Privacy Policy

1. Information We Collect

We collect information you provide directly to us when you create an account, use the Service, or communicate with us. This includes:

• Account information: name, email address, and organization details provided during registration
• Media content: video files and associated metadata you upload for attestation processing
• Cryptographic identifiers: Ed25519 public keys and entity IDs generated as part of the attestation protocol
• Usage data: information about how you interact with the Service, including pages visited, features used, and API calls made
• Device information: browser type, operating system, and IP address collected automatically when you access the Service

2. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve the Service
• Process attestation requests and generate cryptographic proofs
• Send you technical notices, updates, and administrative messages
• Monitor and analyze trends, usage, and activities in connection with the Service
• Detect, investigate, and prevent fraudulent transactions and other illegal activities

3. Data Storage and Security

Your data is stored on secured servers with encryption at rest and in transit. We implement industry-standard security measures including TLS 1.3 for data in transit, AES-256 encryption for data at rest, and regular security audits. Private keys used for attestation signing are never transmitted to or stored on our servers — all signing operations occur client-side.

4. Data Processing

When you upload media for attestation, we process the content to generate cryptographic hashes at multiple binding levels (bitstream, codec, perceptual, spatial, and audio). These hashes are deterministic, one-way functions — the original media content cannot be reconstructed from them. Processed attestation data may be stored for verification purposes according to your account settings and retention policies.

5. Data Sharing

We do not sell your personal information. We may share your information in the following circumstances:

• With your consent or at your direction (e.g., when you publish attestation records to a public registry)
• With service providers who assist us in operating the Service, subject to confidentiality obligations
• If required by law, regulation, legal process, or governmental request
• To protect the rights, property, or safety of Attestik, our users, or the public

6. Data Retention

We retain your account information for as long as your account is active or as needed to provide the Service. Attestation records are retained according to your organization’s configured retention policy. You may request deletion of your account and associated data by contacting us. Certain data may be retained as required by law or for legitimate business purposes.

7. Your Rights

Depending on your jurisdiction, you may have the right to:

• Access the personal information we hold about you
• Request correction of inaccurate personal information
• Request deletion of your personal information
• Object to processing of your personal information
• Request portability of your personal information
• Withdraw consent at any time where processing is based on consent

8. Cookies and Tracking

We use essential cookies required for the Service to function, including authentication session cookies. We may use analytics cookies to understand how the Service is used. You can control cookie preferences through your browser settings.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the “Last updated” date. You are advised to review this Privacy Policy periodically for any changes.

10. Contact Us

If you have any questions about this Privacy Policy, please contact us at privacy@attestik.com.