← PerspectiveMap

Trust Center

One page that answers the questions parents, counselors, and students ask us most. Plain language, no legalese, linked to the primary sources.

Last updated: 2026-04-13 · Version 1.0.0

What leaves your device

When you scan your fingerprints, the image is processed inside your own browser — in a Web Worker, which is an isolated part of your phone's processor. The classifier reads the pattern, labels it (for example, "Ulnar Loop"), and discards the image immediately. Only the label is sent to our servers.

01

Your phone camera

Captures fingerprint image

On your device
02

Web Worker

Classifies pattern on-device

On your device
03

Image discarded

Never leaves your device

On your device
04

Pattern label sent

1 word per finger (e.g., "WHORL")

Sent to server

Steps 1–3 run entirely in your browser. Only the output of step 4 (a short word per finger) ever touches our servers.

You can verify this yourself. Open your browser's developer tools, go to the Network tab, clear it, and complete a scan. You will see one small API call carrying the labels — no image upload.

What we actually store

For the fingerprint feature specifically: ten pattern labels, one per finger. A confidence score. A timestamp. That is the full record.

Sample row in our database

FingerprintProfile table
{
  "leftThumb": "ULNAR_LOOP",
  "leftIndex": "PLAIN_WHORL",
  "leftMiddle": "ULNAR_LOOP",
  "leftRing": "PLAIN_WHORL",
  "leftPinky": "ULNAR_LOOP",
  "rightThumb": "PLAIN_WHORL",
  "rightIndex": "PLAIN_ARCH",
  "rightMiddle": "ULNAR_LOOP",
  "rightRing": "DOUBLE_LOOP",
  "rightPinky": "ULNAR_LOOP",
  "confidence": 0.87,
  "scannedAt": "2026-04-13T14:22:05.000Z"
}

That is the entire record. Ten words, one confidence score, one timestamp. No image data, no biometric template, nothing reconstructable back into a fingerprint.

You cannot reconstruct a fingerprint from the word "WHORL". These labels are categories that millions of people share — they are not identifying data.

Is the science real?

This is the honest answer most assessment tools avoid.

  • Dermatoglyphics (the study of fingerprint patterns) has active research correlating pattern types with neurological and cognitive traits, but the evidence base is still emerging, not conclusive.
  • We treat fingerprint pattern as one signal among six perspectives. It is capped at 15% in the scoring engine and scaled by per-user classifier confidence — never the sole driver of a recommendation.
  • When perspectives disagree (e.g., your fingerprint suggests one strength but peer feedback suggests another), we surface the disagreement rather than hide it.
  • Our classifier uses classical computer vision (orientation fields and Poincaré index for singular point detection). It classifies into 8 NIST subtypes that are standard in forensic fingerprint analysis.

If you prefer, you can use PerspectiveMap without scanning your fingerprints at all. The other five perspectives (psychometric, resume, reflection, context, peer) produce a meaningful result on their own.

For the full walkthrough — weights, known limits of each signal, how peer divergence works, and an honest read on DMIT — read our methodology page.

How we map to India's M.A.N.A.V framework

M.A.N.A.V is the Government of India's vision for human-centric AI, announced at the India-AI Impact Summit 2026. It is a framework, not a certification standard — there is no "M.A.N.A.V certified" stamp to earn. We do not claim certification, endorsement, or approval. What we do is map our actual behaviors to each of the five pillars so you can evaluate the alignment yourself.

  • Moral & Ethical Systems

    Fingerprint signal capped at 15% (reduced from 25% in April 2026) so dermatoglyphic research — still emerging — can never dominate a recommendation. Parent co-sign is required for users aged 13–17 before any fingerprint data is stored. Under-13 signups are blocked entirely.

  • Accountable Governance

    Weights, source assumptions, and scoring decisions are published on this Trust Center and in the methodology page. Every parental-consent and counselor action writes an auditable event. A public decisions log records every consequential call with the reasoning.

  • National Sovereignty

    Self-hosted on Hetzner (we dropped vendor-hosted auth and observability to avoid foreign-cloud dependency for the scoring path). Fingerprint images are processed entirely on-device, so no biometric data crosses a border. Our classifier uses classical CV, not a foreign-service API.

  • Accessible & Inclusive AI

    Smartphone-based DMIT scanning works on any phone with a camera — no ₹15,000+ hardware kit. The platform is free to students; we charge institutions (schools, Me@AI clubs), not families. Life-stage variants of the same trajectory serve students, career changers, and working professionals.

  • Valid & Legitimate Systems

    Peer-reviewed instruments (Big Five, RIASEC) sit alongside emerging-science signals. Confidence scoring is variance-based, not count-based — agreement between sources increases confidence; disagreement reduces it honestly. Hard-delete on revoke. DPDP Act data export is live.

How we make money

If a product is free and you cannot see how it makes money, you are usually the product. Here is our answer.

  • We charge institutions (schools, Me@AI clubs) for deployment and mentor tools.
  • We do not sell student data. Ever. To anyone.
  • We do not run advertising.
  • We do not share data with third parties except infrastructure providers under contract (Hetzner for hosting, Resend for email).

Security & disclosure

If you think you have found a security issue, please report it to security@vsumup.org. We respond to every report. Our disclosure policy is published at /.well-known/security.txt.

Privacy Officer: privacy@vsumup.org. That inbox is monitored by a human, not a ticketing system.

Privacy policy summary

  • What we collect: account email, age bracket, fingerprint pattern labels (if you choose to scan), questionnaire responses, resume content you paste, peer feedback, and context/experience you enter.
  • Where it lives: our PostgreSQL database, hosted on Hetzner servers in Germany, encrypted at rest and in transit.
  • Who sees it: you, your assigned counselor or mentor (if you have one), and our engineering team for support and debugging.
  • How long we keep it: until you delete it or your account. There is no automatic retention expiry — your data is yours until you say otherwise.
  • What we never do: sell data, share with ad networks, train external AI models on your data, or transfer data outside of the providers listed above.

Full policy is available on request from privacy@vsumup.org.

Delete everything

One click, hard delete. If you are signed in, go to Settings → "Delete my account". All records — fingerprint labels, questionnaire answers, resume text, reflections, peer feedback, commitments, the lot — are removed within 30 days.

If you cannot sign in, email privacy@vsumup.org from the address on your account and we will do it manually within 5 business days.