Privacy Policy

SafeguardMedia ("we," "our," or "us") is committed to protecting your privacy and personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our media verification platform and related services (collectively, the "Services").

By accessing or using our Services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with this Privacy Policy, please do not use our Services.

This Privacy Policy is designed to comply with the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and other applicable data protection laws.

2.1 Information You Provide

We collect information that you voluntarily provide when using our Services:

• Account Information: Name, email address, password, organization name, and contact details when you register for an account.
• Payment Information: Billing address, payment method details (processed securely through our payment processors), and transaction history.
• Profile Information: Additional information you choose to add to your profile, such as profile pictures, job title, and preferences.
• Communications: Content of messages, feedback, support requests, and other communications you send to us.

2.2 Media Files and Content

When you use our verification services, we collect and process:

• Uploaded Media: Images, videos, audio files, and documents you upload for analysis.
• Extracted Metadata: EXIF data, geolocation information, timestamps, device information, and other embedded metadata from your media files.
• C2PA Data: Content provenance and authenticity information embedded in media files.
• Analysis Results: Integrity scores, authenticity assessments, manipulation detection results, OCR text extraction, timeline verification data, and other analysis outputs generated by our Services.
• Batch Processing Data: Information about batch operations, processing status, and aggregated results.

2.3 Automatically Collected Information

We automatically collect certain information when you access our Services:

• Usage Data: Pages visited, features used, time spent on pages, navigation paths, and interaction patterns.
• Device Information: IP address, browser type and version, operating system, device type, unique device identifiers.
• Log Data: Server logs, error reports, API requests, and system performance metrics.
• Cookies and Tracking: Session cookies, authentication tokens, and analytics data (see Section 8 for details).

2.4 API Usage Data

If you use our API services, we collect:

• API keys and credentials
• API request logs and response times
• Rate limit and quota usage
• Integration metadata

We use the collected information for the following purposes:

3.1 Service Provision

• Provide, operate, and maintain our media verification Services
• Process and analyze uploaded media files
• Generate authenticity reports and integrity assessments
• Store and manage your media library
• Execute batch processing operations
• Deliver timeline and geolocation verification results

3.2 Account Management

• Create and manage your account
• Authenticate your identity and maintain security
• Process payments and manage subscriptions
• Communicate account-related information

3.3 Service Improvement

• Analyze usage patterns to improve our algorithms and features
• Conduct research and development for new verification technologies
• Train and improve our AI and machine learning models
• Optimize system performance and reliability
• Debug and resolve technical issues

3.4 Communications

• Send service updates, security alerts, and administrative messages
• Respond to your inquiries and support requests
• Provide customer service and technical support
• Send marketing communications (with your consent, where required)

3.5 Legal and Security

• Comply with legal obligations and law enforcement requests
• Enforce our Terms and Conditions
• Detect, prevent, and address fraud and security issues
• Protect our rights, property, and safety

3.6 Analytics and Business Intelligence

• Generate aggregated, anonymized statistics and insights
• Understand user behavior and preferences
• Measure the effectiveness of our Services

For users in the European Economic Area (EEA), we process your personal data based on the following legal grounds:

• Contractual Necessity: Processing is necessary to perform our contract with you (providing the Services).
• Legitimate Interests: Processing is necessary for our legitimate interests in operating, improving, and securing our Services, provided these interests are not overridden by your privacy rights.
• Consent: You have given explicit consent for specific processing activities (e.g., marketing communications).
• Legal Obligation: Processing is necessary to comply with legal requirements.

5.1 Data Storage

• Cloud Infrastructure: Your data is stored on secure Amazon Web Services (AWS) infrastructure, primarily in the US East region (us-east-1).
• Media Storage: Uploaded media files are stored in encrypted AWS S3 buckets with restricted access controls.
• Database: Account information and analysis results are stored in secure, encrypted databases.
• Backup: Regular backups are performed to ensure data availability and disaster recovery.

5.2 Security Measures

We implement industry-standard security measures to protect your data:

• Encryption: Data is encrypted in transit using TLS/SSL and at rest using AES-256 encryption.
• Access Controls: Strict access controls and authentication mechanisms (including JWT tokens with automatic refresh).
• Monitoring: Continuous security monitoring and logging of system access and activities.
• Security Audits: Regular security assessments and vulnerability testing.
• Employee Training: Staff are trained on data protection and security best practices.
• Incident Response: Documented procedures for responding to security incidents.

5.3 Data Retention

• Active Accounts: Data is retained as long as your account is active.
• Inactive Accounts: Accounts inactive for 24 months may be subject to deletion after notification.
• Deleted Content: Deleted media files are permanently removed from our systems within 30 days.
• Account Closure: Upon account deletion, your data is removed within 90 days, except where retention is required by law.
• Legal Requirements: Some data may be retained longer to comply with legal, tax, or regulatory obligations.
• Aggregated Data: Anonymized, aggregated data may be retained indefinitely for analytics and research.

