Data privacy and security with Humanode: What you need to know

One of the hardest things about building in this space is getting a lot of questions directly or indirectly, asking if you’re not just one more project collecting sensitive data. Especially when you say “biometrics.” It’s the sort of word that makes people pause and wonder, “Are we really ready for this?”
Whenever we reach out to projects to help them add Sybil resistance using private biometric verification, they usually frown and ask how Humanode handles users’ biometric data.
So, let’s pause and talk about what actually happens when you plug Humanode into your project. That includes Biomapper, BotBasher, or OAuth 2.0. The story isn’t what you might expect. In fact, it’s built to flip the script on how private biometric verification should usually work.
Q. Alright, what really happens to user data when a project uses Humanode for Sybil resistance?
Let’s get right to it. The philosophy here is simple. Humanode uses biometrics (currently face), but only as a way to prove that a real, living, unique human is behind an account. Not to collect faces. Not to build a profile. Not to create some kind of database. The goal is Sybil resistance: one person, one account. The "how" is different, and so is what happens under the hood.
Q. Do you just store people’s faces in some server farm somewhere?
No, and that’s a line Humanode refuses to cross. Here’s what actually happens. A user goes through a 3D face scan, which takes about ten to fifteen seconds with their phone or laptop camera (any device with a 3 MP camera). That image is never kept as a photo or a video. Right on the device, it gets turned into an anonymized 3D template. That anonymized file is sent off for processing.
Q. Okay, but what if someone really wants to peek inside? Hackers? Admins? Governments?
This is where things get interesting. Humanode uses Confidential Virtual Machines, or CVMs. You can think of them as vaults that even the builders cannot unlock. Once data is inside, it’s sealed away. Not even Humanode’s engineers can look inside to check for biometric data. The only control Humanode holds is the power to shut a server down, and even that is a temporary step until the system moves to full decentralization.
Q. How about storage? How long is biometric data kept?
About storing the biometric data, the anonymized template is sent over to the encrypted CVM. This data is used for 1-to-n matching when a new user performs biometric verification to make sure that they aren’t already registered. But this doesn’t mean that the data is stored as it is. Instead, a random string is generated when a user verifies.For Biomapper, this string is linked to an EVM address
For BotBasher, this string is linked with the Discord ID in case of BotBasher for Discord and the Telegram ID in case of BotBasher for Telegram.As for how long, this is where the concept of “generations” comes in. Every six months or so, the entire CVM system gets wiped clean. All data, every template, every encrypted piece, and every link are deleted. The time period of six months isn’t a permanent measure; it can be changed.
Outside of Humanode, these are just random codes useless, uncrackable, and totally anonymous.
After a server reset, everyone re-verifies, and the cycle starts again. It’s a hard stance on privacy, but it means no one can dig up data from the past, not even by accident.
Q. What about the “liveness” check? Isn’t that still data?
Liveness is simply proof that you’re actually there and not just a clever video. It is checked and then deleted right away. Nothing is left over. Nothing can be pieced back together later. It’s one and done, every time.
Q. What do we, as a project, actually get out of this?
You get Sybil resistance with almost zero privacy risk. Your app, DAO, or platform just gets confirmation that this account is a real, unique human. That’s all. No faces, no videos, no personal details. Not through Biomapper, not through BotBasher, not even through OAuth 2.0. Just proof of personhood, done the right way. One person equals one account. One account equals one unique user.
Q. Why go to all this trouble?
Because privacy isn’t a feature. It’s a foundation. And trust is verified, not just claimed. With every generation reset, every cryptobiometric verification, and every refusal to store raw data, Humanode aims to make sure the only thing your users ever have to worry about is how to prove they’re real, not what might happen to their face tomorrow or six months from now.
So if you’re having doubts on why you should use Humanode to keep your platforms Sybil resistant, know this: privacy and security aren’t just buzzwords for Humanode, it’s the foundation for building a truly decentralized Web.
Here are detailed resources for technical understanding:
Data Privacy in BotBasher for Discord