Privacy Policy

Last updated: July 11, 2026

1. Introduction

PRAMPTA Inc. ("Company", "we", "us") respects your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service. PRAMPTA Inc. is the data controller for personal data processed through the Service. This policy is written to comply with the California Consumer Privacy Act (CCPA/CPRA), the EU and UK General Data Protection Regulation (GDPR), and other applicable privacy laws.

2. Information We Collect

Account Information: username, email address, and hashed password when you register. Subject Data: subject identifiers, public keys, aliases, and license configurations you submit. Uploaded Content: images you upload (such as portraits, banners, and gallery photos) and descriptions. These may depict you or another person whose likeness you have the rights and consent to upload. Images you attach to a public subject are publicly visible in the Library. Reports: if you report a subject, we collect the report details and associate them with your account so operators can follow up. Usage Data: verification requests, API calls, timestamps, and audit log entries. Technical Data: IP addresses, browser type, and device information collected automatically. We do NOT collect: social security numbers, financial account numbers (payments, where offered, are handled by third-party processors), or precise geolocation.

3. Images, Likeness & Biometric-Adjacent Data

Images of identifiable people are sensitive by nature, and some laws (such as the Illinois Biometric Information Privacy Act and GDPR Article 9) treat biometric identifiers derived from them as a special category. Our approach: we store uploaded images exactly as you provide them; we do NOT generate biometric identifiers, faceprints, voiceprints, or face-recognition templates from them; and we do not use them to identify or recognize individuals. Images are used only to display the subject in the Service and to document what identity a registration covers. Registering an identifiable living person requires that person's consent (see the Terms of Service, "Likeness & Identity Consent"). You may delete uploaded images at any time from the subject's settings; deletion removes them from display and storage.

4. How We Use Your Information & Legal Bases

We use collected information to: (a) provide and maintain the Service — performance of our contract with you; (b) process verification requests and maintain cryptographic audit trails — performance of contract and our legitimate interest in the integrity of the registry; (c) communicate with you about your account — performance of contract; (d) detect and prevent fraud or abuse — legitimate interest; (e) comply with legal obligations — legal obligation. Where we rely on consent (for example, optional communications), you may withdraw it at any time.

5. Data Sharing & Sub-processors

We do not sell your personal information. We may share data with: (a) AI providers — only the verification result (allowed/denied) in response to their API requests; (b) service providers acting on our instructions (categories: cloud hosting and storage, email delivery, payment processing where offered); (c) law enforcement when required by law; (d) in connection with a merger, acquisition, or sale of assets, with notice to you. Service providers are bound by data-processing agreements and may not use your data for their own purposes.

6. International Data Transfers

Our infrastructure is operated in the United States and in other locations where our service providers operate. If you access the Service from the EEA, the UK, or other regions with data-transfer restrictions, your information is transferred to the United States. Where required, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses (and the UK Addendum) for such transfers.

7. Data Retention

Account data is retained while your account is active. Audit log entries are retained indefinitely as they form a cryptographic chain required for protocol integrity. You may request deletion of your account data, but audit entries (which contain only event metadata, not personal content) will be retained. Uploaded images are deleted when you remove them or delete the subject they belong to.

8. Your Rights

California (CCPA/CPRA): you have the right to know what personal information we collect, use, and disclose; to request deletion; to correct inaccurate information; to opt out of sale or sharing (we do not sell your data); to limit use of sensitive personal information; and to non-discrimination for exercising these rights. We honor Global Privacy Control (GPC) signals as an opt-out of sharing where applicable. EEA/UK (GDPR): you have the right of access, rectification, erasure, restriction, portability, and objection, and the right to withdraw consent where processing is based on consent. You also have the right to lodge a complaint with your local supervisory authority. To exercise any of these rights, contact privacy@prampta.com. We respond within the timelines required by applicable law (45 days under CCPA, one month under GDPR, extendable where permitted). We will verify your identity before acting on a request.

9. Cookies & Local Storage

We use essential storage only: authentication tokens kept in your browser's localStorage to maintain your session (functionally similar to an essential cookie), and a record of your cookie-banner choice. We set no third-party tracking cookies, no advertising cookies, and use no analytics or behavioral tracking.

10. Security & Breach Notification

We implement industry-standard security measures including: encryption in transit (TLS), Ed25519 cryptographic signatures, hash-chained audit logs, and access controls. However, no method of transmission over the Internet is 100% secure, and we cannot guarantee absolute security. If a breach affecting your personal data occurs, we will notify you and the relevant authorities without undue delay, as required by applicable law (including within 72 hours to supervisory authorities where GDPR applies).

11. Children's Privacy

The Service is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child, we will delete it promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time. For material changes we will provide notice (for example by email or a prominent notice in the Service) before they take effect, in addition to posting the new policy on this page and updating the "Last updated" date.

13. Contact Us

For privacy-related inquiries: PRAMPTA Inc. Email: privacy@prampta.com California, United States EEA/UK residents may also contact their local data protection authority.
PRAMPTA — Generative Rights Registry