# Privacy Policy

**Version:** privacy-v1
**Effective date:** 2026-05-18

> ⚠ PLACEHOLDER TEXT — NOT LEGALLY REVIEWED. Replace before launch.

## 1. What we collect

- **Account data:** email address, display name, hashed password (if email/password sign-in).
- **Identity verification data:** government-issued photo ID, live selfie, output from our verification provider.
- **Biometric identifiers:** face geometry embedding, voice fingerprint embedding. See the Biometric Data Consent Agreement for details.
- **Monitoring data:** URLs and metadata of content that appears to copy your likeness; screenshots of such content.
- **Usage data:** IP address, browser/user-agent, action timestamps. Logged in the audit_logs table for compliance.
- **Billing data:** processed by Stripe — we never see your full card number.

## 2. Why we collect it

To provide the service: verifying your identity, scanning for impersonations, generating content credentials, filing takedowns on your behalf, processing payment.

## 3. Who we share it with

We use the following subprocessors. We will publish an up-to-date subprocessor list at signet.liteshare.org/legal/subprocessors.

- Supabase (database, authentication, file storage)
- Stripe (payment processing)
- Resend (transactional email)
- Persona (identity verification — when wired)
- PimEyes (reverse face search — when wired)
- Have I Been Pwned (data breach lookups — when wired)

We do not sell or rent personal information.

## 4. Your rights

Regardless of jurisdiction we extend the following to all users:

- **Access** — export a copy of your data.
- **Deletion** — request full deletion; processed within 30 days.
- **Correction** — update inaccurate information.
- **Portability** — export in a machine-readable format.
- **Withdrawal of consent** — revoke biometric consent at any time.

California residents have additional rights under the CCPA/CPRA. Washington residents covered by the My Health My Data Act receive additional disclosures applicable to consumer health data, including biometric identifiers.

## 5. How we protect your data

- Encryption in transit (TLS 1.2+).
- Encryption at rest (platform-level + application-layer for biometric identifiers).
- Strict access controls; every sensitive access is audit-logged.
- 2FA available; required for Guardian tier.

## 6. Retention

We retain personal data for as long as your account is active, plus a maximum of three years after closure unless a shorter window is required by law. Audit logs are retained for at least one year for compliance.

## 7. Children

Signet is not directed to children under 18 and we do not knowingly collect data from anyone under 18.

## 8. Changes to this policy

Material changes will be announced via email and require renewed consent before continued use of biometric features.

## 9. Contact

Privacy questions: privacy@signet.liteshare.org