Privacy Policy
PersonaWatch, LLC ("we," "our," or "us") operates the PersonaWatch platform (the "Service"), a forensic AI detection and media verification tool accessible at personawatch.com. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.
By accessing or using PersonaWatch, you agree to the terms of this Privacy Policy. If you do not agree, please do not use the Service.
1. Information We Collect
1.1 Account Information
When you create a PersonaWatch account, we collect:
- Email address
- Password (stored as a cryptographic hash; we never store plaintext passwords)
- Authentication tokens and session data
- If you sign in via a third-party provider (e.g., Google OAuth), we receive your name and email address from that provider
1.2 Uploaded Media and Content
To perform analysis, you may upload the following types of content:
- Images (JPEG, PNG, WebP, HEIC/HEIF)
- Videos (MP4, MOV, AVI, WebM)
- Screenshots of headlines or text for fact-checking
- Screenshots of emails, messages, or communications for phishing and fraud detection
Important: Uploaded media may contain embedded metadata (EXIF data), including device information, GPS coordinates, timestamps, and camera settings. Our Service extracts and analyzes this metadata as part of the forensic analysis process.
1.3 Automatically Collected Information
When you use the Service, we may automatically collect:
- Device type, browser type, and operating system
- IP address
- Usage data such as scan counts, feature usage, and session duration
- Log data including access times, pages viewed, and error reports
1.4 Payment Information
If you purchase a subscription, payment is processed by our third-party payment processor (Stripe, Inc.). We do not store your full credit card number, CVV, or banking details. We receive only a transaction identifier, subscription status, and billing summary from the payment processor.
2. How We Use Your Information
We use the information we collect for the following purposes:
- Service Delivery: To perform AI detection analysis, deepfake detection, source attribution, metadata analysis, headline fact-checking, phishing email detection, and SMS spam text analysis on your uploaded media and content.
- Account Management: To create, maintain, and authenticate your account; track scan usage against your subscription tier; and communicate with you regarding your account.
- Service Improvement: To analyze aggregate usage patterns, diagnose technical issues, and improve the accuracy and performance of our detection models.
- Security: To detect and prevent fraud, abuse, or unauthorized access to the Service.
- Legal Compliance: To comply with applicable laws, legal processes, or enforceable governmental requests.
3. Media Processing and Data Retention
3.1 How Uploaded Media Is Processed
When you upload media for analysis, the following occurs:
- Media is transmitted via encrypted connection (TLS/HTTPS) to our processing servers.
- AI detection models analyze the media for indicators of synthetic generation, facial manipulation, and image/video manipulation.
- Embedded metadata (EXIF) is extracted and analyzed for provenance verification.
- For headline fact-checking, text extracted from images is sent to multiple third-party AI services for independent verification (see Section 5).
- For phishing email detection, text and sender information extracted from uploaded email screenshots are sent to multiple third-party AI services for claim verification and sender domain analysis (see Section 5). No email account credentials or inbox access is required or requested.
- For SMS spam text analysis, text and URLs extracted from uploaded text message screenshots are analyzed. URLs are resolved by following HTTP redirect chains via HEAD requests only — no page content is rendered or executed. The final destination domain and any claims in the message are sent to third-party AI services for verification (see Section 5).
- Analysis results are compiled and presented to you in the platform interface.
3.2 Data Retention
- Uploaded Media: Media files uploaded for analysis are processed in real time and are not permanently stored on our servers after analysis is complete. Temporary copies may exist in server memory or cache during processing and are purged upon completion or within 24 hours, whichever is sooner.
- Analysis Results: Summary results (scores, classifications, metadata summaries) may be retained in association with your account for your reference and to support report generation. These results do not include the original uploaded media.
- Account Data: Account information is retained as long as your account is active. Upon account deletion, we will remove your personal data within 30 days, except where retention is required by law.
- Server Logs: Automatically collected log data is retained for up to 90 days for security and diagnostic purposes, after which it is deleted or anonymized.
4. AI Models and Automated Decision-Making
PersonaWatch uses multiple AI and machine learning models to analyze uploaded content. These include models for AI-generated content detection, facial manipulation detection, image manipulation localization, and source attribution.
We do not use your uploaded media to train our AI models. Your content is processed solely for the purpose of providing analysis results to you. Model training is conducted using separately sourced and licensed datasets.
Analysis scores and classifications are generated by automated systems. These results are intended as investigative aids and should not be treated as definitive determinations. Human judgment and additional verification should always be applied, particularly in legal or evidentiary contexts.
5. Third-Party Services and Data Sharing
We use the following categories of third-party services in connection with the platform:
| Category | Provider(s) | Data Shared |
|---|---|---|
| Authentication | Supabase | Email, hashed password, session tokens |
| Payment Processing | Stripe, Inc. | Payment details (processed directly by Stripe; we receive only transaction IDs and subscription status) |
| AI Fact-Checking & Phishing Detection | Anthropic (Claude API), OpenAI (ChatGPT API), Perplexity AI (Sonar API) | Text and sender information extracted from uploaded images for headline verification, claim verification, phishing analysis, and SMS spam text analysis. No personally identifiable user information is transmitted. Each provider independently verifies claims using real-time web search. |
| Cloud Hosting | Railway, RunPod | Uploaded media is processed on these platforms' infrastructure during analysis |
We do not sell, rent, or trade your personal information to third parties for marketing purposes.
We may disclose your information if required to do so by law, court order, or governmental regulation, or if we believe in good faith that such disclosure is necessary to protect the rights, property, or safety of PersonaWatch, our users, or the public.
6. Data Security
We implement industry-standard security measures to protect your information, including:
- TLS/HTTPS encryption for all data in transit
- Encrypted storage for authentication credentials
- Access controls and authentication requirements for platform infrastructure
- Regular security reviews of third-party service providers
While we take reasonable precautions, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security of your data.
7. Your Rights and Choices
- Access and Correction: You may access and update your account information at any time through the platform settings.
- Account Deletion: You may request deletion of your account and associated data by contacting us at the email address below. We will process deletion requests within 30 days.
- Data Portability: You may request a copy of your data in a commonly used format.
- Opt-Out of Communications: You may opt out of non-essential communications at any time by following the unsubscribe instructions in our emails or by contacting us.
If you are a resident of California, the European Economic Area, or another jurisdiction with applicable privacy laws, you may have additional rights. Please contact us to exercise those rights.
8. Cookies and Local Storage
The Service uses browser local storage to maintain your authentication session. We do not use third-party advertising or tracking cookies. Essential session data is stored locally on your device to keep you logged in and is cleared upon logout.
9. Children's Privacy
PersonaWatch is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that a child has provided us with personal information, we will take steps to delete such information promptly.
10. International Data Transfers
PersonaWatch is operated from the United States. If you access the Service from outside the United States, your information may be transferred to, stored, and processed in the United States or other jurisdictions where our service providers operate. By using the Service, you consent to such transfers.
11. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the updated policy on the platform with a revised "Last Updated" date. Your continued use of the Service after such changes constitutes your acceptance of the updated policy.
12. Contact Us
If you have any questions or concerns about this Privacy Policy, please contact us at:
PersonaWatch, LLC
Website: personawatch.ai