Privacy policy

Deep Ban ("Deep Ban", "we", "us") provides identity-protection infrastructure: biometric vaulting, deepfake detection, internet monitoring, and takedown automation.

This policy explains what personal data we collect, why, how we protect it, and the rights you have over it. It applies to deepban.com and all related services.

Account data: name, email, country, billing details.

Biometric reference data: faceprints, voiceprints, and signatures you upload to your vault. We store these as one-way mathematical templates inside an encrypted enclave — never as raw images or audio after enrollment is complete.

Consent rules: the policies you define for how your likeness may be used by AI systems.

Detection data: URLs, screenshots, and content fingerprints of suspected synthetic media of you, gathered through monitoring or submitted by you.

Operational data: logs, device info, IP address, and usage analytics required to run the service securely.

To run the product features you signed up for — vault, scanner, monitoring, UAIP responses, and takedown dispatch.

To produce signed evidence packs and submit takedown notices to platforms on your behalf.

To detect abuse, secure accounts, prevent fraud, and meet legal obligations.

We never sell your personal or biometric data. We never use your vault data to train third-party AI models.

Contract: to deliver the service you purchased.

Explicit consent: for biometric data processing. You can withdraw it at any time by deleting your vault.

Legitimate interests: security, fraud prevention, product analytics.

Legal obligation: tax, accounting, court orders.

Sub-processors: cloud hosting, payment processing, email delivery, error monitoring. A current list is published at deepban.com/trust.

Platform partners: when we file a takedown, the evidence pack is shared with the platform you direct us to.

Legal: we may disclose data when compelled by valid legal process. We publish an annual transparency report.

Vault templates: kept while your account is active. Deleted within 30 days of account closure.

Detection records & evidence packs: kept for 7 years to support legal follow-up unless you delete them earlier.

Logs: 90 days rolling.

AES-256 encryption at rest. TLS 1.3 in transit. Biometric templates stored in a hardware-backed enclave with split-key access.

SOC 2 Type II controls (audit in progress). Annual third-party penetration tests.

Bug bounty: security@deepban.example.

Access, correct, export, or delete your data at any time from Settings → Privacy.

Object to processing, restrict it, or lodge a complaint with your local data protection authority.

For California residents (CCPA/CPRA): you have the right to know, delete, correct, and limit. We do not sell or share for cross-context behavioural advertising.

Data is processed in the EU and US. Transfers rely on Standard Contractual Clauses and supplementary safeguards.

Deep Ban is not directed at children under 16. Parents who believe a child has created an account should contact privacy@deepban.example for removal.

We will notify you of material changes by email at least 30 days before they take effect.

Privacy questions: privacy@deepban.example.

Data Protection Officer: dpo@deepban.example.