What traditional systems store
Standard conversion tracking databases contain email addresses, full names, IP addresses, user agents, form field values, and behavioral event sequences. This is PII by definition under GDPR, CCPA, and virtually every other privacy framework. If you're running this data on behalf of clients, their exposure becomes your exposure.
What HashVex stores
A cryptographic hash of the email. A campaign ID. A timestamp. A Halo 2 ZK proof. None of these are reversible to identify a person. There is no name, no email address, no IP in the attribution database — only the mathematical evidence that a specific campaign drove a conversion from a specific (anonymous) user.
How the hash works
When a user submits a form, their email is passed through SHA-256 — a one-way cryptographic function. The output is a 64-character hex string that is deterministic (same input always produces same output) but non-reversible (there is no mathematical way to recover the email from the hash). This hash is what gets stored. The email never touches the HashVex database.
Prove attribution.
Not identity.
You don't need to know who the person is to know that your campaign drove a conversion. HashVex separates those two things — keeping the attribution data and removing the privacy risk. That's not a limitation. That's the point.