelstrom AI Holding Trust. Your privacy matters.