We do not sell your personal information. We may share your information in the following limited circumstances:

6.1 Service Providers

We share data with trusted third-party service providers who assist in operating our Services:

• Cloud Hosting: Amazon Web Services (AWS) for infrastructure and storage
• Payment Processing: Payment processors for subscription and billing management
• Analytics: Analytics providers to understand usage patterns (with anonymization where possible)
• Email Services: Email service providers for transactional and marketing communications
• Customer Support: Support ticket and communication platforms

All service providers are contractually obligated to protect your data and use it only for specified purposes.

6.2 Legal Requirements

We may disclose your information if required to do so by law or in response to:

• Valid legal processes (subpoenas, court orders, warrants)
• Government or regulatory requests
• Legal claims or disputes
• Protection of our rights, property, or safety
• Prevention of fraud, security threats, or illegal activities

6.3 Business Transfers

In the event of a merger, acquisition, reorganization, or sale of assets, your information may be transferred to the acquiring entity. You will be notified of any such change and your options regarding your data.

6.4 With Your Consent

We may share your information for other purposes with your explicit consent.

You have the following rights regarding your personal information:

7.1 Access and Portability

• Right to Access: Request a copy of the personal information we hold about you.
• Data Portability: Receive your data in a structured, machine-readable format and transfer it to another service provider.

7.2 Correction and Update

• Update your account information through your account settings.
• Request correction of inaccurate or incomplete data.

7.3 Deletion

• Right to Erasure: Request deletion of your personal information, subject to legal retention requirements.
• Account Deletion: Delete your account through account settings or by contacting support.
• File Deletion: Delete individual uploaded files from your library at any time.

7.4 Restriction and Objection

• Restrict Processing: Request limitation of how we process your data in certain circumstances.
• Object to Processing: Object to processing based on legitimate interests or for direct marketing purposes.

7.5 Withdraw Consent

• Withdraw consent for marketing communications at any time.
• Opt out of non-essential cookies through your browser settings.

7.6 Exercising Your Rights

To exercise any of these rights, please contact us at privacy@safeguardmedia.com. We will respond to your request within 30 days (or as required by applicable law). You may also lodge a complaint with your local data protection authority.

8.1 Types of Cookies We Use

• Essential Cookies: Required for authentication, security, and basic functionality (e.g., session management, JWT tokens).
• Functional Cookies: Remember your preferences and settings.
• Analytics Cookies: Help us understand how you use our Services and improve performance.
• Marketing Cookies: Track your interactions for advertising purposes (only with your consent).

8.2 Managing Cookies

You can control cookies through your browser settings. Note that blocking essential cookies may affect the functionality of our Services. Most browsers allow you to:

• View and delete cookies
• Block third-party cookies
• Block all cookies
• Delete cookies when you close your browser

8.3 Local Storage

We use browser local storage to maintain session state and improve user experience. This includes storing authentication tokens and user preferences locally on your device.

Your information may be transferred to and processed in countries other than your country of residence, including the United States where our primary servers are located. These countries may have different data protection laws.

When we transfer personal data from the EEA or UK to other countries, we implement appropriate safeguards such as:

• Standard Contractual Clauses approved by the European Commission
• Adequacy decisions by the European Commission
• Other legally approved transfer mechanisms

Our Services are not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a child, please contact us immediately at privacy@safeguardmedia.com, and we will promptly delete such information.

Our Services may contain links to third-party websites, applications, or services that are not operated by us. We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party services you access.

Our use of third-party service providers (such as AWS, payment processors, and analytics providers) is governed by our contracts with them and their respective privacy policies.

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

• Right to Know: Request disclosure of the categories and specific pieces of personal information we collect, use, and disclose.
• Right to Delete: Request deletion of your personal information.
• Right to Opt-Out: Opt out of the sale of personal information (note: we do not sell personal information).
• Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.

To exercise these rights, contact us at privacy@safeguardmedia.com. We will verify your identity before processing your request.

In the event of a data breach that affects your personal information, we will notify you and relevant authorities as required by applicable law. Notifications will include:

• Nature of the breach
• Types of information affected
• Steps we are taking to address the breach
• Recommended actions you can take to protect yourself

We maintain an incident response plan to quickly identify, contain, and remediate security incidents.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other operational needs. We will notify you of material changes by:

• Posting the updated Privacy Policy on our website with a new "Last Updated" date
• Sending an email notification to your registered email address
• Displaying a prominent notice within our Services

Your continued use of the Services after such notification constitutes acceptance of the updated Privacy Policy. We encourage you to review this Privacy Policy periodically.

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

For GDPR-related inquiries, you may also contact your local data protection supervisory authority.

By using our Services, you acknowledge that you have read and understood this Privacy Policy and agree to the collection, use, and disclosure of your information as described herein.