Summit Proof Mode

Privacy

Effective July 15, 2026

The short version

Proof Mode is private by default. We use your ChatGPT sign-in identity to keep your records separate. Your action description stays in the Proof Mode database. When you complete the required review, our signing service receives only a pseudonymous user key, a one-way action hash, the action category, consequence level, and review confirmations.

Information we process

We process the name and email supplied through Sign in with ChatGPT; the goals, context, evidence notes, uncertainty, options, decisions, action boundaries, imported agent-request metadata, categories, consequence levels, checks, and timestamps you choose to save; cryptographic receipts and technical logs; and, if you purchase founding access, payment and transaction information handled by our payment provider. We do not need your AI chat transcript, prompt, or generated content to create a proof.

Local witnesses

The Witness Lab hashes a file or exact text inside your browser using SHA-256. The source content is not uploaded to Summit. If you attach the witness to a private work path, we store its digest and limited metadata such as artifact kind, capture time, source-authority class, and any label, system name, or limitations you enter. The signing service receives only a digest root and witness count—not the source content, private label, or system name.

A digest is pseudonymous, not necessarily anonymous. Someone who already has or can guess the source content may compute its digest and recognize a match. Do not hash passwords, short secrets, recovery codes, or other low-entropy values.

Portable links and browser preview

A public checkpoint handoff link contains only an allowlisted action type and an optional source-surface label. It does not contain your answers, the page you were viewing, a transcript, or private action content. The browser preview requests only the permission needed to add its right-click menu. Chrome may provide page or selection metadata when that menu is invoked; the extension ignores it, reads only its own menu identifier, and does not store or transmit page content to Summit.

How we use it

We use this information to authenticate you, provide private proof history, apply review rules, create and verify signed receipts, provide support and onboarding, prevent abuse, and improve service reliability. We do not use your private Proof Mode content to train AI models and we do not sell it.

Storage and service providers

The app is hosted on infrastructure providers that process data on our behalf. Sign in with ChatGPT supplies identity headers to the app. A separate Summit signing service stores the hash-only claim metadata needed for its receipt. A payment provider may process purchases; Summit does not store full card numbers.

Deletion and export

You can copy a personal work brief, copy or download a proof pack, and delete private work paths and proof records from the app. Exported proof packs omit your private goal, context, decision, and action description. Deleting a work path does not automatically delete a separately linked proof record. A signed, hash-only record may remain in the signing service so its receipt can continue to verify. Contact us to request account export or deletion assistance.

Your choices and security

Do not enter secrets, full AI transcripts, financial account numbers, health records, or other sensitive content in the action description or witness metadata. No system is perfectly secure. We limit what crosses into the signing service so it does not need your description, email, witness label, source-system name, or source bytes.

Contact

Summit Cognitive, Inc. · brian@summitcognitive.ai. We may update this notice as the beta evolves and will post the effective date here.